Tech chief slams UAE banking security

GITEX: Trend Micro CTO says bank security in Gulf state can only protect against 'school kids'.

  • E-Mail
By  Alex Delmar-Morgan Published  October 20, 2008

The head of technology at internet security giant Trend Micro has slammed the security of UAE banking systems in the wake of the recent ATM card fraud scandal.

Speaking to Arabian Business on the sidelines of the Gitex technology exhibition, chief technology officer (CTO) Raimund Genes said bank security in the Gulf state could only protect against "school kids" and not professional criminals.

"The security is not good here. The security measures implemented here protect against school kids who hack into computers, but don’t protect well against guys who have the money to pay somebody to attack a specific company," Genes said in an interview on Monday.

Genes called on banks to implement two-factor authentication technology in order to beef up security.

Two-factor authentication is where two separate pieces of information are needed in conjunction to authenticate a person's identity.

Thousands of UAE bank customers had money stolen out of their accounts in September by criminal gangs using counterfeit cards to access local accounts from abroad.

Customers across the Gulf state were bombarded with text messages warning them to change the PIN numbers on all cards, with some also having their cards cancelled as banks scrambled to limit the extent of the problem.

Lloyds TSB, HSBC, Citibank, National Bank of Abu Dhabi and Dubai Bank are among lenders that have sent statements warning customers of the threat.

Banks have been reluctant to reveal the scale of the fraud, with Dubai Bank the only lender so far to detail how many of its customers have been affected - standing at 42.

No bank has revealed how much money has been stolen, although there have been reports of individuals losing up to 26,000 dirhams ($7,000). Most banks have agreed to reimburse affected customers.

Officials at several banks have said they have identified a breach at a UAE-based bank as the source of the fraud, which allowed unauthorised people to obtain sensitive data such as pin numbers and information from magnetic strips on the back of the cards, according to local media reports.

The data were then used to produce counterfeit cards to make illegal transactions in dozens of countries.

The Central Bank of the UAE has launched an investigation.

3891 days ago
DG

I have no doubt that the banks have been negligent and that this issue was an inside job (not from card skimming as reported in the news) But 2x times in the last year I have myself reports viruses that Trend Micro did no detect and you've left a customer unprotected for 1 month while the incompetent distributors flapped around and fobbed me off. So the writer has no right to talk about protecting banks when their systems cannot even protect a 20 user SMB. I know it's Gitex week but get off your high horse and deliver the protection about which you speak.

3894 days ago
Boby Joseph

Although the Tech Chief in all good faith wants to convey the right thing but, his present position as a CTO of security protection company undermines his statement because people consider that as a sales talk. I have been working in the field he mentions for the past 18 years and I am yet to see it all. In the business of security one thing needs to be understood as long as there is a lock there is always a key available. However, most of the breach happens not because of the lock not being good, it just happens because we are careless about the key and where to put the lock. I believe most the banks in UAE have substantially invested in a very good lock but may require to have second look at those keys. And in most of the cases the breach is internal than external. Just to quote from my experience " Most professional criminals use school kids, nerds, and geeks from colleges to get their work done"

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code