ArabianBusiness.com - Middle East Business News
Friday, 09 January 2009 03:32 UAE time

YOUR DIRECTORY /

Print this page Print this page | Email this to a friend Email this to a friend | Discuss this article (0 Comments) |

Con game, blame game

by This email address is being protected from spam bots, you need Javascript enabled to view it  on Monday, 27 October 2008
There is the possibility of data leaking from a bank – intentionally or unintentionally. - Judhi Prasetyo, Middle East consulting manager at Fortinet.
There is the possibility of data leaking from a bank – intentionally or unintentionally. - Judhi Prasetyo, Middle East consulting manager at Fortinet.

While experts debate on how the recent spate of card frauds could have occurred in the UAE, there is no doubt that banks need to step up their security measures, and regulations have to catch up.

A major case of card fraud, affecting multiple customer accounts, rocked major UAE banks last month. The fraud, which affected banks including Dubai Bank, National Bank of Abu Dhabi, HSBC and Lloyds TSB, involved the theft of untold amounts of money.

Very little is known about how this important and supposedly secure data was accessed, leading to much speculation within the finance community. With the banks silent on what exactly occured, customers and security experts have been left to wonder on how the breach could have happened.

Story continues below
advertisement

Banks in the UAE have been testing security applications manually. The downside to this method is that it is a time consuming process.

"There are many different types of card fraud, or fraud using cards, from the simplest ATM machine compromises, to high-end network hacks. Criminals sometimes try a combination of different methods to get the information they need. My reaction is that this was fairly well planned, and it was carried out in order to get maximum impact as soon as possible, so that the criminal could benefit as soon as possible," says Richard Archdeacon, part of Symantec EMEA's security practice.

"What was interesting about the recent reports is the loss of card activity that occurred outside the region. In other words, there was a definite attempt to take the information and turn it into cash very rapidly. And this is one of the characteristics of the underground economy. The criminals will band together, or they will send their information onto other criminals, and they will then use it internationally to get money," he added.

While customers themselves make for easier targets, most experts agree with Archdeacon, stating that the sheer scale of the breach indicates a focused attack, where a whole amount of data was stolen for rapid use across the world.

"There is the possibility of data leaking from a bank - intentionally or unintentionally. When an employee who has sensitive data on his PC accesses a website not related to work, a spyware or keylogger can be placed in his system without his knowing.

This will start stealing the customer information on the PC, and sending it out through the same site, and the employee will not even know," points out Judhi Prasetyo, Middle East consulting manager at Fortinet.

While many industry experts believe that banks in the region, like their global counterparts, have invested heavily in network security, a lot more work is warranted in the area of card security as well as educating customers on the travails of internet banking.

One of the suggestions from security experts is for card companies in the region to make the switch from magnetic stripe cards, to chip-card, or chip-and-PIN technology.

This system requires both the customer's personal details and a microchip contained within the card to be present at any particular time for a transaction to be processed.

"Banks in the UAE have been testing security applications manually. The downside to this method is that it is a time consuming process and you couldn't do as thorough a testing as required to ensure that no hacking is possible. The only way to circumvent that is to have EMV or chip-based cards and to do your testing as frequently as required, making sure you are always compliant with the latest EMV mandate that sets the standards," says regional director of Level Four software, Issa Keshek.

Meanwhile, others are calling for better laws and regulations to monitor and control the way banks handle breaches across the region. Cambridge University professor of security engineering, Ross Anderson says the way for the UAE to move forward is to adopt a system akin to the US regulatory scheme.

Whether with new laws, or by customer insistence, it is clear that with this attack, banks and financial institutions will have to gear up and become alert to security in the future. The clock is ticking.

Print Print | Email Email | Discuss this article |


READERS' COMMENTS


Click here to post a comment


Add your Comment
All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Name *
Remember me on this computer
Email *
(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Security Code * Code


Please click post only once - your comment will not be published immediately.


MORE FROM ARABIANBUSINESS.COM

TOP IN MIDDLE EAST TECHNOLOGY

  1. Qtel signs deal to improve internet services
  2. Repairs completed to undersea internet line
  3. Qtel says Vodafone competition 'good for customers'
  4. At least 50,000 UAE computers 'infected'
  5. Qtel campaign offers free landline connection

TOP MIDDLE EAST BUSINESS STORIES

  1. Kuwait's Global defaults amid global crunch
  2. Dubai World postpones Las Vegas hotel
  3. Moody's downgrades Bahrain bank outlooks
  4. Logistics firm sees 15% rise in business amid global crisis
  5. Gulf region's 2009 growth forecasts slashed

ALSO IN MIDDLE EAST TECHNOLOGY

  1. Microsoft officially releases Windows 7 beta
  2. Colado takes reins of EMEA operations at Novell
  3. Macworld Conference 2009
  4. IN PICS: The Gadget Show
  5. Vodafone Qatar mobile roll-out by end of 2009

LATEST MIDDLE EAST BUSINESS FEATURES

  1. Education: Business class
  2. Construction & Industry: Gloved up
  3. Culture & Society: Death by a thousand pies
  4. Energy: Supply sentinels
  5. Construction & Industry: Warming to wood
From  Current Issue

RELATED STORIES

Level Four Middle East
| 1 story
    Symantec
    | 116 stories
    1. Data central
      8 Dec '08 | Features
    2. Back to the future
      3 Dec '08 | Features
    3. A chat with Thompson
      16 Nov '08 | Interviews

    RELATED LINKS

    1. Level Four Middle East»
    2. Symantec»
    Related links open in a new window and are not endorsed by ArabianBusiness.com.

     EMAIL ALERTS

    1. Level Four Middle East

    2. Symantec

    3. Technology



    Rich List 2008

    MOST POPULAR TECHNOLOGY STORIES

    EMIRATES ID DOWNLOAD

    READER COMMENTS

    1. The Future of VoIP: Where can it take you? 1
      08 Jan ' 09 at 12:49
      You were aware this column was to be published in the UAE, weren't you? Where VoIP is banned because it would undermine the antiquated...  More »
    Read all user comments >

    BUSINESS FEATURES

    Getting personal

    What is a website if you don’t have your very own personalised email, such as email@youraddress.com?

    Get a website

    Setting up a professional-looking website in a relatively short space of time is usually quite easy.

    A penny saved is a penny earned

    ACN takes a look at the potential impact of the global financial crisis on the IT budgets in the Middle East.

    BUSINESS INTERVIEWS

    Leap of faith

    Mohamed El-Fatatry ditched his cosseted Dubai lifestyle to move to Finland and launch a Muslim web portal.

    Etisalat hears the call for growth

    Etisalat is branching out from its core business into the information and communications sector.

    Software solutions

    IBS’s Deepak Garg on how to keep revenues in synch with your costs, even in times of a global crisis.

    MORE FROM ARABIANBUSINESS.COM

    JOBS

    Jobs

    SPECIAL REPORTS

    Special Reports

    SURVEYS & REPORTS

    Research

    PROPERTY

    property