E-mail Article
Printer Friendly
Share Article
UAE urged to adopt chip-and-pin
UAE banks are being urged to adopt chip-and-pin technology to prevent a repeat of last week’s wide-scale card fraud, in which potentially thousands of customers had money stolen out of their accounts.
Experts have said chip-and-pin technology, used in Europe and other developed nations, would make the country’s banking system much more secure and reduce the possibility of a repeat of the fraud, UAE daily Emirates Business reported on Saturday.
With chip-and-pin technology customer information is held on a microchip in the card, more secure than the conventional magnetic strip, and a PIN number rather than a signature is used to verify some is the genuine cardholder.
Last week thousands of people were frantically calling bank customer care centres and queuing at ATM machines after receiving SMS messages warning them to change the PIN numbers on all their debit cards.
Some customers also had their cards cancelled as banks scrambled to limit the extent of the problem after a spree of fraudulent withdrawals from both inside and outside of the UAE.
Lloyds TSB, HSBC, Citibank, National Bank of Abu Dhabi and Dubai Bank are among lenders that have sent statements warning customers of the threat.
Banks have been reluctant to reveal the scale of the fraud, with Dubai Bank the only lender so far to detail how many of its customers have been affected – standing at 42.
No bank has revealed how much money has been stolen, although there have been reports of individuals losing up to 26,000 dirhams ($7,000). Most banks have agreed to reimburse affected customers.
Quick Links(Residental)
Filter by address:
Comments 1-4 of 4
Posted by CardSwitch Technology Ltd., London, UK on 17 September 2008 at 13:42 UAE time
We in CardSwitch Technology Ltd, offer a system that enables cardholders to apply an 'electronic' lock and key to their cards. Our system enables cardholders to set their own user limits, thereby blocking and unblocking their cards at will. Our system makes it quite useless for hackers/fraudsters to skim cards.
Some of the banks in UAE are aware of our solution. Card Skimming will be a thing of the past once our system is utilized by the cardholders and the issuing banks.
Posted by Boby Joseph, Dubai, United Arab Emirates on 14 September 2008 at 13:48 UAE time
I have in past years repeatedly asked the banks if they would give me a CHIP based credit and ATM card, and many a times the customer support exec did not even understand what was I referring to and many a times I was given an explanation 'It is relatively safer here', However, I was always paranoid on this magnetic strip because, school kids could just decode it and copy it, and my experience has been most of the shop keepers even failed to verify a signature. However, the fraud here can be of any type and chip and pin will offer no security if the data has been siphoned off at the back end and if they would have entered backdoors. Hence, the only way the bank can protect you is periodically check and plug a hole and inform the customer to change the PIN, that I think most of the banks did this time. However, electronic lock and key is the same as a mechanical lock and key hence, the only best security is to minimize the damage and make it difficult and expensive for hackers to open through. Having said, that there will never be a fool proof and impermeable system exactly like there can never be a lock which can not be opened.
Posted by Alex Malouf, Riyadh, Saudi Arabia on 14 September 2008 at 10:45 UAE time
Amazing. The banks mess up so the customer suffers. Even though my bank Standard Chartered was not involved they're insisting on changing the pins even for us souls traveling outside of the UAE. Plus is anyone picking up at their call centre? No. So what do we do? Cut business trips short so we can access our own money? This whole mess is a disgrace and I couldn't imagine it happening anywhere else.
Posted by SecExpert on 14 September 2008 at 00:03 UAE time
I would tend to disagree with the entire direction of this article. It all stems from the fact that inaccurate information combined with non-analytical reporting makes more "media blunders" than anything else.
It is important to understand that the cards being compromised are predominantly debit cards. The fraudulent transactions are taking place in the form of ATM withdrawals and are not POS transactions. Therefore, it means that the PIN has already been compromised. It makes no difference whether you have chip & pin or a magstripe card in this case, as both cards in the ATM require the same PIN which the fraudsters have already obtained. The only advantage of a chip and pin card is that it cannot be used for POS purchases without having a PIN. Fraudsters who scale such volume of transactions do so using "white cards" which they cannot use in POS purchases for obvious overheads.
So, maybe a little more understanding on the subject combined with proper research will probably guide the article in the right direction.