One of the outcomes of coronavirus has been a hastened shift towards digital financial services in the UAE and regionally. While this was already occurring well before the pandemic, the unique circumstances of 2020 have accelerated the process.
In an April interview with Arabian Business, Samer Soliman, Network International’s Middle East managing director, called the coronavirus a “tipping point” for the adoption of digital payments solutions in the region, while a joint study by Dubai Economy and Visa published earlier this month said the UAE had the highest online annual spend per online shopper in the Middle East, North Africa and South Asia – $1,648 – and that cashless payments were growing faster than expected in the country.
However, this transition has coincided with a large uptick in financial cybercrime. This is one of the areas in focus at GISEC, the region’s largest cybersecurity expo and part of GITEX Technology Week, which runs until December 10.
According to figures shared with Arabian Business by Kaspersky, the cybersecurity firm, the first half of this year saw a 45 percent increase in financial malware, compared to the same period in 2019. The UAE saw the third-highest jump regionally – 42.5 percent – over this period.
“This increase could be related to the increased reliance on the internet for shopping, banking and streaming,” said Emad Haffar, head of technical experts for the Middle East, Turkey and Africa at Kaspersky.
Nature of the threat
He said that while attacks on financial institutions tend to be more sophisticated than those targeting individuals, they former tend to be heavily dependent on phishing. “In a simple scenario, certain employees in selected institutions could be targeted with a spear-phishing email that will attempt to convince the reader to click the link or open the attachment in the email.
“This action usually downloads malware into their machine and the sequence of the attack initiated. Earlier this year we’ve identified and reported on such a scheme being used successfully in a cyberattack against financial institutions in the region, including the UAE.”
Haffar added that the region’s increased preference for storing debit and credit cards on smartphones for making NFC payments could potentially expose people to new cybercrime avenues. “For instance, because the card details are stored on the phone, we now have to consider the state and safety of the device itself, the way transactions are performed and authorised using the phone in comparison to the physical card.”
Whether you’re using old-school plastic or a digital version of your credit or debit card on a smartphone, Haffar highlighted three major security practices to be aware of:
- Report any unusual issue “From losing a card to unexpected charges, report anything out of the ordinary to your bank immediately.”
- Make sure you pay online safely “In brief, your device should be malware-free, your network should be secured and the connection must be encrypted. Use a security solution, verify the details of the site before paying, don’t use public Wi-Fi and use a VPN.”
- Avoid phishing “One very popular criminal tactic involves sending an email pretending to be from your bank, online retailer or online service provider. These emails could say that you have to ‘confirm your account details’, ‘check a suspicious withdrawal’ or ‘confirm delivery address’. When you click the link, you’ll be taken to a fake website that mimics the bank/retailer/provider site and then asked to enter personal information such as your password or credit card details.”
Payments provider perspective
Ajay Bhalla, president for Cyber & Intelligence at Mastercard, said a multi-layered suite of AI-powered security tools helped the global payment services firm avoid $20 billion of fraud-related losses for governments, banks, merchants and consumers in 2019.
“Looking to the future, we see AI playing an even greater role. Taking mobile commerce as an example, behavioural analytics can analyse the passive biometrics of how we interact with our phones, building up a picture of the unique way we type, swipe or navigate websites and apps. From that collection of individual data points, a unique user profile can be created that is difficult to spoof, thereby preventing fraud and unauthorized access.”
Bhalla pointed to insights gathered by Mastercard’s NuData technology as evidence of the pandemic-related uptick in cyberattacks. “The creation of fake accounts for fraudulent use increased 500 percent during the pandemic, and 96 percent of login attacks on financial institutions over the first half of 2020 were sophisticated, designed to emulate human behaviour.”
He highlighted how these attacks are growing increasingly sophisticated with an example. “We recently pinpointed an attack having noted hundreds of devices attempting to log in from a phone that reported itself as lying flat on its back. The speed at which the credentials were typed was simply impossible for someone using a phone lying on a table.”
With the Mastercard network processing billions of transactions annually – each of which needs to analysed for potential fraud in milliseconds – it’s natural that the company has invested heavily into AI that can handle a job beyond human capacity.
“We filed 31 AI-related patents in 2019, one of the highest numbers recorded across any organisation,” explained Bhalla. “One of our solutions, Decision Intelligence, uses advanced AI and machine learning technologies to help banks increase the accuracy of real-time approvals for genuine transactions and reduce false declines.”
Follow us on
