Financial fraudsters aren’t always as sophisticated as you’d think
Innovative technologies, like biometrics and tokenisation, can reduce financial crime, but there is no substitute for keeping your wits about you
By Jamal Salah, Director General (UAE Banks Federation)
When we think of financial crime and fraudsters, we often picture a complex web of criminals with an acute set of skills, hacking into intricate banking networks and stealing huge amounts of money and data. The reality, though, is that many financial fraudsters aren’t those sophisticated hackers with highly technical capabilities; but are merely opportunists, exploiting the weakest link in the security chain – i.e. human behaviour.
As technology becomes increasingly advanced, the global banking industry is witnessing a rise in fraud cases, and the UAE is no exception. In its 2018 annual report, Central Bank of the UAE recorded an 18.2% year-on-year increase in suspected fraud amongst banks and other financial, commercial and economic entities . This may seem counter-intuitive, as the introduction of new cutting-edge technology should mean better security. If it is so, then why is cybercrime increasing? The answer is that Innovative developments like biometrics and tokenisation can only solve so much. As importantly, customers must keep their wits about them, stay up to date with fraud trends, and sharpen their tech-skills to protect themselves.
Cyber threat intelligence tells us that the most common type of fraud customers fall victim to is “phishing”. Phishing is a form of attack where a criminal, masquerading as a trusted entity like a bank or employment agency, fools someone into clicking a link or attachment in a message or email which will install malware on that person’s device and therefore steal data, such as login credentials, and credit card details. In the first quarter of this year, there were 1,101,745 phishing attacks in the UAE, a 12% increase compared to the same period last year, according to global cyber security company Kaspersky Labs .
By playing on human vulnerabilities and curiosity, this type of scam is somewhat easy to pull off. However, it’s just as easy to avoid.
You should never click on links that appear in random emails and messages unless you are absolutely certain that they are from a trusted source. One way to check is by installing an anti-phishing toolbar on your internet browser. These toolbars run quick checks on the websites you visit against known phishing sites. If you’re on a malicious site, you’ll be instantly alerted. Another way is to hover over the link and read its address, without clicking it, which in many cases would prove to be alien to you. And, always read the URL address of any page that you are re-directed to before entering credentials.
Credit card fraud is a wide-ranging term, but one of the most prevalent global methods used to commit this type of fraud is called “card skimming”. Skimming refers to fraudsters mounting a device on a payment terminal, such as an ATM, which captures all the details stored in a card’s magnetic strip, and transmits the information to nearby criminals. This type is relatively uncommon in the UAE, but leaves victims completely blindsided and wondering how money left their accounts when their cards never left their possession.
How can you spot a card skimmer and what precautions can you take? First, be mindful when you make financial transactions. Pay attention if parts of the credit card reader or ATM card insert edges are loose, and check if the pin pad is thicker than normal. If so, it may have been tampered with. You should also get into the habit of regularly checking your credit card accounts and bank statements. If you see any suspicious activity, you should immediately report it to your bank or card issuer.
While there is a need for customers to be more vigilant, the onus is also on banks and businesses to stay abreast of the latest cybercrime trends, and take the necessary steps to prevent fraud. The UAE has introduced strong laws to punish fraudsters, and banks continue to invest heavily in counter-fraud measures and initiatives in line with international best practices.
One particularly effective initiative that streamlines anti-cybercrime efforts is Tasharuk - an Information Sharing and Analysis Canter (ISAC), launched by UAE Banks Federation, which aggregates, correlates, and analyses threat data from multiple sources in real-time to support defensive actions by member banks. There are 34 banks who are already signed up to the platform, regularly sharing knowledge and threat intelligence with each other to interpret the ever-growing amount of threat data available. With so many stakeholders across the banking industry, fraud is not something we should be tackling in silos. To successfully safeguard the entire banking ecosystem, it needs to be tackled collaboratively.
Digitization in the banking industry is a double-edged sword. As the number of digital solutions that make banking more convenient increases, so do the avenues through which fraud can be committed. Despite this, human errors remain the biggest weakness when it comes to cybercrime.
However, by staying educated and learning about the various schemes that fraudsters undertake, and taking extra caution when it comes to our financial information, we can significantly reduce the likelihood that any of us will fall victim to scammers.