HOSSAM ABDULNABI (ABU DHABI)

The UAE Banks Federation (UBF) has launched a federal platform for exchanging information on cybersecurity, enabling the participating banks to take the necessary measures to address online fraud.

During a press briefing on Wednesday, UBF Director General Jamal Saleh said that the launch of the new platform at the federal level aims to overcome legal problems related to information exchange. It is an enhanced version of the Tasharok platform, he said.

It will include 33 active banks in the country, and participation is not limited to banks, and may involve various entities and institutions in the country, he added. Saleh noted that the platform will collect data related to cyber threats from multiple sources, link them, and analyse them instantly. The goal is to enhance precautionary measures by providing more accurate information about threats. This will help banks and financial institutions organise and understand the growing amount of cyber threat.

He mentioned that the UBF launched an awareness campaign years ago to confront financial fraud, aiming to educate bank customers about the necessity of reporting fraud attempts before they occur. This is especially crucial given the recent developments in fraud methods.

Man-in-the-Middle Attack

Saleh noted that among the latest types of financial fraud is the "Man-in-the-Middle" (MITM) attack. It is a fraudulent application that sends phishing messages to individuals, claiming that they have paid a bill twice. To recover the amount, the recipient must click on a link attached to the message. When the customer does so, the fraudster can copy all the information entered by the customer. Then, the One-Time Password (OTP), a changing secret number sent via SMS, is sent, making the victim believe it is related to the refund process while it is actually used for a fraudulent purchase from the victim's account.

Modus Operandi

MITM involves a fraudster who positions themselves in a conversation between a user and an application, either for eavesdropping or impersonating one of the parties. This makes it appear as a normal information exchange taking place.

The goal of the attack is to steal personal information, such as login credentials, account details, and credit card numbers.

Targets are usually users of financial applications, e-commerce websites, and other websites that require login credentials.

The obtained information can be used for various purposes, including identity theft, unauthorized money transfers, or illegal password changes.

Saleh highlighted that the UBF collaborates with the banks operating in the country to implement the highest protection standards for electronic banking applications. This involves ensuring that the phone is identified by fingerprint and facial recognition, which are the highest security standards that are difficult to deceive.

He emphasised that UAE banks promptly refund amounts in case of fraudulent activities on a customer's account, provided the customer provides necessary evidence and has not committed a serious error that makes them a victim of electronic scammers.

Saleh pointed out that sending an OTP is one of the essential protection methods. Therefore, a modification has been introduced to obligate banks to enable customers, when opening a bank account, to specify their preferred method for receiving the changing PIN, either through SMS or email. Banks observed some complaints about delays in receiving OTP when customers travel abroad.

Regarding expectations of the US Federal Reserve reducing interest rates this year and its impact on the performance and profitability of local banks, especially with the dirham pegged to the US dollar, Saleh said that the Central Bank of the UAE has established sufficient regulations to maintain the resilience of the banking sector in case of interest rate changes.

This helps avoid problems that cause some banks abroad to face difficulties. He highlighted the importance of analysing the impact of interest rate changes, whether up or down, on a daily basis and pointed out that local banks have mechanisms, such as SWAP with major corporate clients, to deal with these effects on short-, medium-, and long-term finances.

Commercial Loans

When asked about demands for implementing a system for commercial loans that determines conditions for granting such loans to companies similar to the personal loan system, Saleh pointed to the difficulty in doing so due to the diversity of companies.

It is challenging to establish a fixed matrix or tables for conditions and fees for granting commercial loans. He noted that for this purpose, banks evaluate and classify each company seeking commercial loans.

He denied any monopolisation or concentration of banking services among a limited number of large banks in the country, highlighting the increased number of banks residents deal with in the UAE compared to other countries where dealings are limited to very few major banks.