Confused response from banks raises fears

"Wake-up call" for financial institutions as anti-fraud measures fail to reassure customers.

United Arab Emmirates - Abu Dhabi - Sep 13 - 2008 : ATM logo in the NBAD, National Bank of Abu Dhabi. ( Jaime Puebla / The National ) *** Local Caption ***  JP104 - NBAD.jpg
Powered by automated translation

ABU DHABI // Almost a week since a rash of ATM frauds hit the UAE, banks still have no common strategy to deal with customers, while the Central Bank remains silent on how the industry should deal with the fallout. Conflicting and unclear announcements by banks continue to confuse customers, raising concerns about the opacity of the country's financial institutions. While the stability of the banking system has never been in question throughout the week, the problems have nonetheless undermined public confidence in bank management.

Senior banking officials, who asked to remain anonymous, said they had not been instructed by the Central Bank on the issue. Several expressed concern over its unusual silence. The Central Bank, which has issued no statements since the far-reaching effects of the fraud were reported, could not be reached for comment over the past week. Paul Sherry, the Middle East director of F5 Networks, which specialises in bank security systems, said the situation could hamper the UAE's ambitions to become a global financial centre.

"If the UAE is to take itself seriously as a world-class financial hub, the ATM security breaches this week should serve as a wake-up call to both the banking community in the region as well as regulatory bodies," he said. "People seriously doubted the trust they had placed in their banks. "It is up to officials and lawmakers now to use this breach as [an] impetus to put the UAE where it should be - at the very forefront of network security. They must enforce systemic changes to the way data is handled."

Confusion continues to reign among customers. Some banks have introduced lower withdrawal limits on ATM cards to stem illicit activity - but have apparently given little forewarning to customers. Barclays halved withdrawal limits on Premier accounts on Wednesday to Dh25,000 (US$6,800), while those on its Classic current and savings accounts were halved to Dh5,000. Customers are not being formally notified. "We inform them when they call us," a Barclays employee said, "because this situation is not going to be for long."

HSBC has also lowered withdrawal limits but apparently issued little, if any, warning about changes to customers. One bank customer who attempted to withdraw Dh8,000 from HSBC on Thursday discovered that his legal daily limit had been cut in half. "This was a total surprise and very inconvenient," the man, who only identified himself as Taher, said. "This is bad communication from the bank - it's like they don't really care about the customer."

Adding to confusion, telephone operators at HSBC told callers yesterday that HSBC ATM cards could not be used at the ATMs of other banks, but HSBC officials said official policy was otherwise. "HSBC customers continue to have access to the full ATM network in the UAE, although we urge our customers to use HSBC ATMs when they can," said Jonathan Campbell James, the Middle East head of security at HSBC. "Because our ATMs across our global network are protected to extremely high standards, our customers travelling abroad are also enjoying continued access to their money through the HSBC ATM network."

Hints of the fraud emerged on Aug 26 after the US Embassy posted warnings on its website. Then on Sept 9, numerous banks began sending text messages to customers imploring them to change their card PINs. Despite affecting most, if not all, banks in the country, a number waited several days to begin issuing formal warnings to customers about the international fraud. Some banks also warned of mass cancellations of cards if customers did not change PIN codes, leading to confusion and long queues. Others, including Citibank, began deactivating ATM and debit cards without providing formal warning to customers.

National Bank of Abu Dhabi and Dubai Bank have prohibited the use of their cards outside the country, which could seriously inconvenience travellers. The fraud is believed to have occurred after a network that banks use to share card information was breached. The culprits were able to use sensitive customer information - including PINs and data from the magnetic strips of cards. Unlawful transactions have reportedly been made in at least 20 countries.

Although most banks have not disclosed the number of customers affected by the fraud, a seemingly large number of UAE residents have had thousands of dirhams charged to their cards, while some have had their accounts wiped out altogether.