ABU DHABI // A breach of the network that allows banks to share customer debit-card information has prompted banks to send warnings to hundreds of thousands of customers this week, banking officials familiar with the incident revealed yesterday. At least some, if not all, UAE bank accounts may have been vulnerable to fraudulent withdrawals or charges, the officials said. Customers of some of the country's main banks queued at automated teller machines yesterday after the insitutions sent text messages warning that their accounts could be compromised if they did not change their personal identification numbers immediately.
Customers of some of the country's main banks queued at automated teller machines yesterday after the insitutions sent text messages warning that their accounts could be compromised if they did not change their personal identification numbers immediately. Some banks said they moved to change the PINs of customers they determined to be at special risk of having their accounts accessed illegally. Banks that broadcast text messages to customers included National Bank of Abu Dhabi (NBAD), Citibank, Emirates NBD, and HSBC. MasterCard and Visa said they warned member banks that their security may have been compromised, and began a joint investigation with financial institutions into the breach. "We are aware of a possible network intrusion in the United Arab Emirates and are working with all of the banks in the country to make sure that appropriate measures are put in place to prevent any such breaches," said Jonathan Miller, Visa's spokesman in London. He said the company does not know where the problem originated or who was responsible. Even banks that said their customers were not affected took the opportunity to remind cardholders to change their PINs regularly. "Although our Mashreq ATMs were not affected, there is a possibility that some of our clients have used a compromised ATM. Some people keep the same PIN code for many years, which is not recommended. It should be a habit to change the PIN code regularly," said Gavin Sanderson, head of distribution at Mashreq Bank. Banking industry officials said the problem was unlikely to have been the result of "skimming", in which thieves obtain debit-card and PIN information directly from ATMs or customers as they make withdrawals, because the breach involved far too many accounts. If it were a simple case of skimming, "you wouldn't have seen banks issuing mass warning to their customers", said a senior industry source familiar with the incident. He said banks had not determined the source of the fraud, but it appeared that it occurred on a system that banks use to share ATM data. "This has to be a pretty specialised operation," he said. In August, Visa informed some banks in the country that thousands of cards might have been compromised. The US Embassy also warned residents on Aug 26 that those fraudulent activities had originated in the US. It is not known whether the two incidents are related to this week's security alerts. -additional reporting by Sara Hamdan @email:hnaylor@thenational.ae @email:hjalili@thenational.ae
