PIN fraud sparks bank alert

Some of the country's leading banks warn customers to change their PIN immediately. Queues form at some ATM machines in Abu Dhabi.

United Arab Emirates - Sept. 10 - 2008:  HSBC and other Abu Dhabi banks issued a security alert and urged customers to change their pin number due to a security breach.  (Galen Clarke/The National) Photo illustration
Powered by automated translation

Some of the country's leading banks warned hundreds of thousands of customers today that their accounts may be compromised and urged them to change their personal identification (PIN) numbers immediately. National Bank of Abu Dhabi (NBAD), Citibank, Emirates NBD, HSBC and possibly other banks sent multiple warnings via text message to customers' mobile phones throughout the day. Today, queues at Abu Dhabi ATMs [automated teller machine] belonging to the banks which had contacted customers were longer than usual. The moves underscored concerns about the safeguards of automated credit and debit card transactions in the country, but also a showed a willingness on the part of banks to warn customers early about problems. "Together with other UAE-based banks, we have been experiencing an attack on our local accounts from counterfeit ATM card usage abroad," said Jonathan Campbell-James, the head of security and fraud risk at HSBC Middle East. "We have been proactively communicating to our customers via SMS to change their PIN numbers at any HSBC ATM as a precaution, and have implemented various containment strategies to minimise the threat posed." Last week, authorities said they were investigating a widespread credit card fraud in which debit cards were being illegally cloned and used outside the country. In this latest breach, banks were alerted to suspicious transactions on Sunday after a number of foreign withdrawals were made on UAE-issued debit cards, according to a banker familiar with the situation. Thieves were able to acquire PIN numbers and electronic data from the black strip of UAE-issued ATM cards. With that data, money can be withdrawn from machines. They then fashioned counterfeit cards that were used to withdraw money from UAE accounts from locations outside the country. It was unclear how many people have been affected by the fraudulent transactions. Messages went out to customers of some banks early this morning, and by late afternoon banks had sent out multiple warnings. "For security reasons we ask you to please change your visa electron card pin number immediately...," read one message from NBAD. An NBAD spokesman said no accounts had been breached, but the messages were sent to customers as a precaution. Some banks, such as HSBC, said they were working with customers already affected by the frauds to reimburse them and would do the same for those who changed their identification code numbers. HSBC said that full refunds for unclaimed transactions would be guaranteed as long as customers changed their PIN numbers by 6pm tomorrow. The bank's hotline said that after 6pm, cards that had not had PIN numbers changed would be deactivated and customers would have to visit a branch office to request a new card. Andrea Jaishankar, a spokeswoman for HSBC, said that the actual accounts would not be blocked or frozen if PIN numbers were not changed, but that the refund process would be more difficult otherwise. Some concerned customers lined up outside the HSBC bank on Airport Road in Abu Dhabi today to change their PIN numbers. Despite the mass mailing, banks still shuttered according to their Ramadan hours. "I'm not surprised there's nobody from HSBC here to reassure me. I'm not sure that they could reassure me," said Marc, 58, from the UK, who works for Nakheel. Yesterday's alerts follow a rash of debit and credit card fraud that occurred earlier in the year. Banks, law enforcement authorities and major credit card companies, including MasterCard, are already participating in an international investigation in the UAE into credit and debit card fraud involving American-issued credit and debit cards. On Aug 26, the US Embassy warned citizens in the UAE about credit and debit card fraud that had affected an unusually large number of its employees. Banking officials in America are also on alert. A manager of an anti-fraud department at a credit union in North Carolina, who spoke on condition of anonymity, was told by Visa recently about a "network intrusion" in the UAE that had been occurring from February to August. She said the Visa warning suggested that hackers tapped into UAE-based processors or intermediaries that process debit and credit card billing information from local merchants. There are four processor, or acquirer, banks in the country that perform this function. A senior UAE banker said that the local Visa office sent a memo to all the country's banks on Aug 28, disclosing that data from one or more of its banks had been compromised. He said the industry had been grappling with the issue since. "They said that either one or a few of their issuers or participating merchant banks had a problem," he said. "They didn't disclose the name, but all the banks across the UAE banks received this [warning]." In March, a gang of fraudsters was jailed for forging credit cards, while in the same month the Central Bank of the UAE announced that thousands of credit card details were stolen when a different gang hacked into a bank's ATM records. * With additional reporting by Sara Hamdan Have you been contacted by your bank? Have you had to try and change your PIN number? Let us know by clicking on the Have Your Say button below. hnaylor@thenational.ae mjalili@thenational.ae mbradley@thenational.aef