An investigation by financial institutions into a recent security breach of private ATM card data points to the problem originating with one UAE-based bank, according to people familiar with the investigation into the problem.
Sensitive information including personal identification numbers (PINs) and data from the black magnetic strip on the back of cards was stolen from the bank and then used to make large numbers of fraudulent transactions, mainly from other countries.
"We're quite close to having completed the case for the prosecution," said one banker, who spoke only on the condition neither he nor his bank be identified. "And we have a fairly clear idea of how this has occurred."
Bankers believe that thieves breached a network that banks use to share ATM data. That exposed most, if not all, banks in the UAE to the fraud.
A senior banker said the sheer complexity of the fraud and the amount of detailed knowledge lifted had all but ruled out as culprits computer hackers and conventional methods of fraud such as skimming, a practice that involves illegally attaching a cardreader to an ATM to collecting card information.
"If by hacker you mean someone who is externally breaking into a system electronically, I doubt very much that that's the case," he said, asking not to be named for security reasons.
"This is more likely to be either an inside job or someone has gained access to a server or a bit of hardware for a period of time, which could be a service engineer or someone like this who has direct access," he added.
As the scale of the fraud has unfolded, some bankers have complained of a lack of guidance from the UAE central bank, whose duties include banking oversight.
The sophistication of the fraudsters was unlike anything the country and the central bank had dealt with before, the senior banker said.
There have been a number of breaches of ATM networks in the UAE in the past, but none has affected so many cardholders. "This is quite complex and quite sophisticated," the official said. "So one might imagine that the central bank is struggling to understand it."
In an email message to The National, the office of the governor of the central bank wrote that the current spate of fraudulent activity was outside its purview. "The said subject is related to banks' security systems, not the central bank," it said.
Several banks said they were nearing the conclusion of their internal inquiries, the results of which would be shared with others in the industry.
Any bank found responsible for the breach could be held liable for the losses, which have not yet been quantified.
A senior executive at another bank said his company had already engaged in talks with one bank thought to have been the origin of the breach. "There are discussions about compensation," he said.
The police have yet to become involved in the investigation.
Banks began sending mass text messages to hundreds of thousands of customers last week asking them to change their PIN codes last week, after fraudsters based in foreign countries made unlawful transactions from UAE accounts. Confusing messages and conflicting instructions by banks caused long customer queues at ATMs and generated considerable public uncertainty.
Some banks have restricted all or partial international usage of their cards, for example, while others have lowered their withdrawal limits without notifying customers.
Banking sources said one bank told other financial institutions last week that it had begun an internal investigation after being notified of the breach by card networks and banks.
An executive at a major bank questioned the wisdom of sending text messages, saying it caused undue panic since the losses that banks had incurred were relatively small.
hnaylor@thenational.ae
mjalili@thenational.ae
NO OTHER LAND
Director: Basel Adra, Yuval Abraham, Rachel Szor, Hamdan Ballal
Stars: Basel Adra, Yuval Abraham
Rating: 3.5/5
Real estate tokenisation project
Dubai launched the pilot phase of its real estate tokenisation project last month.
The initiative focuses on converting real estate assets into digital tokens recorded on blockchain technology and helps in streamlining the process of buying, selling and investing, the Dubai Land Department said.
Dubai’s real estate tokenisation market is projected to reach Dh60 billion ($16.33 billion) by 2033, representing 7 per cent of the emirate’s total property transactions, according to the DLD.
FROM%20THE%20ASHES
%3Cp%3EDirector%3A%20Khalid%20Fahad%3C%2Fp%3E%0A%3Cp%3EStarring%3A%20Shaima%20Al%20Tayeb%2C%20Wafa%20Muhamad%2C%20Hamss%20Bandar%3C%2Fp%3E%0A%3Cp%3ERating%3A%203%2F5%3C%2Fp%3E%0A
Company profile
Company: Verity
Date started: May 2021
Founders: Kamal Al-Samarrai, Dina Shoman and Omar Al Sharif
Based: Dubai
Sector: FinTech
Size: four team members
Stage: Intially bootstrapped but recently closed its first pre-seed round of $800,000
Investors: Wamda, VentureSouq, Beyond Capital and regional angel investors
Profile
Company name: Jaib
Started: January 2018
Co-founders: Fouad Jeryes and Sinan Taifour
Based: Jordan
Sector: FinTech
Total transactions: over $800,000 since January, 2018
Investors in Jaib's mother company Alpha Apps: Aramex and 500 Startups
At a glance
Global events: Much of the UK’s economic woes were blamed on “increased global uncertainty”, which can be interpreted as the economic impact of the Ukraine war and the uncertainty over Donald Trump’s tariffs.
Growth forecasts: Cut for 2025 from 2 per cent to 1 per cent. The OBR watchdog also estimated inflation will average 3.2 per cent this year
Welfare: Universal credit health element cut by 50 per cent and frozen for new claimants, building on cuts to the disability and incapacity bill set out earlier this month
Spending cuts: Overall day-to day-spending across government cut by £6.1bn in 2029-30
Tax evasion: Steps to crack down on tax evasion to raise “£6.5bn per year” for the public purse
Defence: New high-tech weaponry, upgrading HM Naval Base in Portsmouth
Housing: Housebuilding to reach its highest in 40 years, with planning reforms helping generate an extra £3.4bn for public finances
THE SPECS
Engine: 6.75-litre twin-turbocharged V12 petrol engine
Power: 420kW
Torque: 780Nm
Transmission: 8-speed automatic
Price: From Dh1,350,000
On sale: Available for preorder now
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
A MINECRAFT MOVIE
Director: Jared Hess
Starring: Jack Black, Jennifer Coolidge, Jason Momoa
Rating: 3/5
Bridgerton%20season%20three%20-%20part%20one
%3Cp%3E%3Cstrong%3EDirectors%3A%20%3C%2Fstrong%3EVarious%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Nicola%20Coughlan%2C%20Luke%20Newton%2C%20Jonathan%20Bailey%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E3%2F5%3C%2Fp%3E%0A
Election pledges on migration
CDU: "Now is the time to control the German borders and enforce strict border rejections"
SPD: "Border closures and blanket rejections at internal borders contradict the spirit of a common area of freedom"
Paatal Lok season two
Directors: Avinash Arun, Prosit Roy
Stars: Jaideep Ahlawat, Ishwak Singh, Lc Sekhose, Merenla Imsong
Rating: 4.5/5
In numbers: PKK’s money network in Europe
Germany: PKK collectors typically bring in $18 million in cash a year – amount has trebled since 2010
Revolutionary tax: Investigators say about $2 million a year raised from ‘tax collection’ around Marseille
Extortion: Gunman convicted in 2023 of demanding $10,000 from Kurdish businessman in Stockholm
Drug trade: PKK income claimed by Turkish anti-drugs force in 2024 to be as high as $500 million a year
Denmark: PKK one of two terrorist groups along with Iranian separatists ASMLA to raise “two-digit million amounts”
Contributions: Hundreds of euros expected from typical Kurdish families and thousands from business owners
TV channel: Kurdish Roj TV accounts frozen and went bankrupt after Denmark fined it more than $1 million over PKK links in 2013
The National's picks
4.35pm: Tilal Al Khalediah
5.10pm: Continous
5.45pm: Raging Torrent
6.20pm: West Acre
7pm: Flood Zone
7.40pm: Straight No Chaser
8.15pm: Romantic Warrior
8.50pm: Calandogan
9.30pm: Forever Young