Suffering from fraud is ugly and painful. Banks in UAE take a significant amount of time to investigate cases and resolve them. In most cases, the full amount is never recovered. Let alone that banks force victims to pay the full bill (in case of a credit card fraud) till the issue is investigated and resolved. Victims on the other hand have to wait for up to 90 days or more to get anything back.
So why fraud happens? Well, it is not rocket science. The most important 5 reasons as to why fraud happens in UAE are
- Privacy and data protection is virtually nonexistence in UAE. There are no PCI/DSS style laws in UAE forcing merchants to encrypt their databases. The Central Bank in its notice dated 21 May 2019 ((CBUAE/BSD/C/2019/2094)) mandated all Financial Institutions operating in the Cards payment ecosystem to comply with PCI DSS but there is no mention about merchants to force them to do the same.
- There is no law preventing merchants from keeping your credit/debit card information without your consent.
- For the sake of easy, quick financial transactions and to save costs most bank’s payment gateways will let certain payments through without OTPs if the payment is below a certain value.
- The vast majority of online merchants in UAE do not invest property in security. Most of them use very powerful platforms to build their online stores BUT many fail miserably, either out of ignorance or to save costs, in configuring their security properly.
- Naive consumers who either ignore common sense or assume things that do not exist.
If we mix those reasons together, we get a recipe for a disaster. I truly hope things change in the future. I actually see the UAE on a path that ends with enacting laws in that regard to help reduce fraud and forcing merchants to take things seriously and invest properly in their security infrastructure. I just hope things progress a bit faster.
In the next article, I will discuss the main methods by which fraud is conducted.