Register for our free newsletter

Latest News

Online banking fraud: who’s to blame?

Online banking fraud: who’s to blame?

Local bank could learn a thing or two from the 'phishing scam' policies of other lenders.

May 3, 2010 2:11 by

“I’m interested in how I can get my money back from the bank because it’s not my fault,” Pravin Bakliwal told local media after he lost a reported AED121,000 from his bank account last year. Bakliwal lost virtually his entire Mashreq bank balance when internet fraudsters made repeated debits to his account of AED500 and AED1,000 – leaving him with a grand total of about $38. “They’re telling me I revealed my internet password, so they won’t pay anything,” the man was quoted as saying.

Mr. Bakliwal was not alone. Scores of Mashreq customers were victimized last year in a phishing raid that defrauded bank clients out of tens of thousands of dollars.

Following the highly-publicized scam, the bank released a statement, reported in local media, that said investigations “proved that Mashreq’s security systems were not at fault.”

Effectively denying that any breach had occurred, Mashreq said it was “not liable to refund customers,” the National reported, adding that “in all cases customers’ valid online banking log-on credentials were used to conduct these disputed online transactions”.

“Protecting your wealth is a shared responsibility,” Mashreq reminds clients on their website. “Any transaction arising out of a valid Sign On using your username / password will be treated as authentic, and the bank will not liable for any loss due to unauthorized transactions in your account,” the bank advises.

But are regional banks right to safeguard online banking services by nothing more than a username and password? Compared to the counterparts abroad, the answer is a resounding “No!” Indeed, one analyst commented that the Mashreq case “demonstrates how far behind the Middle East is in information security.”

Consider the online banking guarantee of the UK’s Lloyds Banking Group: “We guarantee to refund your money in the unlikely event you experience a fraud with your Internet Banking. As long as you’ve been careful, for example, by taking reasonable steps to keep your security information safe.”

Kipp contacted Lloyds and asked for clarification of their guarantee. Specifically, we asked bank reps how the online bank fraud guarantee would be applied in the event that a client unknowingly divulged login credentials via a phishing site.

Their reply?

“If you use our online service and become a victim of online fraud, we guarantee you won’t lose any money from your account, and will always be reimbursed in full.”

Further, Lloyds employs sophisticated fraud detection systems that highlight unusual spending patterns. This would have come in handy in the case of the Mashreq fraud, where repeated (and unprecedented) account debits were made.

In fact, Citibank, American Express and scores of other online providers of financial services advertise account protection guarantees – offering clients peace of mind and confidence in their online banking services.

If regional financial institutions are to build investor confidence in the banking sector, they should be implementing such safeguards – and, of course, offer refunds to customers hit by the ‘phishers’.

But Kipp wonders: Are regional banks listening?


How to avoid being ‘phish’ bait

Tags: , , , , , , ,


  1. MCID on May 4, 2010 1:43 pm

    To determine if a phishing scam took place is not as easy as it seems. From the banks’ perspective, the self-proclaimed “victim” could be just likely to be a fraudster (or a conduit to frauds).

    Anyone could draft a scam email claiming to be from a bank and then send to his partners, who will then relay login details/passwords back to him. After the money is fully drained from the accounts, the partners then report the scam to the banks…and according to your article, Lloyds will reimburse all the money lost?

    There are genuine victims out there, and that is a fact. But there are also fraudsters out there, and that is a fact too.

    Please write to Lloyds again and ask them point blank, “Will Lloyds reimburse its clients who claim to be victims of phishing scam, yes or no?”

    If they answered “yes”, I can assure you Lloyds will immediately be the favorite bank to the scamsters and fraudsters!

  2. Jim on May 6, 2010 7:14 am

    Its totally unfair to give this type of answer to the vistim. Its totally bank’s responsibility to the safety of client funds lodged with them. No body will be a fool to either withdraw a huge amount or multiple small amounts. In any case the bank can trace such transactions and give a simple call to the customer costing few fils to ensure the authenticity of the transactions. If this is the case I and may be more small customers will withdraw all online transactions and funds from Mashreq.

  3. Ubaid on May 6, 2010 12:26 pm

    It is not the reimbursement to clients who are victims of fraud that distinguishes the Lloyds from Mashreq but its the security measures put in place by Lloyds. You get the annoying phone call everytime you make a purchase exceeding £300 from Lloyds. Here, we don’t see Mashreq taking even a single step to verify if the transactions were genuine or not. And from Mashreq’s response, I wonder if any kind of transaction can even take place without a valid username and password. Well, maybe for Mashreq customers it does. I would never know coz I will never bank with them


Leave a Comment