Dubai court tells bank to pay customer Dh4.6 million after his account got hacked

dubai, cyber crime, uae, laws

Dubai - Court also ordered the bank to pay the complainant Dh100,000 in damages.


Marie Nammour

Published: Wed 5 Aug 2020, 4:25 PM

Last updated: Wed 5 Aug 2020, 6:36 PM

A Dubai commercial court order for a bank to repay a customer Dh4.5 million has been upheld by the Dubai Court of Appeals. The amount is worth of balance, siphoned off from his account.
In October last year, the Dubai Commercial Court found the bank responsible for the losses incurred by the complainant and ordered it to deposit the balance amount back into his account. It also ordered the bank to pay the complainant Dh100,000 in damages.
Ghassan El Daye, partner and head of litigation Middle East for UK-based law firm Charles Russel Speechlys, said that the case dates back to 2017 when their client, who once lived and worked in the UAE, was unable to withdraw cash due to insufficient funds.
"Our client had come back to the UAE for a visit in May 2017 only to discover his account was empty," said El Daye.
"At the bank, the customer learned his account had been closed and was advised by bank employees to file a criminal case."
The legal team recommended a civil lawsuit for the bank customer to get his money back.
The bank appealed the court's verdict after being ordered to pay the complainant Dh4,677,596, which includes his money and an additional Dh100,000 in compensation with a nine per cent interest to be paid from the date the case was filed.
The embezzlements took place through a SIM card swap fraud. The fraudsters impersonated the account holder and applied at a telecom services provider for a replacement SIM card on his behalf.
After unlawfully obtaining the SIM card of the complainant's mobile number linked with his bank services, they contacted the bank and managed to have a new PIN code with which they fraudulently ran online banking transactions and siphoned off large amounts of money, totaling Dh4.5 million from the plaintiff's account.
The financial discrepancies took place between December 2017 and January 2018. 
The fraudulent transactions were by online banking, cash withdrawals and by credit card purchases after a SIM card swap.
The appellate court appointed banking and technical experts, who in their reports held the bank responsible for the customer's loss due to a lack of technical protection of his confidential data and that of safe electronic procedures and investigation of the bank. 
"The court handed down its ruling after it reached the conclusion that the bank was responsible for the complainant's financial losses. It was argued by our legal team that our client's account details had been leaked by an employee in a way that allowed for the fraud to take place," said El Daye.
"The absence of an alarming system that monitors suspicious transactions from accounts, especially inactive ones, contributed to the man's money being stolen."
El Daye sees that the ruling sheds light on the need for applying tighter security measures at banks and service providers, carrying out continuous monitoring of accounts and transactions, especially on dormant accounts and running higher standards of background checks on employees.

More news from