UAE: Bank ordered to pay customer Dh9.5 million after SIM card swap fraud

The court ruled that the transfers would not have happened if the personal details of the client were not leaked


Sherouk Zakaria

  • Follow us on
  • google-news
  • whatsapp
  • telegram



Published: Tue 26 Apr 2022, 4:03 PM

Last updated: Wed 27 Apr 2022, 8:47 AM

A UAE-based bank must pay Dh9.5 million to a customer who was swindled out of his money in a SIM card swap fraud, the Dubai Court of Cassation ruled.

In February this year, the verdict dismissed an initial ruling by the Dubai Commercial Court of First Instance in May 2021, which found the bank and a local telecommunication company jointly and collectively liable.

In April 2015, the customer and victim of the fraud, whose nationality and age were not disclosed, gave his brother a power of attorney to handle all bank transactions on his behalf.

In October 2018, the customer’s brother was informed that Dh9.5 million were transferred from the account within 32 days between August to September of that year.

Neither the customer nor his representative were informed as the series of transactions were being made.

“The money was taken out on 49 different transfers using the phone banking app and online services, leaving only Dh36 in the bank account,” said Ghassan El Daye, Partner and Head of Litigation Middle East at Charles Russell Speechlys, who was representing the telecommunications service provider.

The customer discovered that his mobile phone service had been suspended during the same month.

Investigations revealed that fraudsters had submitted a replacement SIM card request to the telecommunication company of the victim’s mobile number that was registered with the bank.

The final verdict that found the bank guilty came after the communication service provider appealed the initial ruling.

In the telecommunication company’s defence, El Daye referred to Article 284 of the UAE Federal Civil Transactions Code to convince the court that the telecommunications company was not liable for the fraud by the swapping of the SIM card, and if a fault happened, the liability of the bank from where the money was stolen supersedes the liability of the telecommunication service provider.

According to Article 284, if the harm is both direct and consequential, the rules relating to direct harm shall apply.

In its verdict, the Court of Cassation said the transfers would not have happened if the personal details of the client were not leaked.

“Being under the golden category which deals with accounts with large sums of money, the customer’s account should have been turned into inactive after no transactions were conducted on it for 28 consecutive months,” the ruling read.

The customer had opened his bank account since 2012, before transferring the power of attorney to his brother back in April 2015.

The final ruling also said the bank was responsible for the customer’s financial loss after it failed to use a strong authentication system.

El Daye said the telecommunication company is exposed to such cases that costs millions of dirhams annually.

“Such cases have been on the rise, with the telecommunication services facing over 20 similar cases.”

He stressed on the need for banks to tighten up security measures, inform customers if suspicious large amounts are requested for transfers, monitor the use of Pin codes, and carry out more extensive background checks on employees.


What is SIM swap fraud?

It is a form of an account takeover where scammers gather personal information to get a new SIM card issued in the customer's name.

Using the SIM card, the scammer will get all the sensitive information they need, including OTPs, to conduct fraudulent transactions from the customer's bank accounts.

Tips to protect yourself:

If your phone number is inactive or stops receiving texts and calls for a long time, get in touch with your mobile operator immediately.

Do not share your personal and confidential details with unknown people calling from unverified numbers or responding to emails or text messages from suspicious addresses.

Never share the 20-digit number at the back of your SIM card.

Avoid sharing your phone number on social media or websites.

Check your bank account alert messages and statements regularly and report any inconsistent transaction or activity immediately.

More news from