Published: Sun 11 Aug 2024, 8:52 AM

Question: My credit card was recently used for unauthorised purchases, and I had it blocked. I spoked with my bank, however, they suggested that I might have entered my card details on a fraudulent website. I'm always careful when it comes to entering my card details on websites. My question is: Is the bank liable to return the money I lost? Especially since the loss wasn't due to any negligence on my part.

Answer: Hacking e-payment transaction apps or websites is a criminal offence and can result in imprisonment and/or huge fines for an individual or groups involved in such activities. This is in accordance with Article 15 of the Federal Decree Law No. 34 of 2021 on Countering Rumours and Cybercrimes Related to Hacking E-Payment Instruments, which states,

“Whoever forges, clones or copies any credit card, debit card, or any e-payment, or captures its data or information using any of the ITE ISs shall be punished with imprisonment and/or a fine of not less than Dh200,000, or more than Dh2 million.”

The same penalties shall be imposed on whoever:

1. Makes or designs any ITE or software with the intention of facilitating any of the acts stipulated in Para. (I) of this Article.

2. Uses without authorisation any credit, electronic, or debit card or any other e-payment instrument, or any of its data or information with the intention of obtaining for himself or third parties any funds or properties of others, or to utilise the services made available to third parties by these cards or instruments.

3. Accepts using these forged, fake, or copied cards or e-payment instruments or data seized or obtained illegally despite being aware of their illegality.”

Furthermore, the financial institutions in the UAE are obligated to educate their customers and the the public about financial crimes. This obligation is under Clause 6.2.2.6 of the Consumer Protection Regulation issued by the Central Bank of UAE through its Circular No. 8 of 2020 to all licensed Financial Institutions in the UAE, which states, "Licensed Financial institutions must demonstrate they have carried out sufficient consumer awareness activities related to educating consumers of the need to protect themselves from financial crime."

The financial institution in accordance with clause 6.2.2.5 of Consumer Protection Regulations of Financial Institutions must maintain up-to-date security systems and be prepared to implement new cyber security strategies as needed. This ensures they can effectively protect against evolving threats. “Licensed Financial Institutions must ensure their security and protection systems are updated and have the capacity to develop and adopt new approaches to cyber security as required.”