One in 10 financial transactions in UAE are malicious cyberattacks

• Cybercriminals use stolen credit card information to process payments
• UAE government is introducing initiatives to combat cyberattacks 

An average of one in 10 financial transactions in the UAE are malicious attacks carried out by cybercriminals, with the number of such attacks on the rise in the last 12 months, according to an industry survey.

The UAE’s rapid digitisation of company operations, and the rise in popularity of e-commerce platforms during the pandemic has meant security precautions have not kept pace with the transition online. However as the Middle East market matures, the number of malicious attacks will decrease, a Dubai-based expert told AGBI.

LexisNexis Risk Solutions, part of the US-headquartered global data analysis firm, surveyed 834 risk and fraud executives in retail, e-commerce and financial services companies in Europe, the Middle East and Africa (EMEA).

• UK banks losses from fraud scams surge 40%

The survey found that 39 percent of respondents in the UAE said the number of malicious bot attacks on their online services had increased in the last year.

An example of a malicious bot attack is when a cybercriminal uses stolen credit card information to process a small payment, hoping that the low value amount will not arouse the victim’s suspicion. 

Carried out on a large scale, fraudsters will attempt to work out what the threshold amount is before the victims and the retailers targeted in the scam become suspicious.

While the survey found that a tenth of transactions are classed as malicious, London-based Pratik Choudhary, strategy manager at LexisNexis Risk Solutions, said not all of them are successful.

“Ten percent of transactions have been malicious bot attacks…. So that’s huge. Automotive bot attacks have been increasing throughout the pandemic,” he said.

“Now, whether they turn out to be fraud or not, or whether fraud detection and prevention services stopped them, that’s another case.”

He pointed out that cybercriminals can often carry out tens of thousands of attacks per second until one of them is successful.

The growth in attacks has followed hand-in-hand with the rapid growth in digital payments and e-commerce sectors in the UAE.

Hany Fekry, group managing director (processing) at regional payments giant Network International, forecast that by 2025 cash payments will only account for 5 percent of transactions in the UAE. 

“We can say now that almost 75 percent of the transactions in the UAE are electronic; five years ago, it was only 30 percent. I believe that by the end of this year with the introduction of the Invoice Processing Platform (IPP) that will rise to 90 percent,” Fekry said.

With residents forced to stay at home during the pandemic, this was also a catalyst for the surge in growth in the UAE’s e-commerce sector, which was valued at $3.9 billion in 2020 and is estimated by the Dubai Chamber of Commerce and Industry to be worth $8 billion by 2025.

Dubai-based Shankar Garg, managing director for the Middle East and Africa at Xebia, a US-headquartered global IT consultancy company which advises UAE banks on their digitisation strategies, said he was surprised the number of malicious transactions was as high as 10 percent, but he believed this would decrease over time once companies invest in more stringent security systems.

“Ten percent might look high, but we are at a very nascent stage when it comes to adoption of digital payments… I feel, down the line, the payment systems, as they become mature, this number is going to go drastically down, plus the government will also enact some laws and rules which kind of brings all this down,” he said.

The UAE government has already been proactive in introducing initiatives to combat cybercriminals. 

“UAE Pass is one such digital identity project by Smart Dubai government. It allows different vendors, payment companies and banks and everyone to authenticate a person’s identity once stamped by the government,” Garg said.

Launched during GITEX Technology Week 2018 as a joint initiative between the Telecommunications and Digital Government Regulatory Authority (TDRA), Abu Dhabi Digital Authority and Smart Dubai, UAE Pass is described as the first secure national digital identity for citizens and residents, enabling them to access thousands of online services across various sectors, sign and authenticate documents, and carry out transactions safely.

Looking to the future, the Lexis Nexis survey also found that 27 percent of financial institutions and merchants surveyed said they had not integrated any fraud prevention programs into their digital payments systems.

“Scams are going up across the globe and in the Middle East. One way to mitigate that is by having a behavioural biometric solution within the app. It really tells you who your trusted customer is and who is a potential fraudster,” Choudhary said.

Physical biometrics are initiatives such as iris patterns and fingerprints, while behavioural biometrics looks at how individuals interact with keyboards, a mouse or a phone’s screen and compares whether the transaction is being carried out by a human user or an automated bot.