As capital and
investment flow into the Middle East, the region remains an
attractive target – and an easy one for fraudsters. Andrew
Rochford, business solutions consultant for the Middle East and
Africa at ACI Worldwide, argues that banks in the Middle East can
do more to help themselves.
Go deeper with GlobalData
Fraud is an international
business: it follows the money. The Middle East is no exception and
has offered easy pickings for fraudsters. Dubai aside, the area has
emerged from the recent global financial crisis relatively
unscathed. Local governments are directingbns of dollars into
infrastructure projects and economic diversification. International
investors are looking to the Gulf as a source of returns than
cannot be delivered by the moribund markets of traditional Western
financial hubs.
The regions’ demographics
have placed it at the centre of global retail banking networks.
Expatriate businessmen in Saudi Arabia, Bahrain and UAE; tourists
in Oman; and workers sending remittances from the Gulf to the
Indian sub-continent have helped open up the Middle East to foreign
cash flows and, with them, foreign threats. Fraud attacks,
therefore, are a question of when rather than if.
Unfortunately, too many banks
in the region assume that they are immune to this ticking time
bomb. While financial institutions in the rest of the world are
investing heavily in fraud detection and prevention, it remains a
low priority in the Middle East.
In a choice between a secure
European bank issuing chip and Pin cards, or a less secure bank in
the UAE issuing magnetic stripe cards only, then it is the UAE bank
and its customers that will be hit.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData
Professional
fraudsters
Professional fraudsters do
not waste their time targeting well-protected institutions. They
hunt out weaker targets. Where international banks have a presence
in the Middle East, they tend to import systems, practices and
knowledge from their European or American operations. That leaves
smaller local banks in countries without a high fraud risk profile
who tend to do the minimum in terms of risk analysis – putting both
balance sheets and credibility at risk.
That said, the extent to
which banks take risk detection seriously is also dependent on the
local financial regulators. It’s all too easy to paint the Middle
East as a singular homogenous region, but that would be to ignore
the significant local differences that exist. The Saudi Arabian
Monetary Agency for example has mandated that all debit card
transactions in the Kingdom should be monitored. In July it
launched a campaign entitled I am Protected to foil fraud
attempts and educate the public.
Elsewhere, Dubai and Bahrain
are considered to be more in tune with the need to manage card
fraud than other, smaller markets that believe that debit cards
present a low fraud risk. In Qatar and Oman the monitoring of such
transactions is minimal.
Bahrain appears to be taking
the lead when it comes to online banking. It has recently announced
the establishment of a special internet council to promote and
ensure on-line safety for all. It is to be hoped this initiative
will spread across the Gulf and result in customers becoming more
vigilant about disclosing sensitive financial
information.
Despite these local
differences, certain general observations still hold water. For
example, the region’s banks tend to defer the cost of fraud back to
the cardholder as far as is possible. Many countries lack effective
consumer protection regulation, which make it difficult for
individuals to pursue claims against banks or merchants they
believe have been negligent. In the UAE, for example, cardholders
are only protected once the card is reported lost or stolen but not
for transactions where the PIN number has been used.
The commonly held belief is
that if banks take more responsibility, customers will become less
diligent in protecting their cards, and fraud levels will rise.
With limited competition between firmly established banks, and no
real legal framework for handling fraud, there is little to
incentivise greater investment in fraud-fighting
resources.
As a result, many fraud
departments are still rudimentary by international standards,
having adopted a siloed structure where different teams and systems
handle different payment channels. All of which makes it difficult
to gain a comprehensive overview of customers’ payment patterns and
to identify fraud that crosses payment type.
However, public opinion may
well be prompt a more equitable distribution of responsibility in
the future. ACI’s own research found around 36% of respondents in
Dubai would change their financial institution after being a victim
of card fraud, and 38% would return to cash following a card fraud
incident.
If these kinds of attitudes
become typical throughout the region, then banks will be obliged to
move towards more international standards. This really is a
question of trust and education: there is room for banks to do more
to alert their customers of the risks of card based purchasing,
while accepting some of the consequences when things go
wrong.
Communal
problem
There is an opportunity to
learn through collaboration and discussion with erstwhile
competitors – a technique that has reaped positive results in the
UK, New Zealand, Australia and Canada where fraud is seen as a
communal not a competitive issue. Banks in the Gulf Cooperation
Council in particular seem ideally placed to initiate inter-bank
and inter-country dialogue.
In terms of technological
solutions, SMS alerting has become a popular innovation among
certain banks. Although it cannot prevent all thefts, it is a
powerful tool for early detection, especially given the high rate
of mobile phone penetration in the region. Cardholders are alerted
to any card use and can contact their banks if details of an
unknown transaction are sent to them.
Banks could also adopt IP
checking to compare the actual source of an internet transaction
against a list of locations and terminals previously used by
fraudsters. Unlike SMS messages, this can ensure transactions are
declined before they are authorised. Finally, there are
applications which analyse all activity between a customer’s home
computer and their bank, during on-line sessions, and will issue an
alert if any activity is outside normal or expected behaviour
patterns.
These are all simple measures to implement, that can
deliver significant ROI. If Middle Eastern banks are to prevent
substantial damage to the bottom line, and maintain good face with
their customers, then investment in anti-fraud measures is more
than justified. That those investments deliver returns in a matter
of months only underlines their necessity.
