Bank ordered to pay 9.5 million dirhams to customer after SIM card swap fraud
August and September of that year.
Neither the client nor his representative were informed of how the series of transactions went.
“The money was withdrawn by 49 different transfers using a phone banking app and online services, leaving only 36 dirhams in the bank account,” said Ghassan El Daye, a partner and head of litigation in the Middle East at Charles Russell Speechlys, who represented the telecommunications service provider.
The client discovered that his cell phone service had been suspended the same month.
The investigation revealed that the fraudsters had submitted a SIM replacement request to the telecommunications company for the victim’s mobile number, which was registered with the bank.
The final verdict, which found the bank guilty, came after the telecom provider appealed the original decision.
In defense of the telecommunications company, El Daye cited article 284 of the UAE Federal Civil Transactions Code to convince the court that the telecommunications company was not liable for fraud by swapping SIM cards, and that if there was a mistake, the responsibility of the bank where the money was stolen trumps that of the telecommunications service provider.
In April 2015, the customer and victim of the fraud, whose nationality and age were not disclosed, gave his brother a power of attorney to conduct all banking transactions on his behalf.
Under Section 284, if the harm is both direct and indirect, the rules relating to direct harm apply.
In its verdict, the Court of Cassation stated that the transfers would not have occurred if the customer’s personal information had not been leaked.
“A customer’s account in the gold category, which deals with accounts with large sums of money, should have been reclassified as inactive after no transactions were made on it for 28 consecutive months,” the decision said.
The client opened his account with the bank in 2012 and gave the power of attorney to his brother in April 2015.
The final ruling also said the bank was liable for the customer’s financial loss after failing to use a secure authentication system.
El Daye said the telecommunications company is susceptible to such cases, which cost millions of dirhams each year.
“The number of such cases is increasing, the telecommunications services have encountered more than 20 such cases.”
He stressed that banks need to tighten security measures, inform customers about suspicious large sums requested for transfers, monitor the use of pin codes and conduct more thorough background checks on employees.