Security

Types of online threats

• Phishing is an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to ‘verify your account’ or ‘confirm your billing information’. Ifyou reveal your password, the attacker can access and use your account .
• Vishing is similar to phishing, but the medium used is the mobile phone. For example, an automated recording informs you that your bank account has had unusual activity and that you should call a particular number immediately. When you dial the number, you are requested to enter your account details on keypad.
• Smishing (SMS phishing) is a type of phishing attack where you receive text messages on your mobile phone with a link to a website. As soon as you click on the link, it redirects you to a fraudulent website in an attempt to obtain your Online Banking Credentials.
• Spoofing is the creation of email messages with a forged sender address. Fraudsters disguise the true origin of the email, making it appear as though it was sent from the bank.
• Key-loggers can be software and hardware key loggers. They log all the keystrokes entered on a particular computer. The keystrokes are then retrieved by criminals and used for their own purposes. A software key logger, once installed on your computer, makes a copy of all your keystrokes. Details of the keystrokes are saved to a file on your computer's hard drive where they can be retrieved by the criminal. In some cases, the key logger will send the file to the criminal’s anonymous email address.
• Malware is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems.

Identity theft

Fraudsters attempt to steal your personal information to use for illegal purposes like opening bank account, taking out loans, running up huge debts without paying, etc.

How does it happen?
Fraudsters steal wallets and purses containing identity documents, credit and bank cards as well as mails which include bank and credit card statements. They may also rummage through your dustbins looking for documents containing personal information or intercept personal information and shared on the Internet.  Lastly, an identity thief can simply stand next to you and watch as you complete personal information on a form.

What can I do?
Steps that you can take when you have been impersonated:

• Report the matter to the UAE Police and open a case of identity fraud.
• Check your credit profile at the credit bureau to find out whether any credit enquiries have been done by companies whom you have not dealt with and confirm the account you have on your profile
• Report the matter to all companies where you have been impersonated and each company needs to conduct a victim impersonation investigation.

How to secure your mobile phone

CBD Mobile Banking Apps use various security measures and data encryption to ensure your day to day banking is completely safe with a User ID/Password, PIN and security token  for high level transactions. Some of these security measures are:

• Personalised activation/registration process with unique one time password code
• Secure registration process using CBD Online Banking credentials
• Multilevel checks using personal password/PIN or security token

The ability to control your beneficiaries by adding or removing utility bills, internal and external payments details through synchronisation from CBD Online Banking through receiving an OTP (one time password) notification on your mobile.

Mobile security tips

Smartphones make up an integral part of our lives these days. With mobile payments and banking becoming increasingly popular, it is important that you apply the same security measures to your mobile phone as you would to your computer. In the wrong hands, your mobile phone could give the wrong person access to your accounts and ultimately your money. Keeping your phone updated and secure is the first step towards real mobile security.

• Lock your phone when not in use. Password-protect your device so that nobody else can use it or view the information. Also be sure to store your device in a safe location.
• Call us on 600 575 556, if you have lost your phone and we will disable your mobile banking user ID and password temporarily. In case you have changed your mobile phone number, please let us know and we will update your contact details.
• Clear mobile frequently by deleting text messages from financial institutions, especially before sharing, discarding or selling your device.
• Never disclose via text message any personal information (account numbers, passwords, or other personal information) that could be used for ID theft.
• Always download apps from trusted sources.
• Keep your phone's Operating System (OS) and apps updated.
• Do not store passwords or accounts numbers on your mobile phone.
• Limit the amount of personal details or contact information that you store in your phone, as criminals may be able to retrieve them if you happen to lose your phone.
• Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone.
• For iPhone users, never jail-break or crack the device. Activate encrypted backup in iTunes, and turn on the passcode lock for the phone.
• For Android users, never root or crack the device.
• Never use any proxy or VPN software paid/free while accessing your mobile banking and online banking.

SIM swap fraud

Under SIM swap fraud, fraudsters manage to get a new SIM card issued against your registered mobile number through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank accounts.

How do fraudsters operate?

Step 1 : Fraudsters gather customer's personal information through Phishing, Vishing, Smishing or any other means.

Step 2 : They then approach the mobile operator and get the SIM blocked. After this they visit the mobile operator's retail outlet with the fake ID proof, posing as the customer.

Step 3 : The mobile operator deactivates the genuine SIM card and issues a new one to the fraudster.

Step 4 : Fraudster then generates One Time Password (OTP) required to facilitate transaction, using the stolen banking information. This OTP is received on the new SIM held by the fraudster.

How to protect yourself from fraud:

• If your mobile number has stopped working for a longer than usual period, enquire with your mobile operator to make sure you haven't fallen victim to the scam.
• Register for SMS and any other alert mechanism available to stay informed about the activities in your bank account.
• Regularly check your bank statements and transaction history for any irregularities.

Preventing card fraud

Credit card security

We monitor your account 24/7 for any suspicious or out of the ordinary activity and will contact you straight away if we notice anything unusual. If your card is lost or stolen or you notice any unusual transactions on your account, make sure you contact us immediately on 600 575 556.

What to look out for

There are various frauds linked to stealing your money and credit card details for unauthorized purchases:

• Card not present fraud - Fraudsters may access your credit card details from old receipts to purchase high value items on the internet or phone where the retailer does not need to see the card to authorize the purchase, for example: card not present.
• Cash machine (ATM) fraud - Devices are planted in cash machines by fraudsters in order to skim the card details and use them for unauthorized purchases at a later date. The fraudster may also be watching at the cash machine to steal your card and PIN.
• Counterfeit fraud - Counterfeit is a term used to describe the manufacture of a credit card so it looks like a genuine card. Genuine credit cards are then “skimmed” and the details duplicated onto the counterfeit card via the magnetic strip.
• Mail not received fraud - Cards are stolen in the post before the cardholder receives them and used for fraudulent purchases.

How we protect you

Keeping your financial and personal information secure is our highest priority. We use the most sophisticated levels of technology and processes to protect your privacy and security and prevent fraudulent transactions on your credit card.

Verified by Visa and MasterCard SecureCode

What is 3D Secure Authentication?

• MasterCard SecureCode™ and Verified by Visa™ (also known as 3D Secure Authentication) are the leading security systems for authenticating credit card transactions online, so you can feel confident when using your credit card for purchases over the internet.

How does 3D Secure Authentication work?

• 3D Secure Authentication protection is provided automatically with your credit card with no need to register or create a password to benefit from this added layer of security. The majority of online transactions will be automatically processed, however from time to time you may be prompted for additional information linked to your account to authorize the purchase.

Why do I need 3D Secure Authentication protection?

• Your account information will be protected when you use your card for purchases online, so you can shop quickly and conveniently without compromising your security.

Zero fraud liability

If your CBD card is used without your knowledge or consent, you will not be liable for fraudulent use. So it is important you contact us immediately if you think your card has been lost or stolen, or if you notice any unusual transactions on your account.

Important tips when using your card:

• Sign your card as soon as you receive it
• Review your account statements on a timely basis
• When shopping online, only place orders with your card on a secure website
• Don't send emails that quote your card number and expiry date
• Ensure that you get your own card back after every purchase
• Never write down your PIN or disclose it to anyone
• Report lost and stolen cards immediately
• Destroy your credit card receipts before discarding it
• Never let the card out of your sight.

Get a new card:

• If you lose your card or if it is stolen then call us straight away on 600 575 556 —remember to keep this number safe or save it in your mobile phone for future reference.
• If delivery of a new card seems slow, query it with your bank immediately.
• Destroy old cards by cutting through the magnetic strip.
• Make sure your post is secure and that you know when to expect your credit cards if you have ordered new ones. If you don't receive your statement or card, or your mail appears to have been tampered with, please call CBD immediately on 600 575 556.

Card Verification Code (CVC):

• The CVC code is a unique feature of Visa and MasterCard cards and an added layer of security. It includes a 3 digit number on the back of your card (usually on the signature strip).

ATM security tips

Shoulder surfing card and PIN safety

What is it?
Criminals distract you while you are entering your personal identification number (PIN), with the pretense of either wanting to assist client as the ATM is not working correctly or leaving a slip. They then swap your card. This is done so quickly that very often you are unaware that you no longer have your own card. The customer then assumes that the ATM has retain the card.

What can happen?

• Once they see your PIN number they might attempt to steal your card from you in order to access your account.

What can I do?

• Stay alert at all times when using ATMs.
• Always cover the PIN pad before entering your PIN.
• Ensure that no strangers are around or interrupting your time with the ATM or Point of Sale device.
• Do now allow your card to be out of sight at any time.
• Use your trusted sites or sites that are highly secured.
• Read the ATM screen before attempting a transaction.
• Do not continue with the transaction if you suspect something is wrong.
• Lastly call our call center immediately if you suspect any type of fraud, or card or ATM tampering.

  You should always be aware of the security when using an ATM and should always follow these general tips to ensure your personal information is kept safe.

Here are some of the ways by which you can protect yourself every time you use your ATM:

• Never disclose your Personal Identification Number (PIN) to anyone.
• Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
• Never use an ATM with a blank screen.
• Do not force your card into the card slot.
• Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
• Keep your hand over the card slot to make sure nobody can swap or take your card.
• Only put in your PIN when the ATM tells you to do so.
• Avoid drawing cash late at night or when you are alone.
• Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
• Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
• If the ATM retains your card, cancel it immediately.
• Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
• Always check that it is your card you get back from the ATM.
• Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
• When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
• Report lost or stolen cheques, ATM cards, or credit cards as soon as you discover they are missing.

How to report a suspicious activity

Take control of your security

Remember: we will never request your password, account or confidential information over the phone, via email, SMS or social media. We will also never direct you to a site to input your username and password. Your password and PIN are private to you – never reveal them to anyone.

If you think you may have disclosed your account details to a suspicious party, contact us immediately by calling 600 575 556 or email to whistleblower@cbd.ae