Cybercrime or hacking of e-payment transaction applications or websites is unlawful and attracts imprisonment and/or stiff penalties for anyone or a group involved in such acts. This is under Article 15 of the Federal Decree-Law No. 34 of 2021 on the prevention and combating of rumors and cybercrimes involving hacking of e-payment instruments, which provides that:
“Any person who forges, clones or duplicates any credit card, debit card or any form of electronic payments, or captures data or information using any of these ITE ISs shall be proceeded against under section 418 of the NCA and be liable to imprisonment and or a fine exceeding Dh200,000 up to Dh2, 000,000.”
The same penalties shall be imposed on whoever: The same penalties shall be imposed on whoever:
- Develop or produces any ITE or software to enable any of the acts mentioned in Para. (I) of this Article.
- Makes use without authorization of credit, electronic, debit card or any other means of electronic payment or any of its data or information with the purpose of obtaining for himself or for other persons funds and other properties belonging to other persons, or of availing himself through the services which the mentioned cards or instruments offer third persons.
- Uses these forged, fake or copied cards or e-payment instruments or data which they have seized or obtained in an illegitimate way despite the fact that they know that these are unlawful. ”
Moreover, the financial institutions in the UAE are supposed to educate customers and the public on financial crimes. This obligation is under Clause 6.2.2.6 of the Consumer Protection Regulation issued by the Center Bank of UAE through circular no 8/2020 to all the licensed financial institutions in the country directing that licensed financial institutions must be ready to prove that they have embarked on consumer awareness programs regarding the necessity to protect themselves from financial crime.
The financial institution under clause 6. 2. 2. 5 of the Consumer Protection Regulations of Financial Institutions must make it a policy to ensure that current security measures are in place and be able to update their cyber security measures as and when required. This allows for covering new threats that the previous approaches did not consider.
“Security and protection policies and procedures of Licensed Financial Institutions have to be adequate, modern, capable of developing and implementing new strategies, techniques, norms, standards or processes as pertains to cyber security .”
Further, because of the emergence of the phenomenon of financial crimes, financial institutions may be compelled to indemnify the customers in case of any loss resulting from the financial crimes.
Still, there is a provision to avoid paying compensation for financial loss for financial crimes where gross negligence or fraudulent acts of customers have taken place.
So, it is by Clause 6. 2. 2. 4 of the Consumer Protection Regulations of Financial Institutions in the following terms “Licensed Financial Institutions shall ensure that consumers are compensated for financial loss and expenses a timely manner for financial crimes, misappropriation, cyber-attacks and misuse of assets and information unless the loss was on account of gross negligence or fraudulent conduct by the Consumers. “
Based on the above-mentioned provisions of law and if you have been careful with entering your card details on any website, the bank may be held liable to compensate its consumers for losses and expenses caused by financial crimes, cyberattacks, or misuse of assets and information, unless the loss is due to the consumer’s gross negligence or fraud.
If you are sure that you did not engage with any duplicitous sites and can also provide proof that the said loss was not due to your negligence, the bank may be liable to compensate you for the loss. You may file a formal complaint with your bank, which may then investigate the financial crime.
Furthermore, you may have to file a police report and provide transaction details and evidence. If you are not satisfied with the bank’s resolution, you can escalate your complaint to the Central Bank of UAE.