x Abu Dhabi, UAETuesday 25 July 2017

Police, crooks in an arms race on cyber-crime

In the hectic "arms race" between credit card companies and cyber-criminals, $42 million is small change – but a warning of what could happen next.

The world's digital economy keeps growing. From your credit-card spree at the mall to the "interbank offered rates" that keep global banks liquid, transactions are becoming steadily faster and easier, thanks to computers. Everyone benefits.

Unfortunately, however, "everyone" includes criminals. Inventing new cybercrimes with frightening speed, they too are reaping the benefits of information technology. In the hectic "arms race" to protect the vast currents of digital wealth, unpleasant surprises do happen, as RAKBank and BankMuscat can testify.

Last week we learnt that in December and February the two were hit by a sophisticated worldwide scam that cost them $45 million (Dh165 mn). Crooks hacked into the computers of banks or payment-processing firms, stole account numbers and personal identification numbers (PINs) for existing prepaid debit cards, removed withdrawal limits on the cards, and sent the numbers to accomplices worldwide, who created fake "clone" cards and withdrew cash in 26 countries, simultaneously.

Seven people have been arrested, but their fleeting success will inspire others. This was a well-planned high-tech global crime; the days when bank robbers used dynamite or masks now seem quaintly antiquated.

In high finance, $45 million is sofa-cushion change, but the next raid could well be worse. So banks everywhere, along with credit-card companies and payment processors, are all scrambling to improve security.

In the UAE, there is already a clamour, as The National reported yesterday, for a quick move to chip-and-pin credit and debit cards.

With them, a criminal must clone the embedded computer chip, a bigger job than copying the old-style magnetic strip. Chip-and-pin technology is almost a decade old in Europe but lags in the US - and in this region. Unfortunately local banks postponed introducing the system at the end of 2012. Speedy conversion now seems only prudent.

Also, banks and payment processors alike must be ceaselessly vigilant. One useful step would be conversion to modern automatic teller machines with biosensing capabilities. The ability to measure a user's voice or fingerprint would have made this kind of caper impossible.

As a Visa official told The National, there is also a need for real-time monitoring software to detect unusual developments that may be fraudulent.

RAKBank and BankMuscat say their customers are shielded from loss, but the banks and processing companies may face a long squabble over who should pay. That too will stimulate all the legitimate players to toughen up controls.

The arms race continues.