September 25, 2008
Recently, the UAE has been hit by a wave of card fraud, which is not surprising since the region is attracting new people and getting richer. More money means a more attractive place for fraudsters. Because the Middle East is a young, booming marketplace, many people see it as an "unprotected" place for payment systems. Fraud is possible when malicious individuals can access sensitive credit card information either directly from the systems holding that data or while it is in transit on networks. This has recently happened within the UAE, where it is believed fraudsters managed to obtain this sensitive card information from systems within the UAE and use the data in the U.S.
Credit cards still have a magnetic strip on the back, which provides essential card information. But this strip can be read by easily available magnetic card readers, so the cards can be copied and used in both Point of Sales (POS) terminals at shops, as well as ATMs.
There is an even simpler method to access the information, however. Each time a payment occurs at a merchant store, two card receipts are printed. One is for the client, and the other is kept by merchants. These receipts contain useful information, such as card number, expiration date, and account number, that can be used to commit fraud.
To prevent these problems, the card payment industry is defining minimum security standards for merchants—in a standard called the Payment Card Industry Data Security Standard (PCI-DSS). This standard requires payment acquiring processors, merchants, and other card payment service providers to follow many rules to prevent this type of fraud.
Simple advice for cardholders:
For more information about this subject, see the following resources: