This morning’s phone call couldn’t have come at a better time. HSBC rang to offer me Dh20,000 paid straight into my current account, to be charged to my credit card at a very low rate. Perfect to pay off that overdraft back in the UK, I thought.
The offer was open to “only a few valued customers”, and the money would be paid into my account within five days. Goodness: a boost for both my bank balance, and my ego.
All I had to do was provide my credit card and bank account numbers over the phone immediately, as the offer would close in the next 30 minutes, and I couldn’t call them back because they had an “automatic dialer”.
Alarm bells started ringing. Was this really my bank?
And so I called HSBC’s press relations department in Dubai, thinking that I’d been the potential victim of a scam. The bank already knows my card number, but also many other less sensitive details about me through which it could have chosen to establish my identity.
Surely, the call was bogus. If I had given my card details, the fraudster on the other end of the line would have quickly racked up an overdraft for me here, too.
It turned out that the call was genuine. It originated from HSBC’s Telemarketing Division, which has a ‘security’ policy of asking people their credit card numbers when making such calls.
So - a sigh of relief? Not really.
The trouble with phone calls such as this is that they indirectly aid potential fraudsters, for whom a common tactic is to make bogus calls claiming to be from genuine banks.
This is because such practices ingrain in the public the idea that – when called by one’s bank – it is acceptable to divulge such personal details. If huge international banks such as HSBC do this, then there is the danger of fraudsters doing the same – only with less benevolent intentions in mind.
HSBC’s policy on this in the UAE appears to differ from its standard practice internationally. On the bank’s UK website, for example, the advice section clearly states that “if you receive an unsolicited telephone call never disclose your card details.”
A spokesperson for the bank’s UAE operations says that they have a “foolproof” method of security. “The step of asking the card number is to prevent fraud. It is to ensure that we’re speaking to the valid card holder. We always confirm the last four digits of the card number [when making such calls].”
However, this misses the point. Although the call centre may be able to confirm certain personal details (which are, admittedly, not easily obtainable by a fraudster), the very fact that they are making such unsolicited calls asking for card numbers serves as a potential - though inadvertent - aid to fraudsters.
This is just one area in which banks operating in the UAE need to improve security regulations. Another point of concern is the procedure of making credit card purchases – where signatures are rarely, if ever, checked by sales staff. The ‘chip and pin’ system – under which cardholders enter a code when making purchases in person – could be an answer to this.
For the UAE is not immune to bank fraud. Last year it was reported that cases of ATM fraud are rising, and a number of scams across the UAE were uncovered by police. Online identify theft is also on the rise: Dubai Police statistics reveal that there were 100 victims of cyber crime in the first half of last year – 30 more than in the same period in 2006.
Improving regulations on unsolicited calls would certainly be a step in the right direction in preventing these figures climbing further.
And what of that other rising figure, the overdraft? To address that, I might just visit HSBC in person…
Are banks aiding the fraudsters?