Every day millions of us put our personal information on the web – whether it is through internet banking, shopping or social networking sites.
Even to buy a book, search for a job or apply for credit we have to register our names and e-mail addresses online.
Dubai Police statistics reveal internet business was worth Dh73 billion in 2007, with 100 victims of cyber crime in the first half of last year – 30 more than in the same period in 2006. “Cyber crime and security are a problem in the UAE and a number of cases relating to fraud and identity theft have been passed to public prosecution and are awaiting trial,” says Captain Rashid Lootah, head of electronic forensics at Dubai Police.
A recent report by security software specialists McAfee also revealed a rise in international cyber spying in the last year and predicted it will continue in 2008, with more and more hackers logging on to find personal details.
In December two lost CDs, containing banking details of 25 million Britons, went missing from HM Revenue and Customs and analysts are predicting such information could fetch up to millions of pounds if it falls into the hands of hackers.
Hacking sites act as online bazaars for stolen personal information. They are well-run, hierarchical groups structured like businesses. McAfee says that although it is not a huge problem in the UAE, the worldwide web has no boundaries and therefore personal information can be obtained from anyone.
“When we talk about computer crime the term globalisation definitely applies. There is no such thing as local cyber crime, it’s a global danger so anyone, anywhere in the world who uses a computer is at risk of hackers,” says Asem Galal, the General Manager of McAfee in the Middle East.
“Our research also shows the profile of a hacker has changed since the 1980s. Then it was mainly teenagers trying to prove their existence and show off, but today it’s more organised criminals, who are trying to steal information to make a profit.”
Katey Askey, 29, a British marketing manager who has lived in Dubai for a year, was shocked to hear her bank account card had been copied and used in Poland, when she was on holiday in London.
She recalls: “I was on a week-long break in London and although I still live in Dubai I keep my UK bank card for use when I go back. I received a telephone call from HSBC, who said they were checking fraudulent behaviour on my card. Someone had copied it when I used an ATM, then remade the card to access £200 (Dh1,440) from my current account.
“I was amazed to hear what lengths these people will go to access money. Luckily the bank was vigilant and informed me of the fraud. But since then I have been very careful when I use an ATM and always check a site thoroughly before divulging personal information online.”
British sales assistant Lois Fernandes, 26, used to do her supermarket shopping online every week but is more wary of doing it after hearing about fraud cases. “Buying tickets from places such as Time Out tickets online is fine because they’ve been established for a long time and I know the brand from other countries, but I would be cautious of an online firm that I had not heard of before.”
But McAfee says many companies in the UAE do have the right technology to stop fraud. The firm also recommends logging onto its site www.siteadvisor.com before giving details online because it lists all the sites to be wary of.
“Total protection does not exist because there is always the possibility of someone breaking through a system but companies who have a website and use online transactions require an extra layer of protection and there is a minimum of what they should have. However, there are no regulations concerning security in the UAE – tighter regulations and stricter checking is needed,” says Galal.
Online banking is a convenient and popular way for people to handle their finances. Yet with such sensitive information being transferred every day, web surfers must be able to trust their personal details will stay private. Emile Abu-Shakra, Lloyds TSB spokesman, says a new device it is working with will help stop fraudulent behaviour.
“We’re currently piloting a two-factor technology where people have a key chain device that shows a password for a couple of seconds then it disappears. Therefore even if a fraudster looks over your shoulder, by the time they get to another computer the password will not be valid,” he says.
Tim Pie, a HSBC spokesman also says the bank has “robust systems in place to deal with fraud”. But what should you do if you are a victim of the crime? Mohammed Al Roken, professor of law at Al Ain University, says your first step should be to call the bank, who may advise you to cancel your card.
“You then have to take the evidence of the fraud – a statement or a letter from the bank and file a report to the police who have a special fraud division to deal with such cases.”
Al Roken adds:“Once you report it the police will find out where the crime occurred and once they have found the perpetrator, the case will go to the public prosecution.”
However, it is up to the bank whether or not to pay you your money back.
One of the easiest ways to ensure a website is secure is to check for the closed padlock in the bottom right-hand corner. Sites with this feature encrypt your details as soon as the page has been sent, so criminals cannot assess your information. The three-digit security code on the back of credit cards is often used as a final validation of the owner, but Al Zollar, the General Manager of Tivoli Software at IBM, says being vigilant about your cards is not the only thing to think about.
“There is a whole range of information you have to be careful about giving out, including your personal details and account numbers, which you should only provide to trusted institutions,” he says.
“In this day and age not using the internet is unavoidable, so have a credit card with a bank that monitors transactions and keeps an eye on every site you input your details on. If you suspect anything, report it,” he adds.
It is difficult to know just how confidential the information you provide is, but as Al Zollar says the only way to be fully confident is to stick to reputable sites.
- Ensure the web page starts with https://, this indicates the site is secure
- Do not give out any passwords hackers can use to access your details online
- Do not reply to unsolicited e-mails asking for your personal details
- Do not give out the three-digit security number on the back of your credit card if there is no closed padlock
- Do not judge a company by its website, no matter how flashy it is or how professional it looks
- Check the authenticity of a website by looking it up on the Federal Authority Services website