Question: My credit card was recently used for unauthorised purchases, and I had it blocked. I spoked with my bank, however, they suggested that I might have entered my card details on a fraudulent website. I’m always careful when it comes to entering my card details on websites. My question is: Is the bank liable to return the money I lost? Especially since the loss wasn’t due to any negligence on my part.
Answer: Hacking e-payment transaction apps or websites is a criminal offence and can result in imprisonment and/or huge fines for an individual or groups involved in such activities. This is in accordance with Article 15 of the Federal Decree Law No. 34 of 2021 on Countering Rumours and Cybercrimes Related to Hacking E-Payment Instruments, which states,
Stay up to date with the latest news. Follow KT on WhatsApp Channels.
“Whoever forges, clones or copies any credit card, debit card, or any e-payment, or captures its data or information using any of the ITE ISs shall be punished with imprisonment and/or a fine of not less than Dh200,000, or more than Dh2 million.”
The same penalties shall be imposed on whoever:
1. Makes or designs any ITE or software with the intention of facilitating any of the acts stipulated in Para. (I) of this Article.
2. Uses without authorisation any credit, electronic, or debit card or any other e-payment instrument, or any of its data or information with the intention of obtaining for himself or third parties any funds or properties of others, or to utilise the services made available to third parties by these cards or instruments.
3. Accepts using these forged, fake, or copied cards or e-payment instruments or data seized or obtained illegally despite being aware of their illegality.”
Furthermore, the financial institutions in the UAE are obligated to educate their customers and the the public about financial crimes. This obligation is under Clause 6.2.2.6 of the Consumer Protection Regulation issued by the Central Bank of UAE through its Circular No. 8 of 2020 to all licensed Financial Institutions in the UAE, which states, “Licensed Financial institutions must demonstrate they have carried out sufficient consumer awareness activities related to educating consumers of the need to protect themselves from financial crime.”
The financial institution in accordance with clause 6.2.2.5 of Consumer Protection Regulations of Financial Institutions must maintain up-to-date security systems and be prepared to implement new cyber security strategies as needed. This ensures they can effectively protect against evolving threats. “Licensed Financial Institutions must ensure their security and protection systems are updated and have the capacity to develop and adopt new approaches to cyber security as required.”
In addition, financial institutions may have to compensate their customers in case of any financial loss to the customers due to financial crimes. However, financial institutions are not liable to pay compensation for financial loss arising out of financial crimes if it is due to gross negligence or fraudulent behaviour of the customers. This is in accordance with Clause 6.2.2.4 of the Consumer Protection Regulations of Financial Institutions, which states, “Licensed Financial Institutions must compensate consumers in a timely manner for financial losses and expenses resulting from financial crimes, misappropriation, cyberattacks and misuse of assets and information unless it can be proven that the loss was due to the gross negligence or fraudulent behaviour of the Consumers.”
Based on the aforementioned provisions of law and your statement that you have been careful with entering your card details on any website, the bank may be held liable to compensate its consumers for losses and expenses caused by financial crimes, cyberattacks, or misuse of assets and information, unless the loss is due to the consumer’s own gross negligence or fraud.
If you are sure that you did not engage with any fraudulent sites and can also provide proof that the said loss was not due to your negligence, the bank may be liable to compensate you for the loss. You may file a formal complaint with your bank, which may then conduct an investigation into the financial crime. Furthermore, you may have to file a police report and provide transaction details and evidence. If you are not satisfied with the bank’s resolution, you can escalate your complaint to the Central Bank of UAE.
Ashish Mehta is the founder and Managing Partner of Ashish Mehta & Associates. He is qualified to practise law in Dubai, the United Kingdom and India. Full details of his firm on: www.amalawyers.com. Readers may e-mail their questions to: [email protected] or send them to Legal View, Khaleej Times, PO Box 11243, Dubai.