A landmark judgement ordering a UAE-based bank to pay Dh5m to a customer swindled out of his life savings in a Sim card swap scam, was upheld by Dubai Appeal Court.

Last October, Dubai Commercial Court had found the local bank responsible for the victim's personal details being leaked and his money being stolen.

Ghassan El Daye, Partner and head of litigation Middle East with the UK-based law firm Charles Russell Speechlys (CRS) who is representing the victim, said the case dates back to 2017 when his client who once lived and worked in the UAE, was unable to withdraw cash due to insufficient funds.

“Our client had come back in a visit to the UAE in May 2017 to discover his account was empty,” said El Daye.

At the bank, the man was informed his account had been closed and was advised by bank employees to file a criminal case.

“But pursuing a civil claim against the bank to win his money back was a recommendation from our CRS team including myself,” said El Daye.

Despite the bank’s argument insisting on the issue being the account holder’s responsibility since he possessed the original SIM card and PIN number, and had failed to object to the transactions within 30 days from reviewing his account statement, the court ruled in the man’s favour.

After being ordered to pay it’s client Dh4,677,596 which includes his money and an additional Dh100,000 in compensation with a 9% interest to be paid from the date the case was lodged, the bank appealed the verdict.

Appeal court judges appointed banking and technical experts to look into the responsibility of the bank in terms of negligence, lack of supervision and control that led to the account being breached.

“The experts’ report held the bank responsible for our client’s financial loss due to a lack of technical protection of his confidential data and that of safe electronic procedures and investigations at the bank,” said El Daye.

“It also indicated a clear technical failure at the bank by issuing and delivering a credit card to a client who is actually outside the country, in addition to the lack of strong procedures to prevent the breach from happening,” added El Daye.

The report said that a double-factor authentication system at the bank to control who among its employees is allowed access to clients’ accounts and confidential data, did not exist.

It also said the absence of an alarming system that monitors suspicious transactions from accounts especially inactive ones, contributed that the man’s money is stolen through a number of cash withdrawals, 15 online transfers, six transfers from his account to another bank account in the UAE, and purchases via the victim’s credit card.

“The report’s findings came in favour of our legal team’s argument regarding our client’s confidential data including his official documents and contact numbers, being illegally divulged to others by an employee of the bank,"

“This case set a precedence in the country, as it holds a financial institution liable for a fraud case involving a replacement SIM card, which is now an important element of banking operations in the country and the world,” El Daye said.

This first of its kind judgement in the UAE highlights the need for applying tighter security measures at banks and service providers, carrying out continuous monitoring and regular updating of PIN numbers, and conducting higher standards of background checks on employees, El Daye pointed out. 

Source: Elite Media