Abu Dhabi resident Nadeen Awwad encountered a case of fraud involving her First Abu Dhabi Bank credit card on April 6.
Three unauthorised contactless payments totalling about Dh10,500 ($2,859) were made using her card in the span of two to three minutes.
She reported the fraud immediately to her bank and was told that these contactless transactions were being made in China.
Although the fraudsters attempted to make six transactions, the card was blocked after the third transaction.
Within the same hour that the fraud was committed, she filed a transaction dispute form and the bank said they would revert in about 120 days.
“I was worried that I’d be asked to pay this amount in my next credit card bill,” Ms Awwad says.
“A customer service agent said I could submit a chargeback request where the bank would return the amount charged on my card until the investigation is over. However, after providing my transaction dispute reference number, another call centre agent denied the bank would accept a chargeback request.”
By then, several days had passed since the fraud occurred. Later, she was told that FAB’s fraud investigation team had determined that the fraudster had hacked her online banking app and connected her credit card to their Apple Pay for the transactions.
The bank said it could not retrieve the funds due to the contactless nature of the payments, leaving Ms Awwad liable to pay the amount.
“I refused to accept this because I was not at fault and had not provided a one-time password for these transactions to go through,” she says.
“In my bank app, you can connect your card to Apple Pay without any verification. Usually, when you add a card to Apple Pay, there are three forms of verification: OTP by SMS, OTP by email or contact the bank.
“If someone logged into my app using a different device in a different country, the bank should notify you.”
Ms Awwad also noticed on her credit card statement that the amount incurred from the three fraud transactions was higher by Dh400.
The bank said it would refer her to the collections team if she refused to make the payment.
She then submitted a complaint with the Central Bank of the UAE and lodged an online report with the police.
A day before the fraud, she recalls receiving two messages listing her Apple Pay activation OTP. However, she ignored these messages since her credit card had already been connected to Apple Pay.
First Abu Dhabi Bank did not respond to questions until the time of publication.
The rise of fraud incidents involving contactless payments raises questions about consumer protection and security measures put in place by banks.
The UAE’s status as a regional business centre with a high concentration of wealth makes it a target of cyber criminals, according to personal finance experts.
Fraudsters are drawn to the Emirates due to its affluent population, high internet penetration rate and the perception that consumers may be less cautious when conducting online transactions, says Carol Glynn, founder of Conscious Finance Coaching.
Internet penetration in the UAE stands at more than 96 per cent, making it one of the world's highest, she says.
