UAE bank to pay Dh9.5 million to a customer after sim card swap scam

A UAE-based bank will have to pay Dh9.5 million to a customer who was cheated out of his money in a SIM card swap scam, the Dubai Court of Cassation ruled.

In February, the verdict overlooked an initial judgment by the Dubai Commercial Court of First Instance in May 2021, which discovered the bank and a local telecommunication company together and collectively responsible for the fraud.

In April 2015, the victim of the scam (a customer of the bank), whose personal details were not disclosed, gave his brother a power of attorney to manage all bank payments on his behalf.

In October 2018, the customer’s brother got to know that Dh9.5 million were transferred from the account within the last 32 days between August and September of 2018. The customer nor his brother were being informed of these payments. 

Ghassan El Daye, Partner and Head of Litigation Middle East at Charles Russell Speechlys, who represented the telecommunications service provider, “The payment was taken out on 49 different transactions using the phone banking app and digital services, leaving only Dh36 in the bank account.”

The customer further noticed that his mobile phone service was also suspended during the same month. 

After that, the investigations indicated that fraudsters had presented a replacement SIM card request to the telecommunication company of the victim’s mobile number that was recorded with the bank.

The final judgement found the bank guilty after the communication service provider demanded the initial ruling.

In the telecommunication company’s defence, El Daye mentioned Article 284 of the UAE Federal Civil Transactions Code to persuade the court to accept that the telecommunications company was not responsible for the scam by swapping the sim card. 

If any fault happens, the labiality of the bank from where the money was robbed replaces the liability of the telecommunication service provider.

According to Article 284, if the damage is both immediate and consequential, the rules connecting to direct harm shall apply.

In its verdict, the Court of Cassation said the transactions would not have occurred if the client’s personal details were not leaked.

“Being under the golden category which deals with accounts with big sums of money, the customer’s account should have been inactive after no payments were made on it for 28 consecutive months,” the ruling read.

The final ruling also said the bank was liable for the customer’s economic loss after it failed to use a robust authentication system.

SIM swap fraud:- 

It is a type of an account takeover in which fraudsters collect personal details to get a new SIM card administered in the customer’s name.

The scammer will get all the personal data they require, including OTPs, to conduct fraudulent dealings from the customer’s bank accounts using the SIM card.