I saw something scary in the Gulf News today: Duo bought 14 phones in UAE with someone else's credit card, which they made from a lost Emirates ID.
For readers who are unfamiliar with an Emirates ID card, this is supposed to be a very secure identification card issued by Emirates Identity Authority (EIDA) and has to be used by all citizens and expats in the UAE. The reports states that a British man lost his Emirates ID card in 2010 and had a replacement issued by EIDA who supposedly told him there was no need to report the lost card to the police.
So using an inactive Emirates ID card, two men who may have found it used it to obtain a credit card and then maxed that card. So far - so good. But what is most puzzling and hasn't been asked is how the bank issued a credit card based on an inactive Emirates ID card. More questions than answers, surely. Doesn't the bank do a proper verification? I wish Gulf News had done a more thorough investigation and asked the bank why they allowed a credit card to be issued with just one document? Another question: Shouldn't the bank have access to the EIDA database, so that an inactive card pops up on verification?
The case is in court, so hopefully the judge or someone may ask the right questions and pull up the bank too for their negligence. But still this is a warning for us to be careful with our IDs, since this case shows our banks can't be too bothered. Hopefully EIDA is working with banks on a more secure verification especially for inactive cards.
For readers who are unfamiliar with an Emirates ID card, this is supposed to be a very secure identification card issued by Emirates Identity Authority (EIDA) and has to be used by all citizens and expats in the UAE. The reports states that a British man lost his Emirates ID card in 2010 and had a replacement issued by EIDA who supposedly told him there was no need to report the lost card to the police.
So using an inactive Emirates ID card, two men who may have found it used it to obtain a credit card and then maxed that card. So far - so good. But what is most puzzling and hasn't been asked is how the bank issued a credit card based on an inactive Emirates ID card. More questions than answers, surely. Doesn't the bank do a proper verification? I wish Gulf News had done a more thorough investigation and asked the bank why they allowed a credit card to be issued with just one document? Another question: Shouldn't the bank have access to the EIDA database, so that an inactive card pops up on verification?
The case is in court, so hopefully the judge or someone may ask the right questions and pull up the bank too for their negligence. But still this is a warning for us to be careful with our IDs, since this case shows our banks can't be too bothered. Hopefully EIDA is working with banks on a more secure verification especially for inactive cards.
Thank you for taking the time to investigate in this case.
ReplyDeleteThe Emirates ID card is the most secure identification card used by all citizens and residents in the UAE, and we've always been using the most recent security standards to maintain a high security level of our customers' personal information. In fact, we received the ISO 27001 Certificate for Information Security Management System, alongside two other ISO certificates issued by the British Standards Institution.
About reporting a lost/stolen ID card to the police, that is unnecessary as once any customer reports their lost/stolen card at any of our service centers, the ID card is immediately deactivated in our database and becomes inactive and cannot be used to complete any transaction.
Now regarding the verification, Emirates Identity Authority allows all institutions from the public and private sectors in the UAE to obtain a smart card reader device and software integrated with our database in order to handle the ID card easily and conveniently by reading the content -we grant access to- of the electronic chip in few seconds, where institutes can view name, ID card number, personal picture as well as the digital signature, and of course it displays whether an ID card is deactivated or not.
Another verification method available is that any institute from the public or private sector can request an identity verification via our online validation gateway, and we reply with the requested verification details. And of course there's always the passport that can be asked to be presented as an official authentication document.
In conclusion, the Emirates Identity Authority follows extremely high security measures on its ID cards that cannot be easily infringed if implemented correctly by all involved parties.
Thank you EIDA for addressing my concerns and for all the safeguards that are in place from your end. Now it seems that banks in the UAE need to cooperate with you and ensure they use your verification gateway. I hope Gulf News will tell us which bank had the audacity/was so careless as to issue a credit card based on an invalid Emirates ID card.
Delete