Dubai — Some banks in the UAE have slashed the daily cash withdrawal limit of ATM users by almost half after hackers, who police said were from Russia and Ukraine, used counterfeit bank and credit cards to steal funds from customer accounts.

Some banks even blocked international use of ATM cards as a preventive measure while HSBC Bank temporarily reduced the daily withdrawal limit to Dh6,000 for premier card members and Dh4,000 for others as part of measures to contain the damage.

As thousands of customers thronged ATM machines to change their card PINs (personal identification number) over the past three days, most banks in the UAE said they would continue the state of alert against the fraud, but refused to disclose the size of the money stolen or how many accounts were skimmed.

An initial investigation by banks indicated that cash machines were rigged with devices that stole customers’ PINs as they made withdrawals. Jonathan Campbell James, regional head of security and fraud risk, HSBC Middle East, said his bank did not implement a general blocking of overseas transactions as its customers expected to have access to their accounts wherever they travel.“But when we detect a series of fraudulent transactions coming from a particular geography, we may temporarily restrict access,” he said in a statement emailed to Khaleej Times.

Speaking to Khaleej Times, Major-General Khamis Matar Al Mazeina, Deputy Commander-in-Chief of Dubai Police, said the hackers are from Russia

and Ukraine. Banking sources, however, said the hackers were part of an international network, with most of the fraudulent transactions originating from more than 20 countries outside the UAE.

Al Mazeina said the police were trying to find out the methods used by the gang to steal from bank accounts. “We want to find out whether the breach occurred when customers used their cards to buy on-line or when they used their cards within the UAE and certain other countries.”

He said police still did not have any clue about the number of people and banks hit by the fraud or the total amount stolen by the gang.

“We are in touch with credit card companies, banks and fraud victims although we have not received any complaint so far.” He said the police would meet concerned authorities to probe into the matter and find measures to protect credit card users.

Banks said only ATM debit cards have been counterfeited. “The attack is more sophisticated than that are 
routinely experienced, and has come from multiple countries,” Campbell James said.

Most banks continued to encourage customers to change their PIN numbers. “Because a large number of customers have already done so, a significant number of attempts by fraudsters to steal from customers’ accounts have been frustrated,” the bank official said. “HSBC and several banks in the UAE have identified fraud that appears to result from the compromise of ATM information from another bank.

This information has been used to produce counterfeit cards that have been used internationally.”

The bank official said if a customer’s card had been copied and used to steal money, the bank would contact the customer, advise them what had been done, organise a refund and issue a new card free of charge.

“Our special accelerated procedure for refunding UAE customers affected by this particular fraudulent attack is working well. A substantial number of customers have already received their refunds and the process of issuing free replacements for cards which have been compromised is on track.”

HSBC, Citibank, Lloyds TSB, 
National Bank of Abu Dhabi and Emirates NBD have cautioned customers to be extra vigilant when using ATMs by protecting their PIN numbers and contacting the relevant bank should anything appear unusual at an ATM machine