Ramadan, a time of spiritual reflection and devotion, also brought about a significant increase in eCommerce activities. In the Kingdom of Saudi Arabia, regional spending exceeded $16 billion! However, this surge in online transactions inadvertently provided a fertile ground for fraudulent activities, exposing vulnerabilities within the financial ecosystem with losses being estimated between $70 and $100 million.
The most vulnerable groups have been the elderly and women. A Saudi news report estimated that female victims lost approximately SR1 billion ($267 million) in 2022 alone due to online fraud.
Types of Fraud on the Rise in MENA
1. Identity Theft/Account takeover
Instances of identity theft and phone thefts surged during Ramadan, posing significant risks to individuals' financial security. Thieves target smartphones to gain access to personal data stored within. Additionally, stolen identities are often exploited to commit financial crimes, highlighting the need for robust identity verification measures.
For example, certain financial institutions in the MENA region lack basic biometric verification like fingerprint authentication and only rely on a code sent to the phone. A stolen phone can easily be used to bypass these basic security protections.
At Bureau, we implement a multi-layered security approach that includes One-Tap-Login, user education, device intelligence, account monitoring, fraud detection software, and data encryption to prevent such account takeovers or identity thefts. See our range of solutions here.
2. Criminal SEO/Fake Websites
Fraudulent websites and malicious SEO tactics were on the rise during Ramadan, deceiving consumers into visiting counterfeit online stores or downloading malware-infected applications.
These fake websites often mimic legitimate eCommerce platforms, luring unsuspecting shoppers with attractive deals or counterfeit products. Criminals utilize black hat SEO techniques to manipulate search engine rankings, ensuring that their fraudulent websites appear prominently in search results.
The most common attempts at these fraud tactics were seen when pilgrims and visitors to the Two Holy Mosques in Saudi Arabia were targeted through fake websites that offered hotel bookings, transportation, etc. Gig workers and domestic laborers have also fallen prey to these fake websites that offer jobs during the holy season.
3. Smishing/Phishing
During Ramadan, there was a notable uptick in smishing and phishing attempts targeting unsuspecting consumers. Some recent examples of these social engineering fraud techniques (prevalent globally, but seeing a spike in the Middle East) were:
A. Impersonating regional logistics and postal providers (Aramex, SMSA Express, SPL). Fraudsters call victims with easily obtained Saudi SIM cards and urge them to make immediate payments citing issues like pending delivery, contraband found, etc.
B. Victims often fall prey to phishing attempts where they disclose their sensitive data such as passwords, credit card details, or personal identification numbers on hyperlinks attached to fake SMSes or WhatsApp messages. The alarming part is that a lot of these bad agents already seem to have details like their addresses which indicate third-party data breaches.
Kingdom of Saudi Arabia’s initiatives to combat fraud
SAMA, the country’s central bank, launched a comprehensive Cybersecurity framework in 2017 to strengthen the country’s defenses against financial fraud and crimes. Its member organizations span institutions like banks, insurance companies, financing companies, credit bureaus, and the financial market infrastructure. The framework mandates certain practices that these institutions must adopt to increase their resilience and protect their most sensitive and vital information assets.
Read our analysis of the SAMA mandate here.
Bureau’s commitment to fraud prevention in the KSA
Bureau a global identity verification and fraud prevention company works with banks and enterprises across the US, India, Middle East, South East Asia to prevent financial fraud. The solution falls in line with Saudi Arabia's SAMA CFF framework.
The solution is deployed in Saudi Arabia, thus working under the data residency guidelines.
Bureau provides enterprise fraud risk management including transaction screening (AML and PEP screening) and transaction monitoring. This coupled with device intelligence and behavioral biometrics prevents new-age frauds like account takeover, phishing, money mules and so on.