Skip To The Main Content

Commercial Bank of Dubai

Security


How we protect you

CBD continually invests in and implements the most advanced security measures to ensure all your online banking transactions with us are safe and confidential.

Some of the security features we use to safeguard your communications with CBD Online Banking are:

  • Robust firewall intrusion detection and prevention technologies to prevent unauthorised access to the Bank’s systems.
  • Security monitoring for suspicious activity.
  • 2048 - Bit data encryption to keep your sensitive information, including messages sent via Secure Email, from being accessed by any unauthorised party.
  • A time-out limit that automatically logs you off the system and ends your session. Please remember to log off completely from Online Banking if you’re not using your computer for a period of time.
  • Do not disclose your Online Banking User ID and Password to anybody; we will never ask you for this information under any circumstances.
  • Always access CBD Online Banking by typing the correct URL (https://www.cbd.ae) into your browser. Never click on a link in an email to take you to a website or enter personal sensitive details either in the email or website.
  • Ensure that the online banking address has https:// and a secure lock icon appears at the right bottom corner of the page or next to the address in the top of the webpage.
  • Do not use the “Save Password” option on your computer.
  • Change passwords frequently.
  • Do not save the internet banking webpage link or bookmark in browser favorites.
  • Do not leave your computer unlocked.
  • Stay updated on any banking transactions through your account with CBD SMS Banking.

SSL Encryption is active on the Web Server, which currently allows and supports 2048-bits encryption. Your browser will display a lock or unbroken key, indicating that you have reached the secure area.

Password and PIN security

Always be suspicious of unsolicited emails or calls asking you to disclose any personal details or card numbers. Please remember that CBD would never directly ask you to disclose your PIN or password information.

Desktop security

It is important to use up-to-date antivirus software and a personal firewall. If your computer uses a Microsoft Windows operating system, make sure it is updated via the Windows update feature - if you use a different PC operating system or an Apple Mac, please check regularly for updates. You should be especially vigilant on a public computer which may not have the necessary security measures in place.

Check your banking session is secure

When undertaking any banking action on the internet, check that the session is secure. There are two simple indicators that will tell you if your session is secure - the first is the “https://” in the URL, and the other is the presence of a digital certificate represented by a padlock or key in the bottom right corner or next to the address in the top of the webpage. Double clicking on this icon should provide you with information about the organisation with which you have entered in a secure session.

Always completely log off from your internet banking session

It is important to completely log off from your internet banking session; simply closing the window you were working in is not enough to close the banking session. If your computer is infected with any malicious software, your session may be hijacked by a criminal, and financial transactions can be performed on your behalf without your knowledge.

Do not store your username / password in the browsers

Remember to disable your auto-complete function on your browser, as this will make your Username and Password automatically available to anyone having access to your system. To turn this function off in Microsoft Internet Explorer browser, click the Tools menu, click "Internet Options", click the "Content" tab, and click the "Autocomplete" button. Then disable the "Usernames and passwords on forms".

Check your bank account / card statements regularly

This doesn't take long and it will help you spot any fraudulent transactions. If you notice something unusual or suspect that you have been a victim of fraudulent transaction or identity theft, please contact us immediately by calling the number on the back of your card or bank statement.

  • Check your last login date and time each time you login to CBD Online Banking.
  • Check your account balances and statements regularly to identify any unusual transactions or activities.
  • Check your statement online or SMS received after each transaction on your accounts.

Keep your One Time Password (OTP) secure

  • Do not allow anyone to use or tamper with your OTP security token
  • Do not reveal the OTP or OTP SMS received from the bank to anyone

Types of online threats

  • Phishing is an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to ‘verify your account’ or ‘confirm your billing information’. Ifyou reveal your password, the attacker can access and use your account .
  • Vishing is similar to phishing, but the medium used is the mobile phone. For example, an automated recording informs you that your bank account has had unusual activity and that you should call a particular number immediately. When you dial the number, you are requested to enter your account details on keypad.
  • Smishing (SMS phishing) is a type of phishing attack where you receive text messages on your mobile phone with a link to a website. As soon as you click on the link, it redirects you to a fraudulent website in an attempt to obtain your Online Banking Credentials.
  • Spoofing is the creation of email messages with a forged sender address. Fraudsters disguise the true origin of the email, making it appear as though it was sent from the bank.
  • Key-loggers can be software and hardware key loggers. They log all the keystrokes entered on a particular computer. The keystrokes are then retrieved by criminals and used for their own purposes. A software key logger, once installed on your computer, makes a copy of all your keystrokes. Details of the keystrokes are saved to a file on your computer's hard drive where they can be retrieved by the criminal. In some cases, the key logger will send the file to the criminal’s anonymous email address.
  • Malware is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems.

Identity theft

What is it?

Fraudsters attempt to steal your personal information to use for illegal purposes like opening bank account, taking out loans, running up huge debts without paying, etc.

How does it happen?
Fraudsters steal wallets and purses containing identity documents, credit and bank cards as well as mails which include bank and credit card statements. They may also rummage through your dustbins looking for documents containing personal information or intercept personal information and shared on the Internet.  Lastly, an identity thief can simply stand next to you and watch as you complete personal information on a form.

What can I do?
Steps that you can take when you have been impersonated:

  • Report the matter to the UAE Police and open a case of identity fraud.
  • Check your credit profile at the credit bureau to find out whether any credit enquiries have been done by companies whom you have not dealt with and confirm the account you have on your profile
  • Report the matter to all companies where you have been impersonated and each company needs to conduct a victim impersonation investigation.

How to secure your mobile phone

CBD Mobile Banking Apps use various security measures and data encryption to ensure your day to day banking is completely safe with a User ID/Password, PIN and security token  for high level transactions. Some of these security measures are:

  • Personalised activation/registration process with unique one time password code
  • Secure registration process using CBD Online Banking credentials
  • Multilevel checks using personal password/PIN or security token

The ability to control your beneficiaries by adding or removing utility bills, internal and external payments details through synchronisation from CBD Online Banking through receiving an OTP (one time password) notification on your mobile.

Mobile security tips

Smartphones make up an integral part of our lives these days. With mobile payments and banking becoming increasingly popular, it is important that you apply the same security measures to your mobile phone as you would to your computer. In the wrong hands, your mobile phone could give the wrong person access to your accounts and ultimately your money. Keeping your phone updated and secure is the first step towards real mobile security.

  • Lock your phone when not in use. Password-protect your device so that nobody else can use it or view the information. Also be sure to store your device in a safe location.
  • Call us on 800 CBD (223), if you have lost your phone and we will disable your mobile banking user ID and password temporarily. In case you have changed your mobile phone number, please let us know and we will update your contact details.
  • Clear mobile frequently by deleting text messages from financial institutions, especially before sharing, discarding or selling your device.
  • Never disclose via text message any personal information (account numbers, passwords, or other personal information) that could be used for ID theft.
  • Always download apps from trusted sources.
  • Keep your phone's Operating System (OS) and apps updated.
  • Do not store passwords or accounts numbers on your mobile phone.
  • Limit the amount of personal details or contact information that you store in your phone, as criminals may be able to retrieve them if you happen to lose your phone.
  • Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone.
  • For iPhone users, never jail-break or crack the device. Activate encrypted backup in iTunes, and turn on the passcode lock for the phone.
  • For Android users, never root or crack the device.
  • Never use any proxy or VPN software paid/free while accessing your mobile banking and online banking.

SIM swap fraud

Under SIM swap fraud, fraudsters manage to get a new SIM card issued against your registered mobile number through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank accounts.

How do fraudsters operate?

Step 1 : Fraudsters gather customer's personal information through Phishing, Vishing, Smishing or any other means.

Step 2 : They then approach the mobile operator and get the SIM blocked. After this they visit the mobile operator's retail outlet with the fake ID proof, posing as the customer.

Step 3 : The mobile operator deactivates the genuine SIM card and issues a new one to the fraudster.

Step 4 : Fraudster then generates One Time Password (OTP) required to facilitate transaction, using the stolen banking information. This OTP is received on the new SIM held by the fraudster.

How to protect yourself from fraud:

  • If your mobile number has stopped working for a longer than usual period, enquire with your mobile operator to make sure you haven't fallen victim to the scam.
  • Register for SMS and any other alert mechanism available to stay informed about the activities in your bank account.
  • Regularly check your bank statements and transaction history for any irregularities.

Preventing card fraud

Credit card security

We monitor your account 24/7 for any suspicious or out of the ordinary activity and will contact you straight away if we notice anything unusual. If your card is lost or stolen or you notice any unusual transactions on your account, make sure you contact us immediately on 800 CBD (223).

What to look out for

There are various frauds linked to stealing your money and credit card details for unauthorized purchases:

  • Card not present fraud - Fraudsters may access your credit card details from old receipts to purchase high value items on the internet or phone where the retailer does not need to see the card to authorize the purchase, for example: card not present.
  • Cash machine (ATM) fraud - Devices are planted in cash machines by fraudsters in order to skim the card details and use them for unauthorized purchases at a later date. The fraudster may also be watching at the cash machine to steal your card and PIN.
  • Counterfeit fraud - Counterfeit is a term used to describe the manufacture of a credit card so it looks like a genuine card. Genuine credit cards are then “skimmed” and the details duplicated onto the counterfeit card via the magnetic strip.
  • Mail not received fraud - Cards are stolen in the post before the cardholder receives them and used for fraudulent purchases.

How we protect you

Keeping your financial and personal information secure is our highest priority. We use the most sophisticated levels of technology and processes to protect your privacy and security and prevent fraudulent transactions on your credit card.

Verified by Visa and MasterCard SecureCode

What is 3D Secure Authentication?

  • MasterCard SecureCode™ and Verified by Visa™ (also known as 3D Secure Authentication) are the leading security systems for authenticating credit card transactions online, so you can feel confident when using your credit card for purchases over the internet.

How does 3D Secure Authentication work?

  • 3D Secure Authentication protection is provided automatically with your credit card with no need to register or create a password to benefit from this added layer of security. The majority of online transactions will be automatically processed, however from time to time you may be prompted for additional information linked to your account to authorize the purchase.

Why do I need 3D Secure Authentication protection?

  • Your account information will be protected when you use your card for purchases online, so you can shop quickly and conveniently without compromising your security.

Zero fraud liability

If your CBD card is used without your knowledge or consent, you will not be liable for fraudulent use. So it is important you contact us immediately if you think your card has been lost or stolen, or if you notice any unusual transactions on your account.

Important tips when using your card:

  • Sign your card as soon as you receive it
  • Review your account statements on a timely basis
  • When shopping online, only place orders with your card on a secure website
  • Don't send emails that quote your card number and expiry date
  • Ensure that you get your own card back after every purchase
  • Never write down your PIN or disclose it to anyone
  • Report lost and stolen cards immediately
  • Destroy your credit card receipts before discarding it
  • Never let the card out of your sight.

Get a new card:

  • If you lose your card or if it is stolen then call us straight away on 800 CBD (223) —remember to keep this number safe or save it in your mobile phone for future reference.
  • If delivery of a new card seems slow, query it with your bank immediately.
  • Destroy old cards by cutting through the magnetic strip.
  • Make sure your post is secure and that you know when to expect your credit cards if you have ordered new ones. If you don't receive your statement or card, or your mail appears to have been tampered with, please call CBD immediately on 800 CBD (223).

Card Verification Code (CVC):

  • The CVC code is a unique feature of Visa and MasterCard cards and an added layer of security. It includes a 3 digit number on the back of your card (usually on the signature strip).

ATM security tips

Shoulder surfing card and PIN safety

What is it?
Criminals distract you while you are entering your personal identification number (PIN), with the pretense of either wanting to assist client as the ATM is not working correctly or leaving a slip. They then swap your card. This is done so quickly that very often you are unaware that you no longer have your own card. The customer then assumes that the ATM has retain the card.

What can happen?

  • Once they see your PIN number they might attempt to steal your card from you in order to access your account.

What can I do?

  • Stay alert at all times when using ATMs.
  • Always cover the PIN pad before entering your PIN.
  • Ensure that no strangers are around or interrupting your time with the ATM or Point of Sale device.
  • Do now allow your card to be out of sight at any time.
  • Use your trusted sites or sites that are highly secured.
  • Read the ATM screen before attempting a transaction.
  • Do not continue with the transaction if you suspect something is wrong.
  • Lastly call our call center immediately if you suspect any type of fraud, or card or ATM tampering.

    You should always be aware of the security when using an ATM and should always follow these general tips to ensure your personal information is kept safe.

 

Here are some of the ways by which you can protect yourself every time you use your ATM:

  • Never disclose your Personal Identification Number (PIN) to anyone.
  • Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
  • Never use an ATM with a blank screen.
  • Do not force your card into the card slot.
  • Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
  • Keep your hand over the card slot to make sure nobody can swap or take your card.
  • Only put in your PIN when the ATM tells you to do so.
  • Avoid drawing cash late at night or when you are alone.
  • Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
  • Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
  • If the ATM retains your card, cancel it immediately.
  • Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
  • Always check that it is your card you get back from the ATM.
  • Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
  • When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
  • Report lost or stolen cheques, ATM cards, or credit cards as soon as you discover they are missing.

How to report a suspicious activity

Take control of your security

Remember: we will never request your password, account or confidential information over the phone, via email, SMS or social media. We will also never direct you to a site to input your username and password. Your password and PIN are private to you – never reveal them to anyone.

If you think you may have disclosed your account details to a suspicious party, contact us immediately by calling 800 223 (CBD) or email to whistleblower@cbd.ae

What we do to protect you:

  •   Monitoring for fraud
  •   Data Encryption
  •   Timed logouts

Commercial Bank of Dubai will never:

  •   Ask for your personal information or any other sensitive information
  •   Threaten to close your account or charge if you do not follow the steps in the email
  •   Send you offers that sound to good to be true




Protect online

Take care of your cards:

  • Don’t let anyone else use your credit card. Only carry the cards you need in case you have your wallet / purse stolen.
  • Keep your credit card safe and avoid leaving it in unattended bags, jackets or cars.

 Get a new card:

  • If you lose your card or if it’s stolen then tell us straight away on 800 CBD (223) —remember to keep this number safe or save it in your mobile phone for future reference
  • If delivery of a new card seems slow, query it with your bank immediately.
  • Sign new cards as soon as you receive them.
  • Destroy old cards by cutting through the magnetic strip.
  • Make sure your post is secure and that you know when to expect your credit cards if you have ordered new ones. If you don't receive your statement or card, or your mail appears to have been tampered with please call CBD immediately on 800 CBD (223).

 

As per our privacy policy and information security policy, CBD will never request you to disclose your account number, Credit Card information, User ID , Personal Identification Number (PIN), Telephone Identification Number (TIN), Password or any such information through emails.

If you receive any such email or written communication which appears to have been sent from CBD seeking personal or confidential information, please don’t answer it - instead contact us immediately at whistleblower@cbd.ae and we’ll take the required steps.

We also suggest you follow the below mentioned important steps to avoid becoming a victim of a phishing scam while using CBD online services:
  • Do not disclose your Online Banking User ID and Password to anybody; we will never ask you for this information under any circumstances.
  • Always type the website address www.cbd.ae in the address bar.
  • Ensure that the online banking address has https:// and a secure lock icon appears at the right bottom corner of the page or next to the address in the top of the webpage.
  • Do not use the “Save Password” option on your computer.
  • Change passwords frequently.
  • Do not save the internet banking webpage link or bookmark in browser favourites.
  • Do not leave your compute unlocked.
  • Subscribe to SMS Banking to be notified on any banking transactions through your account.

FAQ's


Security

What is Privacy Policy?

We're committed to protecting your privacy and safeguarding your financial information. Our Privacy Policy describes how we keep this commitment. For more information about our commitment to securing your personal information, you can read our Privacy Policy

How does CBD protect against phishing scams?

CBD will never request you to disclose your account number, Credit Card information, User ID ,Personal Identification Number (PIN), Telephone Identification Number (TIN), Password or any such information through emails. 

Please follow below tips to avoid becoming a victim of a phishing scam while using CBD online services :
• Do not disclose your Online Banking User ID and Password to anybody; we will never ask you for this information under any circumstances.
• Always access CBD Online Banking by typing the correct URL (https://www.cbd.ae) into your browser. Never click on a link in an email to take you to a website or enter personal sensitive details either in the email or website.
• Ensure that the online banking address has https:// and a secure lock icon appears at the right bottom corner of the page or next to the address in the top of the webpage.
• Do not use the “Save Password” option on your computer.
• Change passwords frequently.
• Do not save the internet banking webpage link or bookmark in browser favorites.
• Do not leave your computer unlocked.
• Stay updated on any banking transactions through your account with CBD SMS Banking.

How to report phishing?

Any email or written communication received by you, which appears to have been sent from CBD seeking your personal or confidential information, should not be answered but advised immediately to CBD via email to whistleblower@cbd.ae.  

What should I do if I get a suspicious email?

Suspicious emails, especially those containing web links or attachment should be treated with extra care. Avoid clicking or opening attachments from unknown sources or in any suspicious emails.

What are the types of online threats?

There are many different and diverse types of online threats and most common one is phishing - an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to ‘verify your account’ or ‘confirm your billing information’.
Other threats can be Vishing, Smishing (SMS phishing), Spoofing, Malware, etc. 

What is identity theft?

Fraudsters attempt to steal your personal information to use for illegal purposes like opening bank account, taking out loans, running up huge debts without paying, etc.
Fraudsters steal wallets and purses containing identity documents, credit and bank cards as well as mails which include bank and credit card statements. They may also rummage through your dustbins looking for documents containing personal information or intercept personal information and shared on the Internet. Lastly, an identity thief can simply stand next to you and watch as you complete personal information on a form. 

How can I report a security related problem?

What should I do if I think that I am identity theft victim?

Steps that you can take when you have been impersonated:
• Report the matter to the UAE Police and open a case of identity fraud.
• Check your credit profile at the credit bureau to find out whether any credit enquiries have been done by companies whom you have not dealt with and confirm the account you have on your profile
• Report the matter to all companies where you have been impersonated and each company needs to conduct a victim impersonation investigation.
Online security

What is phishing?

Phishing is an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to ‘verify your account’ or ‘confirm your billing information’. If  you reveal your password, the attacker can access and use your account . 

What is 'time-out' feature?

The time-out function prevents unauthorised persons from accessing your session and data when you're away from the computer. We use it to protect your privacy.

What is my role in online security?

Online security is about protecting your privacy, not just while banking but across the internet. Follow these basic tips to stay secure while online:
•Always be suspicious of unsolicited emails or calls asking you to disclose any personal details or card numbers. Please remember that CBD would never directly ask you to disclose your PIN or password information. 
• Ensure that you use up-to-date antivirus software and a personal firewall.
• Ensure that the online banking address has https:// and a secure lock icon appears at the right bottom corner of the page or next to the address in the top of the webpage.
• Do not use the “Save Password” option on your computer and change your passwords frequently.
• Always completely log off from your internet banking session.
• Do not save the internet banking webpage link or bookmark in browser favorites.
• Do not leave your computer unlocked.
• Stay updated on any banking transactions through your account with CBD SMS Banking and check your accounts and credit card statement regularly.
• Keep your One Time Password (OTP) secure.

What are ‘trojans’ and what does CBD do to protect online banking users s from ‘trojans’?

Trojans are a type of computer virus which can be installed on your computer without you realising it. Fraudsters will send out emails at random to get you to click on a link in the email and visit a web site where vulnerabilities in the web browser are exploited to install the Trojan. Trojans perform actions that have not been authorised by the user, like deleting, blocking, modifying and copying data and disrupting the performance of computers or computer networks. 
Unfortunately CBD can't have control over your personal computer to protect it against Trojans but to avoid Trojans here are some measures you must consider:Keep your computer up to date with the latest patches to close down vulnerabilities in the operating system.Always run anti-spam and anti-virus software with regular updates.Enable personal firewall which can prevent Trojans from accessing the internet to make contact with the fraudsters.Be extra careful when visiting unkown sites, especially with pop-ups and requests to install "plug-ins" or unwanted software. Be careful with links and attachments sent to you by email. If in doubt, don't click.

What is ‘spyware’ and what does CBD do to protect online banking users from ‘spyware’?

Spyware is software that aids in gathering information about a person or organisation without their knowledge. It may then send such information to another entity without the person's consent or assert control over a computer without the person's knowledge.
Unfortunately CBD does not have control over your personal computer to protect it against spyware but good anti-virus and endpoint security solutions can sometimes detect and remove spyware programs.

How does CBD ensure online banking security?

CBD continually invests in and implements the most advanced security measures to ensure all your online banking transactions with us are safe and confidential.
Some of the security features we use to safeguard your communications with CBD Online Banking are:
• Robust firewall intrusion detection and prevention technologies to prevent unauthorised access to the Bank’s systems.
• Security monitoring for suspicious activity.
• 2048 - Bit data encryption to keep your sensitive information, including messages sent via Secure Email, from being accessed by any unauthorised party.
• A time-out limit that automatically logs you off the system and ends your session. Please remember to log off completely from Online Banking if you’re not using your computer for a period of time.

What are cookies?

Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next. 

How can I prevent my computer from keeping a history of where I browse?

You can do this by clearing your history after every browsing session. 

Where can I get more information about privacy, security, and online safety?

You can check it out at the bottom of the page under Privacy Policy and Security.

Why is online security so important?

Your personal banking information can be abused by online hackers. Keep it safe from them and protect your privacy.

I think someone may have access to my online banking logon details. What should I do?

Please change your password immediately and contact us on 800 CBD (223).
Mobile security

How does CBD ensure mobile banking security?

CBD Mobile Banking Apps use various security measures and data encryption to ensure your day to day banking is completely safe with a User ID/Password, PIN and security token  for high level transactions. Some of these security measures are:
• Personalised activation/registration process with unique one time password code
• Secure registration process using CBD Online Banking credentials
• Multilevel checks using personal password/PIN or security token
• The ability to control your beneficiaries by adding or removing utility bills, internal and external payments details through synchronisation from CBD Online Banking through receiving an OTP (one time password) notification on your mobile.

What is my role in mobile security?

Follow below tips to stay secure while using your mobile: 
• Lock your phone when not in use.Password-protect your device so that nobody else can use it or view the information.
• Call us on 800 CBD (223), if you have lost your phone and we will disable your mobile banking user ID and password temporarily. In case you have changed your mobile phone number, please let us know and we will update your contact details.
• Clear mobile frequently by deleting text messages from financial institutions, especially before sharing, discarding or selling your device.
• Never disclose via text message any personal information (account numbers, passwords, or other personal information) that could be used for ID theft.
• Always download apps from trusted sources.
• Keep your phone's Operating System (OS) and apps updated.
• Do not store passwords or accounts numbers on your mobile phone.
• Limit the amount of personal details or contact information that you store in your phone, as criminals may be able to retrieve them if you happen to lose your phone.
• Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone.
• For iPhone users, never jail-break or crack the device. Activate encrypted backup in iTunes, and turn on the passcode lock for the phone.
• For Android users, never root or crack the device.
• Never use any proxy or VPN software paid/free while accessing your mobile banking and online banking. 

What is SIM Swap fraud?

Under SIM swap fraud, fraudsters manage to get a new SIM card issued against your registered mobile number through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank accounts.

How do SIM Swap fraudsters operate?

Step 1 : Fraudsters gather customer's personal information through Phishing, Vishing, Smashing or any other means.
Step 2 : They then approach the mobile operator and get the SIM blocked. After this they visit the mobile operator's retail outlet with the fake ID proof, posing as the customer. Step 3 : The mobile operator deactivates the genuine SIM card and issues a new one to the fraudster.
Step 4 : Fraudster then generates One Time Password (OTP) required to facilitate transaction, using the stolen banking information. This OTP is received on the new SIM held by the fraudster.

How to protect myself from SIM Swap fraudsters?

If your mobile number has stopped working for a longer then usual period, inquire with your mobile operator to make sure you haven't fallen victim to the Scam. Register for SMS and any other alert mechanism available to stay informed about the activities in your bank account. Regularly check your bank statements and transaction history for any irregularities.  
Card security

What are the types of credit card fraud?

There are various frauds linked to stealing your money and credit card details for unauthorized purchases:
• Card not present fraud - Fraudsters may access your credit card details from old receipts to purchase high value items on the internet or phone where the retailer does not need to see the card to authorize the purchase, for example: card not present.
• Cash machine (ATM) fraud - Devices are planted in cash machines by fraudsters in order to skim the card details and use them for unauthorized purchases at a later date. The fraudster may also be watching at the cash machine to steal your card and PIN.
• Counterfeit fraud - Counterfeit is a term used to describe the manufacture of a credit card so it looks like a genuine card. Genuine credit cards are then “skimmed” and the details duplicated onto the counterfeit card via the magnetic strip.
• Mail not received fraud - Cards are stolen in the post before the cardholder receives them and used for fraudulent purchases.

How does CBD protect credit card holders?

Keeping your financial and personal information secure is our highest priority. We use the most sophisticated levels of technology and processes to protect your privacy and security and prevent fraudulent transactions on your credit card. Lately we introduced 3D secure which is a leading security system for authenticating credit card transactions online.

What is 3D Secure Authentication?

MasterCard SecureCode™ and Verified by Visa™ (also known as 3D Secure) are the leading security systems for authenticating credit card transactions online, so you can feel confident when using your credit card for purchases over the internet.

How does 3D Secure Authentication work?

3D Secure Authentication offers extra layer of security when shopping online by asking you to input OTP (one time password) which will be sent to your mobile number registered with us. In case you didn’t receive OTP or you are a supplementary card holder you will be required to enter details of the primary card holder like credit limit, date of birth and name on the card.

How can supplementary card holders use 3D Secure Authentication?

Only primary card holder can receive OTP (one time password), so if you are a supplementary card holder you will be required to enter details of the primary card holder like credit limit, date of birth and name on the card.

How do I protect my credit card from fraud or theft?

Here are some tips on how to protect your credit card:  

  • Never let your cards out of your sight when paying in shops or restaurants, as they may be copied or cloned. Don't leave them on show or 'behind the bar'.
  • Don’t let anyone else use your credit card. 
  • Always keep your receipts and dispose of them by shredding.
  • Only shop on reputable and trusted websites.
  • Keep your credit card safe and avoid leaving it in unattended bags, jackets or cars.
    If you lose your card or if it’s stolen then tell us straight away on 800-CBD (223).

Why am I asked to enter OTP (one time password) if I have already entered the CVC number and the expiry date?

Fraudsters may access your credit card details from old receipts to purchase high value items on the internet where the retailer does not need to see the card to authorize the purchase. In such cases OTP provides additional protection by ensuring that only you as the cardholder will have the password.


ATM security

What is shoulder surfing?

Shoulder surfing happens when criminals try to distract you while you are entering your personal identification number (PIN), with the pretense of wanting to assist you as the ATM is not working correctly. Other times, they might try to see your PIN number and they might attempt to steal your card in order to access your account.

How to protect myself from shoulder surfing?

Please follow below tips to protect yourself from shoulder surfing:
• Stay alert at all times when using ATMs.
• Always cover the PIN pad before entering your PIN. 
• Ensure that no strangers are around or interrupting your time with the ATM or Point of Sale device. 
• Do now allow your card to be out of sight at any time. 
• Use your trusted sites or sites that are highly secured.
• Read the ATM screen before attempting a transaction. 
• Do not continue with the transaction if you suspect something is wrong.
• Lastly, call our call center immediately if you suspect any type of fraud, or card or ATM tampering.

How to stay protected at ATMs?

Here are some of the ways by which you can protect yourself every time you use your ATM:
• Never disclose your Personal Identification Number (PIN) to anyone.
• Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
• Never use an ATM with a blank screen.
• Do not force your card into the card slot.
• Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
• Keep your hand over the card slot to make sure nobody can swap or take your card.
• Only put in your PIN when the ATM tells you to do so.
• Avoid drawing cash late at night or when you are alone.
• Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
• Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
• If the ATM retains your card, cancel it immediately.
• Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
• Always check that it is your card you get back from the ATM.
• Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
• When using your cards at ATM's, be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
• Report lost or stolen cheques, ATM cards, or credit cards as soon as you discover they are missing.