Payment Card Industry Data Security Standard

Forrester postulates that the external sentiment of a company is driven by transparency, integrity and competence, which are customer perceptions formed over time through past interactions.

Trust is a key pillar of the new Digital Era that helps deliver a positive customer experience that is sustainable, frictionless, resilient, secure and transparent. Establishing trust is foundational to a successful relationship with every customer who would benefit from the digital experience as part of the new business ecosystem.

Emirates Islamic focuses on serving and protecting customers, reliably consistently, in the digital age.

Emirates Islamic demonstrates itself as a leading digital bank and builds its capabilities to shape customer interactions. Trust allows a good product to evolve into a sustainable platform rather than a technology fad.

In this digital era, as Cards are used on e-commerce channels, swiped on retail merchants, shared with service providers, we at Emirates Islamic are thoroughly ensuring proper due diligence and risk management practices for entities associated with us.

The PCI Security Standards Council (PCI SSC), the body that administers the Payment Card Industry Data Security Standard (PCI DSS), is a bit more specific in their official definition, citing, “At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code [found on the magnetic stripe]. Sensitive Authentication Data are additional data elements that may be transmitted or processed (but not stored) as part of a payment transaction.”

To further clarify these additional terms, the PCI SSC defines them in their official Glossary as follows:

• PAN – Acronym for “primary account number” and also referred to as “account number.” Unique payment Card number (typically for Credit or Debit Cards) identifies the issuer and the particular cardholder account.
• Service Code – Three-digit or four-digit value in the magnetic-stripe that follows the expiration date of the payment card on the track data. It is used for various things such as defining service attributes, differentiating between international and national interchange, or identifying usage restrictions.
• Sensitive Authentication Data – Security-related information (including but not limited to Card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip, PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment Card transactions.
• Card Verification Code – Also known as Card Validation Code or Value, or Card Security Code. This refers to either: (1) magnetic-stripe data, or (2) printed security features.
• PIN – Acronym for “personal identification number.” Secret numeric password known only to the user and a system to authenticate the user to the system. The user is only granted access if the PIN they provide matches the PIN in the system. Typical PINs are used for automated teller machines (ATMs) for cash advance transactions. Another type of PIN is one used in EMV chip Cards where the PIN replaces the cardholder’s signature.

PCI DSS is the global industry compliance and security standard that is dedicated to secure cardholders’ data. It is also one of the most stringent security standards in the market.

Our business model is built on public trust, so it is essential that in addition to standard risk inherent to our business, we avoid risks that can undermine trust.

As the value of Card data continues to increase, cyber attackers will continue to find new and crafty ways to access and expose these digital assets. The world has witnessed publicized data breaches that does not always involve malicious hackers but rather a perceived unethical use of sensitive information using Identity Theft. Hackers can now impersonate the card, stealing the identity of the cardholder and use the card.

The Central Bank of UAE - CBUAE has mandated compliance to all financial institutions/banks the (PCI DSS) to “limit breaches that lead to cash-out and fraud attacks with massive financial and reputational consequences”.

Safeguarding our clients trust is our central focus. This principle guides all our activities and applies to all business divisions. The customer trust defines strict adherence to our values and principles. Enabling us to improve client satisfaction and achieve customer loyalty in the long term.

In order to create value for our clients and win their trust, we place emphasis on client satisfaction as well as on the benefit that our products and services will generate for customers.

At Emirates Islamic, we have always taken consistent efforts to continuously improve and transform our technology, processes and business ecosystem to enhance our overall security posture. This helps us safeguard our customer data.

Credit and Debit Card data are treated as confidential information in the bank. Hence, we are implementing and in the process of certifying against the best-in-class industry standard for Card data security.

Prioritizing security and privacy by design, treating data as an asset, and establishing timely incident responses are three key technical capabilities that all contribute to protecting the customer.

• Never give out your Card number over the phone or Internet.
• Protect your Personal Identification Number (PIN): don't share it with anyone or write it down; memorize it.
• Sometimes scammers will try to trick people into revealing information about their Cards either over the phone or through e-mail. It's important to know that Emirates Islamic would never call to ask for personal information like your Credit Card number, expiry date of your Card, PIN, or the security number on the back of your Card. When you call us, we ask for personal information for identification purposes only.
• Protect your Card like you protect your cash. Never leave them unattended in your car or at work.
• Always check your Card when it is returned to you after a purchase. Make sure it is your Card.
• Equip your device with a virus-protection software.
• Enable the password and remote wiping on your mobile phones.
• Make sure your mobile phones’ operating system is always updated.
• Do not download software from suspicious sources (such as phishing and untrusted websites)
• Always use a strong password that combines letters and numbers and change it regularly.
• Emirates Islamic takes its responsibility to protect its clients very seriously, but there are some simple measures you can take to protect yourself:
  • Make it a habit to regularly check your transactions online or on your monthly statement. If there are any charges that you didn't make, report them to your bank right away.
  • When travelling, carry your Card with you or make sure it is in a secure location such as a hotel safe.
  • If you are using your smart Card at a smart Card terminal, insert your Card chip-end first; if the terminal cannot read the chip, you will be prompted to swipe the Card. This way, you will avoid swiping your Card unnecessarily thereby reducing the risk of your Card being cloned.