• عربی
Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard

The shift to online banking and increasing use of digital payments is a consumer trend that is here to stay, especially in a post-COVID19 world. Our focus now is to ensure that we continue to provide our customers with the best customer experience in a safe and secure banking environment.
- Suhail Bin Tarraf, Chief Operating Officer.

Introduction to Customer Trust

Forrester postulates that the external sentiment of a company is driven by transparency, integrity and competence, which are customer perceptions formed over time through past interactions.

Trust is a key pillar of the new Digital Era that helps deliver a positive customer experience that is sustainable, frictionless, resilient, secure and transparent. Establishing trust is foundational to a successful relationship with every customer who would benefit from the digital experience as part of the new business ecosystem.

Emirates Islamic focuses on serving and protecting customers, reliably consistently, in the digital age.

Emirates Islamic demonstrates itself as a leading digital bank and builds its capabilities to shape customer interactions. Trust allows a good product to evolve into a sustainable platform rather than sizzle out as a technology fad.

In this digital era, as Cards are used on e-commerce channels, swiped on retail merchants, shared with service providers, we at Emirates Islamic are thoroughly ensuring proper due diligence and risk management practices for entities associated with us.

What is cardholder data?

The PCI Security Standards Council (PCI SSC), the body that administers the Payment Card Industry Data Security Standard (PCI DSS), is a bit more specific in their official definition, citing, “At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code [found on the magnetic stripe]. Sensitive Authentication Data are additional data elements that may be transmitted or processed (but not stored) as part of a payment transaction.”

To further clarify these additional terms, the PCI SSC defines them in their official Glossary as follows:

  • PAN – Acronym for “primary account number” and also referred to as “account number.” Unique payment Card number (typically for Credit or Debit Cards) identifies the issuer and the particular cardholder account.
  • Service Code – Three-digit or four-digit value in the magnetic-stripe that follows the expiration date of the payment card on the track data. It is used for various things such as defining service attributes, differentiating between international and national interchange, or identifying usage restrictions.
  • Sensitive Authentication Data – Security-related information (including but not limited to Card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip, PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment Card transactions.
  • Card Verification Code – Also known as Card Validation Code or Value, or Card Security Code. This refers to either: (1) magnetic-stripe data, or (2) printed security features.
  • PIN – Acronym for “personal identification number.” Secret numeric password known only to the user and a system to authenticate the user to the system. The user is only granted access if the PIN they provide matches the PIN in the system. Typical PINs are used for automated teller machines (ATMs) for cash advance transactions. Another type of PIN is one used in EMV chip Cards where the PIN replaces the cardholder’s signature.

All these elements constitute cardholder data, and therefore fall under the jurisdiction of the PCI DSS.

Why does Card data security matter?

PCI DSS is the global industry compliance and security standard that is dedicated to secure cardholders’ data. It is also one of the most stringent security standards in the market.

Our business model is built on public trust, so it is essential that in addition to standard risk inherent to our business, we avoid risks that can undermine trust.

As the value of Card data continues to increase, cyber attackers will continue to find new and crafty ways to access and expose these digital assets. The world has witnessed publicized data breaches that does not always involve malicious hackers but rather a perceived unethical use of sensitive information using Identity Theft. Hackers can now impersonate the card, stealing the identity of the cardholder and use the card. Fraud losses incurred by banks and merchants on all Credit, Debit, and Prepaid Cards is expected to exceed $35 billion by the end of 2020.

The Central Bank of UAE - CBUAE has mandated compliance to all financial institutions/banks the (PCI DSS) to “limit breaches that lead to cash-out and fraud attacks with massive financial and reputational consequences”.

Safeguarding our clients trust is our central focus. This principle guides all our activities and applies to all business divisions. The customer trust defines strict adherence to our values and principles. Enabling us to improve client satisfaction and achieve customer loyalty in the long term.

In order to create value for our clients and win their trust, we place emphasis on client satisfaction as well as on the benefit that our products and services will generate for customers.

How is Emirates Islamic adhering to regulatory standards?

The Bank in its commitment to adhering to regulations and protecting customer data has achieved the Payment Cards Industry Data Security Standard(PCI DSS) compliance status.

The Central Bank in its notice dated 21 May 2019 ((CBUAE/BSD/C/2019/2094)) mandated all Financial Institutions operating in the Cards payment ecosystem to comply with PCI DSS.

In our view, responsible corporate governance does not only mean adherence to laws, regulations, and standards. It requires a stringent compliance program. We have defined strict rules and guidelines for our staff across the entire spectrum of our areas of operation. Through our conformity with the law, we ensure that the company, its shareholders, clients, and employees are protected as comprehensively as possible.

How does Emirates Islamic safeguard customer data?

At Emirates Islamic, we have always taken consistent efforts to continuously improve and transform our technology, processes and business ecosystem to enhance our overall security posture. This helps us safeguard our customer data.

Credit and Debit Card data are treated as confidential information in the bank. Hence, we are implementing and in the process of certifying against the best-in-class industry standard for Card data security.

Prioritizing security and privacy by design, treating data as an asset, and establishing timely incident responses are three key technical capabilities that all contribute to protecting the customer.

How does Emirates Islamic secure Third-parties?

As Emirates Islamic may choose to leverage third-party service providers to achieve our objectives, these third parties can become an integral part of the cardholder data environment and impact our PCI DSS compliance, as well as the security of the cardholder data environment. Any third-party organization that directly processes, stores, or transmits cardholder data (CHD) or sensitive authentication data (SAD) on behalf of Emirates Islamic therefore must meet PCI DSS compliance standards.

Emirates Islamic ensures a robust and accurately implemented third-party assurance program which assists in safeguarding data and systems it entrusts to third parties which are to be maintained in a secure and compliant manner.

What you need to do to protect your Card information?

  • Never give out your Card number over the phone or Internet.
  • Protect your Personal Identification Number (PIN): don't share it with anyone or write it down; memorize it.
  • Sometimes scammers will try to trick people into revealing information about their Cards either over the phone or through e-mail. It's important to know that Emirates Islamic would never call to ask for personal information like your Credit Card number, expiry date of your Card, PIN, or the security number on the back of your Card. When you call us, we ask for personal information for identification purposes only.
  • Protect your Card like you protect your cash. Never leave them unattended in your car or at work.
  • Always check your Card when it is returned to you after a purchase. Make sure it is your Card.
  • Equip your device with a virus-protection software.
  • Enable the password and remote wiping on your mobile phones.
  • Make sure your mobile phones’ operating system is always updated.
  • Do not download software from suspicious sources (such as phishing and untrusted websites)
  • Always use a strong password that combines letters and numbers and change it regularly.
  • Emirates Islamic takes its responsibility to protect its clients very seriously, but there are some simple measures you can take to protect yourself:
    • Make it a habit to regularly check your transactions online or on your monthly statement. If there are any charges that you didn't make, report them to your bank right away.
    • When travelling, carry your Card with you or make sure it is in a secure location such as a hotel safe.
    • If you are using your smart Card at a smart Card terminal, insert your Card chip-end first; if the terminal cannot read the chip, you will be prompted to swipe the Card. This way, you will avoid swiping your Card unnecessarily thereby reducing the risk of your Card being cloned.

Frequently Asked Questions

Emirates Islamic regards the confidentiality, security and protection of your personal and financial information as our highest priority. We value your trust and we understand that handling your financial information with care is one of our most important responsibilities. Our policies, procedures and protection measures are always evolving to stay ahead of new strategies used by fraudsters.

Do not share any financial, personal or Card-related information to an unknown website or respond to any email seeking such information. for more Security Tips, please click here.

  • Keep your phone locked
  • Set Secure passwords
  • Keep your device’s OS Up-To-Date
  • Connect to Secure Wi-Fi
  • Follow the security do’s and don’ts provided by the bank. Click here for more information.

  • Untrusted emails/ phone calls
  • Unknown links/ attachments
  • Untrusted websites or shopping carts

  • Encrypt customer data when transmitting
  • Keep policies up to date with changing technology and regulations
  • Maintain secure system/devices configuration
  • Track and monitor all access to customer data
  • Regularly test security systems and processes