Privacy & Security Privacy & Security

Our security procedures and Code of Ethics ensure utmost confidentiality at all times of the information you entrusted to us. However, you also play an important role in keeping this information secure. Browse through the tabs below to find what you can do to enjoy banking convenience with absolute peace of mind.

UAE Banks Federation Public Awareness Campaign against Fraud

Fight Fraud

Together Against Fraudsters. The UAE Banks Federation, the Central Bank of the UAE, Abu Dhabi Police and Dubai Police have joined hands and created a Public awareness campaign against fraud, in which we will be participating in as we aim to ensure that all our customers are safe and aware from all types frauds.

If you believe that you are a victim of fraud, report your case to UAE Banks Federation by clicking here.

Please remember, we will NEVER ask for your Online or Mobile Banking username or password, your 3-Digit Security Code (CVV) on the back of your Card, your authentication Code/Smart Pass PIN or request you to call a mobile number in an official communication.

Please remain vigilant! Fraudsters might message, call or use personal/fake webpages pretending to be from Emirates Islamic or Central Bank to ask for such information.

Security Tips

Email Security Tips

Use your email safely by keeping in mind the following
  • Minimise the use of attachments.
    • Copy and paste text as often as possible.
  • Question unsolicited documents
    • Unsolicited bulk mail and commercial email can put you and your organisation at risk. Questioning it means not opening it, not passing it on, and notifying your system administrator immediately.
  • Never respond to spam email
    • For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam email, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.
  • Never respond to the spam email's instructions to reply with the word "remove"
    • This is just a trick to get you to react to the email -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam.
  • Never sign up with sites that promise to remove your name from spam lists
    • These sites are of two kinds: genuine AND spam address collectors. The first kind is ignored (or exploited) by spammers, and the second is owned by them. In both cases your address is recorded and valued more highly because you have just identified it as read by a human.
  • Keep your virus protection up-to-date
  • Question executable programs received via email
    • This is a common means for passing on viruses. Do not open them, do not pass them on, and notify your system administrator if you receive them.
  • Disable macros on your machine
    • To do this, you will need to open the application. On Word 2000, select Tools, then select Macros, then select Security, and then checked High: Only signed macros from trusted sources will be allowed to run. Unsigned macros are automatically disabled
  • Make sure that file extensions are viewable
    • This will alert you to files of the following types: .exe, .vbs, and .shs. To view file extensions in Windows select the Start menu, then select Settings, then select Control Panel, then select Folder Options, then select View, then UNCHECK the command that reads Hide File Extensions for Known file Types.
  • Notify the person you received an infected file from
    • This helps them correct the problem within their system before passing the virus on to other users.
  • Monitor your transactions.
    • Review your order confirmations, credit card, and bank statements as soon as you receive them to make sure that you are being charged only for transactions you made. Immediately report any irregularities.
  • Don't reply to any e-mail that requests your personal information.
    • Be very suspicious of any business or person who asks for your password, PIN (Personal Identification Number), or other highly sensitive information.
  • If you experience anything that arouses your suspicions, please intimate our call center representative on +971 600 599 995

ATM Security Tips

Here are some of the ways by which you can protect yourself every time you use your ATM

You should always be aware of the security when using an ATM and should always follow these general tips to ensure your personal information is kept safe:

  • Never disclose your Personal Identification Number (PIN) to anyone.
  • Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
  • Never use an ATM with a blank screen.
  • Do not force your card into the card slot.
  • Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
  • Keep your hand over the card slot to make sure nobody can swap or take your card.
  • Follow the instructions on the ATM screen carefully.
  • Do not insert your card until asked to do so by the display screen.
  • Only put in your PIN when the ATM tells you to do so.
  • Avoid drawing cash late at night or when you are alone.
  • Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
  • Never hurry when using an ATM. Make sure you are not distracted, intimidated or rushed into your transaction.
  • Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
  • Do not count your cash in front of the ATM.
  • Avoid using ATMs in secluded areas after dark.
  • If the ATM retains your card, cancel it immediately.
  • Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
  • Always check that it is your card you get back from the ATM.
  • Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
  • When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
  • Report lost or stolen cheques, ATM cards, or Credit Cards as soon as you discover they are missing.

Online Security Tips

Protect your information every time you use

You have to protect your information at all times be it over the internet or during your normal banking activities by simply following these tips:

Protect your Password and Personal Information:
  • Do not use passwords that are easy to guess, e.g. your name, your date of birth, your telephone number(s), etc.
  • Use a combination of upper and lower case letters as well as numbers.
  • Do not use share your password with anyone and do not use the same password for other websites.
  • Change your password frequently and never write it down.
  • Always log into Internet Banking via our sites at the following addresses: www.emiratesislamic.ae and not through other links.
  • Avoid logging into Internet Banking from Internet Cafes, Libraries or public sites.
  • Always close the window once you have logged out of your Internet Banking session.
  • Important: No one at Emirates Islamic will ever ask you for your internet banking password. If someone does ask you for it, they do not represent the Bank and you should not under any circumstance provide this information.
Protect your Computer and Internet session:
  • Never share your computer.
  • Use a password on your PC to prevent unauthorised access to your information.
  • Be wary of opening email messages from untrustworthy sources, especially if they contain attachments.
  • Do not reply to emails that request your personal information. They may appear to come from a trusted friend or business, but they are designed to trick you in disclosing sensitive personal information.
  • Use personal firewalls and anti-virus software.
  • Avoid downloading software such as screen savers, desktop themes, games, and other executable type programs from websites that are obscure or unidentifiable. These programs may contain Trojan viruses that would enable hackers to monitor or take over your PC.
  • Disable all unnecessary services running on your computer.
  • Always verify that the site is the genuine Emirates Islamic site.
  • Do not leave your internet banking session unattended at any time.
  • Before you start your internet banking session, ensure that all other internet sessions are closed. If your internet banking session is open we recommend that you do not open other internet browsers at the same time.
  • Please contact our Customer Service Helpdesk on +971 600 599 995 in case you receive fraudulent emails or require any assistance using our Internet Banking service.

Fraud Awareness

Reporting Fraud

Follow the Below Guidelines if you faced fraud
What you need to do

While logging in, if you see a message like “We are checking your security settings. Each step could take up to 10 minutes”, immediately close the web page. Please use reliable anti-virus and anti-spyware protection that is up to date along with a personal firewall.
If you get a suspicious-looking email or phone call, or see any unusual behavior while visiting your Online Banking account, or receive an SMS for an unknown beneficiary addition, please report it immediately to +971 600 599 995.

What you need to remember
  • Our website is www.emiratesislamic.ae. Secure Online Banking can only be accessed through this site.
  • We will never send emails asking for confidential information such as account numbers, ATM pin numbers or login passwords.
  • Never add your Online Banking link to your list of favourites or save your user ID and password in auto-fill.
  • Ensure that your browser address begins with https, not http, with a padlock icon. This means it’s an authentic, secure site.
What you need to know
Phishing is an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to verify your account of confirm your billing information. If you reveal your password, the attacker can access and use your account.

Vishing is similar to phishing, but the medium used is the mobile phone. For example, an automated recording informs you that your bank account has had unusual activity and that you should call a particular number immediately. When you dial the number, you are requested to enter your account details on the keypad.

Malware is a collective name for viruses and malicious software designed by fraudsters to access your Online Banking account.

Beware of Online Fraud

Know more about online fraud attempts
  • Contact your bank(s) and credit card issuers immediately to ensure the following are done:
    • Access to your accounts can be protected
    • Stop payments placed on missing cheques
    • Personal Identification Numbers (PINs) and Online Banking Passwords changed
    • Be sure to indicate to the bank or issuer all the cards and/or accounts potentially impacted, including your ATM cards and credit cards.
    • Review all recent transactions on your accounts linked to those cards. Additionally, ensure that no one has requested an address change, title change, PIN change, or ordered new cards or checks to be sent to another address when appropriate.
  • Maintain a written chronology of what happened, what was lost, and the steps you took to report the incident to the various sources. Be sure to record the date, time, contact telephone number, person you talked to, and any relevant report or reference number and instructions.
  • For further information or queries, please call +971 600 599 995

SIM Swap

Be vigilant, stay safe

Please be aware of a new technique used by fraudsters known as "SIM Swap" whereby they get Telecom Providers to issue duplicate SIMs. Their access to a duplicate SIM card will allow them to get confidential SMS notifications and OTPs (One Time Passwords) that are sent to registered mobile phones, thereby allowing them to make fraudulent transactions.

Detection:

SIM Swapping is a threat when you receive a "SIM not registered" message on your mobile phone.

What you need to do:

  • If you suspect you are a victim of SIM Swap, contact your Telecom provider and request for a SIM de-activation immediately
  • Keep a close eye on your financial transactions, especially when you are travelling
  • Report such instances to the bank via +971 600 599 995

Phishing

Beware of Phishing

Online banking users are being targeted by internet fraudsters, who are using creative ways to lure online banking users. One of the most common ways is Phishing. Phishing is a deceitful act where fraudsters send you an authentic looking email that appears to come from your bank, but in reality have been sent to you by imposters in an attempt to obtain your personal and financial information. Through these emails, they lure you to click on links that re-direct you to fraudulent websites, which have been designed to make you think that you are actually on the original bank site. These fake websites will ask you for information like your username, password, date of birth, etc. all with the intention to take your personal information and then commit fraud.

Protection from Phishing

Here’s how you can protect yourself against phishing.

Firstly, the bank will never ask you for confidential information like account information, credit/debit card details, PIN or other internet banking details. So, if you are ever asked for such details under the bank’s name, do not respond to such requests, or contact the bank.

Remember, the bank will not send you an email and ask you to share your personal banking details. If you receive an email asking you to "verify your account", "confirm your sign in details", or something similar, beware that it is for fraudulent purposes.

You will receive promotional emails from the bank however, these emails will never lead you to fraud sites and contain links that will ask you for personal information, or lead you to fill application forms related or to transact online. If you are in any doubt about whether an email is genuine, please do not click on any links within the message. If you get a suspicious email that claims to be from Emirates Islamic please report it immediately to 600 599995. Make sure to have the latest anti-virus or online security installed on your computer, and constantly update it to protect your computer from the latest online threats.

Steps to take against Phishing

If you suspect phishing or have come across an email scam, here’s what you can do:

  • Do not click on any of the links provided in the scam mail
  • Forward the mail to an Emirates Islamic representative or connect with our call centre
  • Run your anti-virus software to check for infections
  • Delete the email from your computer

Safe Online Banking with Emirates Islamic

Emirates Islamic takes online fraud very seriously. To make your banking experience a safe one, we have invested highly in state-of-the-art encryption technology and sophisticated firewalls. They provide the utmost protection at every step of your online banking journey, keeping your banking a private affair. We are using the best possible methods in our fight against online fraudsters and scam artists. However, we still urge you to be vigilant and take simple precautions mentioned above to protect yourself and your finances.

Impersonation & Kickbacks

Emirates Islamic employee shall not, under any circumstances, request cash from customers in lieu of providing bank services such as account opening or approving any credit facility.

Please report such instances to our Call Centre on +971 600 599 995

Frequently Asked Questions

A session is started when the authorised subscriber uses his or her browser to send a secure message via SSL to Online Banking server. For this purpose he uses the customized password along with his User ID. The Online Banking server verifies this data and responds by authenticating the customer and initiating session encryption.

Once the Online Banking session is securely established, Emirates Islamic's computer processes and routes the transaction data using internal protocols. This prevents other Internet users from proceeding past bank's series of firewalls and filtering routers.

Online Banking protects financial transactions through a number of barriers that prevent unauthorized access. The first barrier is a system of filtering routers and firewalls, which separate the outside Internet from bank's internal network. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. In addition, the filtering router prevents many common Internet attacks.

In addition, the firewall is the only server in the Bank's network that communicates via TCP/IP - the Internet's communication protocol. No internal Online transaction processing systems are reachable using TCP/IP. This prevents unauthorized users from accessing any transaction data from the Internet.

The information is passed between the bank's main computer and the customer's PC after it is duly encrypted using the highest possible encryption.

Security is the first and foremost requirement of Online Banking because the Internet is inherently unsecured. Millions of computers form a public network where communications can be intercepted. As data moves from sender to receiver, it almost always has to travel through several other connections. This is called routing. During routing, computers other than the sender and receiver can access the data. Even computers not directly involved in routing can access the data. Security is therefore a critical component of any Internet application

Sending data across a network involves three basic security risks:

  • Eavesdropping - intermediaries listen in on private conversations (one computer talking to another).
  • Manipulation - intermediaries change information in a private communication.
  • Impersonation - a sender or receiver communicates under false identification.

Current browsers counter security threats with a network communication protocol called Secure Sockets Layer (SSL). SSL is a set of rules that tells computers the steps to take to improve the security level of communications. These rules are designed for the following:

  • Encryption, which guards against eavesdropping
  • Data integrity, which guards against manipulation
  • Authentication, which guards against impersonation

However, these effects protect your data only during transmission. That is, network security protocols do not protect your data before you send it. Just as you trust merchants not to share your credit card information, you must trust the recipients of your online data not to mishandle it.

SSL uses authentication and encryption technology developed by RSA Data Security Inc. The encryption established between you and a server remains valid over multiple connections, yet the effort expended to defeat the encryption of one message cannot be leveraged to defeat the next message.

A message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break (a 64-MIPS computer needs a year of dedicated processor time to break the message's encryption). The high-grade, 128-bit U.S. domestic version provides protection exponentially more vast. The effort required to break any given exchange of information is a formidable deterrent. Server authentication uses RSA public key cryptography in conjunction with ISO X.509 digital certificates.

The Internet is inherently unsecured. No security method can make claims of impenetrability.

  • Always use the latest versions of software. Regardless of vendor, users of network should always ensure that they have the latest version of an application. The discovery of a security flaw is one of the most significant reasons for vendors to release new versions of software.
  • Use the highest security version of your software. Customers who use Internet Explorer 3.02 can download the 128-bit add-on from the Microsoft web site. This software uses a 128-bit key that provides stronger security than the 40-bit key.

Emirates Islamic is committed to provide the safest Online Banking service to our valued customers so that all transactions involving financial and customer data are conducted in a safe and secure environment. Without thorough security, information transmitted over the Internet is susceptible to fraud and other misuse by intermediaries. Information travelling between your computer and a server uses a routing process that can extend over many computer systems. Any one of these computer systems represents an intermediary with the potential to access the flow of information between your computer and a trusted server. You need security to make sure that intermediaries cannot deceive you, eavesdrop on you, copy from you, or damage your communications.

Adequate security features are in-built into our Online Banking to protect our customers. We use 128-bit encryption, the highest encryption security currently available, which earlier was restricted to Canada and US, but are now available to Banks outside the US in selected countries. Additional security comes with the User ID and Password, which are provided to you by the bank to access your account. The information, which you enter, passes through 128-bit encryption.

Microsoft Internet Explorer with 128-bit encryption uses:

  • Server authentication (thwarting impostors)
  • Privacy using encryption (thwarting eavesdroppers)
  • Data integrity (thwarting vandals)
  • Firewall is used to protect data in Emirates Islamic's main computer and only authorised persons have appropriate access to the data in our system.
  • The SSL protocol delivers server authentication, data encryption, and message integrity. SSL is layered beneath application protocols such as HTTP, SMTP, Telnet, FTP, Gopher, and NNTP, and layered above the connection protocol TCP/IP. This strategy allows SSL to operate independently of the Internet application protocols.
  • With SSL implemented on both the client and server, your Internet communications are transmitted in encrypted form. Information you send can be trusted to arrive privately and unaltered to the server you specify (and no other).

Firewalls and routers form a barrier between the Internet and our bank's main computer. All incoming traffic is routed to the firewall, which verifies the source and destination of each information packet. The firewall then changes the address of the packet before delivering it to the appropriate site within our internal network. This way, all internal addresses are protected, keeping the structure of Key's network a secret. Our firewalls record all activity with Online Banking, including sign-ons, sign-offs, and access violations. This allows for quick identification of any suspicious activity.

The security protocol works as an adjunct to other protocols without limiting access capabilities. You can use your browser to bring either secure or insecure documents.

Online forms can be secure if the submit action is an https:// URL to a secure server.

You can save a secure document (though secure documents are not cached to disk among sessions). You can also view the HTML source of a secure document. Security affects the transmission of a document without affecting your ability to manipulate the document.

There are two ways to tell if your browser is operating with security features:

  • First, your Location Bar should show a Uniform Resource Locator (URL) that uses an https: address, as opposed to an http: address.
  • Second, the security lock will appear in the lower right corner of your browser window.

You can enter your credit card number on a secure (https) form and transmit the form over the Internet to a secure Server without risk of an intermediary obtaining your credit card information.

Secure communications does not eliminate all of an Internet user's concerns. For example, you must be willing to trust the server administrator with your credit card number before you enter into a commercial transaction. Security technology secures the routes of Internet communication; security technology does not protect you from unreputable or careless people with whom you might choose to do business.

The situation is analogous to telling someone your credit card number over the telephone. You may be secure in knowing that no one has overheard your conversation (privacy) and that the person on the line works for the company you wish to buy from (authentication), but you must also be willing to trust the person and the company.

Encryption is the scrambling of information for transmission back and forth between two points.

When you send out a letter to your friend, you communicate in a language that both of you understand. Since, your language is understood by thousands of other people also, if someone else gets hold of your letter, he will not have any problem in understanding its contents. If you do not want anyone other than to whom this letter is intended, you must use a secret language or you must substitute each alphabet in your letter for some other alphabet, which only two of you will understand. Using a secret language or substituting one alphabet or word for another is called encryption and your letter is said to be encoded. To decode your letter, the receiver must have the same key that you used for encoding. To any other person who does not have this key, the message in the letter will not make any sense and will be garbage.

Computers also use the same principle. The browser in your computer uses a string of numbers, characters and special keys and makes the encoding and decoding immensely complicated. Your computer and the one at the receiving end agree upon the keys to be used for encoding. These keys are based on a set of mathematical formulae called algorithms. When a computer encrypts a message, there are billions of key combinations to select from. However only one of the billions of combination will be correct. Only the computers on both ends of the transaction know what key combination is in use during that session. The sending and the receiving computers use a different key combination for each session and only these two computers know what key is used for the current session. So if anyone else tries to read your message, he will get meaningless string of numbers and characters only.

Encryption finds its application in variety of transactions that involve sensitive matters and even for national security. Encryption is used for sending e-mail messages, sensitive documents and in electronic commerce such as credit card transactions and electronic banking

The security provided by encryption is measured in terms of how long is the encoding key used by your computer for encryption. The level of encryption is measured in bits like 40-bit or 128-bit encryption.

If the encryption has a 40-bit key, it means that there are 240 possible different combinations for solving the key. Similarly, for a 128-bit key, there are 2128 possible different combinations. In general, the longer the key, the longer it would take for someone without the correct decoder key to break the code.

The 40-bit encryption and the 128-bit encryption differ in their complexity and the key length. 40-bit encryption can use one of the 240 possible different combinations (1 followed by 12 zeroes) and 128-bit encryption uses on of the 2128 possible different combinations (3.4 followed by 38 zeroes). 128-bit encryption is exponentially more powerful than 40-bit encryption.

According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.

For Netscape browsers: The key at the bottom left-hand corner of your screen will have one tooth for 40-bit or two teeth for 128-bit.

For Microsoft browsers: You can find out the level of encryption by using your browser menu bar. Select "File" then "Properties" then "Security."

When you visit a site that requires encryption, your browser will display the symbol with a key or a lock. If you are not in a secure area, the key or lock will be broken.

40-bit encryption is not as powerful as 128-bit encryption. But this still requires a lot of dedicated effort to break. When the length of the key is increased by one bit, the amount of effort required for breaking the code doubles. However, as the power in the hands of the potential criminals increases, it is necessary to use a more complex and longer key for secure transmission of data electronically. This is being provided by 128-bit encryption.

In Online Banking, customer information and account data is protected by two independent security protocols: data encryption and a verifiable Password. When customers use Online Banking, they are first prompted to enter their Password . The EB computer will not send any account information to the customer's computer unless the Password associated with the User ID has been correctly entered. All information that passes between Emirates Islamic and the customer's computer is put through data encryption.

Your banking session data is encrypted when the appears in the lower left corner of your screen in Netscape's Navigator, and when the appears in Microsoft's Explorer.

If you're using a version of Netscape Navigator with domestic-grade encryption running, a will appear in the lower left corner of your screen.

When not in a secure session, Netscape's appears broken and Microsoft's is not shown

You need to use a browser with 128-bit encryption for using Online Banking.

Emirates Islamic is concerned about the security of your transactions. Our success as a financial institution depends on our ability to manage these systems safely and to continue to earn your trust as our customer. By requiring 128-bit encryption, we are assuring the highest level of commercially available security for your financial transactions.

A browser is a software used use to surf the Web. In the absence of a browser you cannot visit a Web site and view its contents, graphics and other information.

Browsers offer varying degrees of security, particularly in regard to encryption:

  • Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
  • Some browsers offer more secure forms of encryption than other browsers do.
  • Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.

Browsers indicate that they are in a secure, encrypted mode by displaying an icon in the lower portion of your browser as follows:

  • Netscape navigator: A key icon in the lower left hand corner
  • Microsoft Internet Explorer : A lock icon in the lower right hand corner.

Netscape Navigator 1.1X distinguishes its browser using 128-bit encryption with an icon with 2 keys and Netscape Communicator 4.0 and Microsoft Internet Explorer do not distinguish between 40-bit and 128-bit encryption on the browser screen.

However, with Netscape Communicator 4.0, you can click on the icon to determine what level of encryption is being used for a particular Web page.

All acceptable browsers do provide detailed information on security levels in "Properties" or "Document Information" from the browser's menu bar. See you browser's help or documentation for more information.

Browsers offer varying degrees of security, particularly in regard to encryption:

  • Encryption Your browser must have 128-bit encryption.
  • No storage of account information

Your browser must not automatically store information viewed from Online Banking into your hard disc unless you specifically download the information.

The following is a list of sites you can browse for additional information concerning Internet security:

Using RSA Public Key Cryptography:

Learn more about Banking Online Banking Security systems:

During the wire less communication from PDA to Emirates Islamic secured web server, the request goes via WTLS protocol from PDA to service provider Wapgateway and using SSL from Wap gateway to Emirates Islamic site. The interport communication which happens at the wap gateway during this translation is often termed as WAP GAP.

WTLS is called Wireless transport layer security.

You can use any WAP device (mobile phones or PDAs) to access this service via any WML browser, which supports WTLS. For higher-grade security, use WTLS with 128-bit encryption to transport information to your device. Ensure that your WAP device supports such encryption.

Customers should make sure to turn on the security function of his/her WTLS-enabled WAP phone or PDAs in order to secure WTLS encryption during transmission.