JEDDAH/ALKHOBAR, 13 November 2004 — Saudi banks have cautioned their clients against using telephone systems of hotels and furnished apartments to carry out bank transactions citing the possibility that their secret numbers could be misused to conduct fraudulent and suspicious operations.
“The central telephone systems in most hotels and furnished apartments are capable of reading the numbers contacted and keep them in the records,” Al-Eqtisadiah business daily quoted a banking source as saying.
“This will help staff of hotels and apartments to know the secret numbers used for telephonic banking and account numbers and thus they can misuse them if they wanted to do so,” he added.
The source said hotel and apartment staff could conduct banking operations such as transferring funds to other accounts, paying service bills, conducting international transfers, paying dues of credit cards and requesting balance of accounts, using secret numbers of clients.
“They can also carry out fraudulent operations such as money-laundering and illicit trade and involve clients in financial problems without their knowledge, especially those having semi-frozen accounts,” they said.
A technical official at a bank also advised clients not to use the telephone systems of hotels and apartments for banking transactions, saying that they could have disastrous consequences.
“Keeping secret numbers is the responsibility of the client and the bank will not be responsible legally for any misuse of these numbers,” he pointed out.
He advised clients traveling abroad to use their mobile numbers to carry out banking operations. “They can contact the bank’s land phones that are mentioned behind credit cards,” he said.
As many as four million Saudis and expatriates now use telephonic, mobile and Internet banking facilities offered by the Kingdom’s banks. “Saudi Telecom provides mobile phone banking service, which can be used to know bank balance, conduct banking operations, pay service bills and fund transfers,” he said, adding that it is one of the most secured facilities.
Hotels and furnished apartments use PBX systems to manage their telephone connectivity. These systems can be vulnerable to hacking if they don’t have appropriate firewalls and other security procedures implemented.
“This is a warning not a statement of a current attack on the Saudi banks or their systems,” said Mirza Asrar Baig, CEO of IT Matrix, a local network security firm. “PBX hacking of different types has been a reality since at least the late 1980s,” he said.
He continued, “There is no way a guest at a hotel would know if the proper security measures are in place so it is better to be cautious. Low cost, sophisticated hardware and software that enables interception of data sent over telephone lines is readily available. For example, simple equipment connected to a telephone line can record the tones made when account numbers and passwords are entered into the handset. A hacker on the outside or an unscrupulous employee on the inside could be using such equipment.”
Baig pointed out that it is not only hotels and furnished apartments where PBX hacking is an issue.
Any company or organization that uses a PBX system to facilitate telephone connectivity can be vulnerable.
