In the United Arab Emirates, authorities are urging residents to exercise caution when sharing their Emirates ID cards amid concerns over identity fraud and data misuse. Instances involving the exploitation of Emirates ID information have highlighted the risks associated with unsecured copying and distribution of these sensitive documents.
A 2020 case in Dubai involved an expatriate who was arrested for allegedly using another individual’s Emirates ID to cash fraudulent cheques totaling approximately 350,000 dirhams. The scheme involved multiple transactions and accomplices, underscoring how personal identity documents can be misappropriated when access and verification protocols are not properly followed.
Emirates ID cards contain a range of personal and biometric information, such as residence numbers, passport details, fingerprints, and iris scans. Experts emphasize that the risk arises less from possession of the card itself than from the uncontrolled duplication and sharing of its data in everyday situations. Residents commonly face routine requests for Emirates ID copies at shops, delivery points, or service counters, often through informal or unsecured channels like messaging apps or email. Once shared, individuals frequently lose control over where the data is stored, who accesses it, and for how long.
The Federal Authority for Identity, Citizenship, Customs and Port Security (ICP) in the UAE has clarified that Emirates ID cards should not be used as commercial incentives, such as for discounts or rewards, nor as collateral for services. Private entities are prohibited from retaining ID cards unless explicitly authorized by law, and withholding IDs without official or judicial approval is illegal. The ICP advises residents to disclose their Emirates ID only when mandated by law or when dealing with entities officially authorized to request it.
Legal experts note that certain institutions—such as banks, telecommunications providers, or other entities conducting Know Your Customer (KYC) processes—may have legitimate reasons to request Emirates ID information. However, any collection of such data must be proportionate and handled with care to prevent misuse. Individuals affected by improper handling of their ID data have recourse to legal remedies, including complaints, data correction, and requests for deletion or restriction of information.
Another case reviewed by a Dubai court involved an employee who allegedly misused his employer’s Emirates ID to open a corporate bank account and position himself as an authorized signatory. This enabled fraudulent alteration and withdrawal of funds, escalating one cheque from 96 dirhams to 1 million dirhams in value. While some money was recovered, the court partly attributed the fraud to the employer’s negligence in safeguarding the Emirates ID.
Cybersecurity experts highlight several common schemes exploiting Emirates ID data, including SIM-swap fraud, fake KYC onboarding, and identity stitching—where fragments of leaked personal information are combined to build complete profiles for fraudulent purposes. SIM-swap fraud allows attackers to hijack telecom accounts and intercept banking authentication codes, enabling unauthorized transactions.
Despite sophisticated security features embedded in Emirates ID cards, such as encrypted chip data and physical anti-fraud elements, informal sharing practices remain a vulnerability. Experts urge residents to verify requests carefully, avoid unnecessary sharing, and only provide their Emirates ID information to verified and authorized entities to mitigate risks of identity theft and fraud.
