THINK YOUR MONEY’S SAFE?
A 900% increase in SIM swaps in 12 months might make you think again
Banks and cellular networks are responding to the rising tide of digital crime by tightening the way digital financial transactions are made with both sectors making sweeping changes. The message is also clear that much of the blame must lie with sloppy customer cellphone and cyber banking conduct.
High on the makeover list is illegal swapping of SIM cards that puts 10m bank customers at risk.
The general manager at Sabric’s commercial crime office, Susan Potgieter, says the number of SIM swap incidents were less than 100 in 2011, but jumped to over 1 000 in 2012 – an increase of 900%!
These days, it seems that the bigger banks are experiencing “anything between 40 and 80 copycat sites per month and specific phishing emails sent out”, says Jeanette Clark, researcher and writer at MoneyWeb. And that immediately poses the question: Should you fall victim one of these schemes awash in the banking digital system, who is liable: you or the bank?
Lee-Anne van Zyl, CEO of FNB Online told Moneyweb that liability for the losses incurred when fraud occurs is dependent on the facts of each case. With SIM swaps she says the fraudster would still have had to get access to the client’s user name and password and as such, the client will be held liable if he/she gave their details to the fraudster. “If it can be found as determined by the Ombudsman for Banking Services that the bank did not treat the client fairly, the bank may be requested to carry the client’s loss,” she says.
Nedbank’s Lucas Venter, Senior Manager for Analytic and Forensic Technology agrees. “Clients are only held liable for fraud if they were negligent,” he reports. Capitec’s Carl Fischer, executive marketing & corporate affairs, maintains that in most cases, if the bank cannot prove “gross negligence by the client” Capitec will cover the loss.
Absa’s head of digital banking Adrian Vermooten says it investigates each case. “If it can be found that the bank was in any way negligent in executing its duty we do apportion liability.”
Angelique Ardé of The Saturday Star’s Personal Finance says the numbers are worrying and that “the banks need to up their game by being a step ahead of the fraudsters and providing safe payment systems.
While Rachelle Blidner cautions against being duped in card skimming, card swapping and the wily ‘Lebanese Loop’ while trying to be helpful. In card skimming perpetrators copy information from the magnetic strip of a card when a bank customer lets the card leave their sight. SIM card swapping often occurs with phishing via fraudulent websites while ‘Lebanese Loop’ scamsters sabotage the the ATM machine so that it traps the card after owners have entered their PIN numbers. They note the numbers by watching over their shoulders or asking the victim to re-enter their PINs while pretending to help them.
A few tips for online and digital banking safety
1. Check that the online banking site is secure and encrypted – browsers should show a locked padlock on the screen. Certain browsers allow you to click on the padlock to review the security settings.
2. Confirm the URL each time you use the site ensuring that it is indeed the official and authentic site.
3. Do not try to browse to other sites while in a banking session. Do not use back and forth buttons on browser.
4. Do not reply to emails asking for login or personal details. Banks will never ask for details to be sent via email.
5. Keep your login details safe and secure. Do not write them down where they can be accessed.
6. Regularly change your securephrase (used by some banks) or password.
7. Do not use the keypad to input login details, rather use the keypad on the screen. Keyloggers can’t pick this up.
8. Review your bank statements monthly for any suspicious activity. Check with your bank if you are unsure.
9. Make use of the services provided by banks to notify you in real time of transactions made on your account.
10. Download anti-phishing or security software offered by your bank.
11. Check regularly to ensure that your security and anti-virus software is up to date.
12. Do not choose the option for an online transacting site to remember your computer, rather go through full process of identity authentication each time.
13. Avoid using public computers for banking.
14. Avoid providing personal information, like Ids, to callers.
15. Check the SABRIC website often for new scams at www.sabric.co.za
16. Contact your cellphone network service provider as soon as you notice something wrong, such as the SIM suddenly not working. This could mean a SIM swap has been done.
17. Do not post personal information on social networks.
18. If you do want to engage in social networking, review your security settings and set it to the highest level you are comfortable with. Report any suspicious activity to the provider.
Are things any better in faraway places where crime seems less rampant than in South Africa, in the UK for instance? In London, Gillian Guy, CEO of the Citizens’ Advice Bureau says, “Scammers have never had it so good as they exploit difficult economic times. For most people the recession has been really tough, but fraudsters have cashed in on other people’s misfortune. We’re seeing people who have been dealt a double blow by losing their job and then losing money while trying to find a new one.”