November 5, 2016
When you find yourself the victim of internet banking fraud linked to a fraudulent SIM swop, your bank and your mobile service provider are inclined to wash their hands of you.
Your bank will tell you that the fraud stems from the SIM swop – over which it has no control. Had it not been for the SIM swop, it would have been impossible for anyone to intercept one-time passwords (OTPs) needed to link beneficiaries to your account and to pay them.
And if you try to hold your mobile operator liable for effecting a fraudulent SIM swop, you will be told that your losses stem from fraudsters obtaining your online banking credentials or from you divulging this information to a third party. An illegal SIM swop is not enough to enable a fraudster to gain access to your bank accounts, they will say.
But what about the responsibility of organisations such as banks and mobile service providers to safeguard client information?
Monica Kruger, who was defrauded of R1.8 million in the case outlined below, sought advice from Professor Sebastiaan von Solms, an expert in information security practice.