CONSUMERS’ DOS AND DON’TS IN ELECTRONIC BANKING
LET’S TALK BANKING WITH - BAZ FRAUD PREVENTION COMMITTEE MEMBER
MY colleagues and I have in the recent past done articles on the risks associated with Electronic Banking Channels with a view to improving public awareness. While these are few and the effi ciency of the channels is much higher, there are a few exceptions that need to be discussed. I again return to the subject given the un relenting trends on Mobile Bank ing Platform fraud.
At first registration on an elec tronic channel, consumers are re quired to create a Personal Identi fication number popularly known as a PIN. Unfortunately, most con sumers resort to using their year or birth or combination of their birth date and year of birth. Through use of social media platforms, physical forms and registers this informa tion remains readily available to unscrupulous persons orchestrat ing fraud.
Social Apps are notorious for carrying birth dates of account holders which information is readily available in just seconds to anyone looking for it. All that fraudsters require to do thereafter is to obtain phone numbers are re placement SIM cards and attempt a combination of the digits repre senting your birthdate. The suc cess rate is, as you can image, in ordinately high and for this reason consumers are implored not to use birth dates or simple number combinations such as 1234 when creating their PINs.
It is concerning for us that phys ical records such as Visitation Reg isters, COVID contact registers and Employee Attendance Registers in the majority of cases requiring more information than is neces sary for their purpose, remain in use. Aside for their secure storage being cumbersome and costly, there are parties that are willing to pay for the information they contain.
With the proliferation of phone cameras such information can be sent around the world in a short space of time for intrusions to happen from outside the borders and proceeds drawn in foreign jurisdictions. Those impacted by such fraud incidents are often left to wonder why they were targeted; this is the reason. Perhaps it is time to begin to change culture on the use of registers.
Elderly and less tech savvy con sumers often entrust the creation of accounts and operation of Mo bile Banking platforms to their children, dependents, spouses, relatives, or friends. In doing so such consumers trust that the persons’ they allow knowledge of PINs and unfettered access to ac count information, are honest and cannot deceive them. The nature of money is that it is pervasive. The likelihood that an innocent obedient, rule abiding child will remain that way in the face of temptation arising from peer pressure and the prospect of having money, is very low. One can safely argue that any value left invitingly available can quickly change a person’s dispo sition and cause him to become a criminal. Therefore, when Bankers say consumers should not entrust or divulge banking credentials and information to third parties, this is the risk that they see.
Another variant to the foregoing is the persistent issue of Phishing. In Phishing cases fraudsters call consumers pretending to be call ing from the consumers’ bankers. Either by long string codes where they ask the consumer to enter a code interspaced with Asterix and first two digits of a PIN, random numbers, after which the last two digits of the PIN are also request ed; or by simply asking for the PIN after acquiring the consumers’ confidence, PINs are inadvertently or wilfully divulged.
The PIN being in most cases the validating criterion on such plat forms, once divulged allows the new holder to have full operation of the consumers account. They can transfer funds out, obtain ad vances and loans, receive deposits and check account activity. Given PINs are created by the consumer and are only known by the con sumer, the platforms identify any user with a valid credential as the account owner or their nominated agent, and unless the consumers can prove negligence against their bankers, Banks seldom accept lia bility for such drawings. You will in other words have no recourse on the Banks for any drawings using your PIN.
Long string codes are also used to create commands on certain platforms such as USSD based channels. Each number the con sumer enters is in fact a command to transact. This underscores the need to be alert when interact ing with unknown persons on the phone.
On liability, I wish to remind readers that Banking services con sumers by accepting the terms and conditions of accessing Electronic Channel services, expressly agree that they are liable for any omis sions related to divulgence/ com promise of banking credentials, including but not limited to PINs, Passwords and Cards. Intending consumers are unable to register on these platforms if they do not accept the terms and conditions attendant. Seemingly these terms and conditions are not read until incidents occasion.
As always, your feedback is high ly valuable, and this platform offers an opportunity for further engagement with members of the public on matters relating to Commercial Banking. Please share your feedback with us via E-mail: Mirriam.Zimba@baz. co.zm