Persistent scams force banks to act
SA’s major banks are reviewing their online security measures to combat increasingly sophisticated cybercrime. Absa recently had to refund one of its clients the R3.1m stolen from his account as a result of SIM-swap fraud, but said this was an isolated incident.
SA’s major banks are reviewing their online security measures to combat increasingly sophisticated cybercrime.
Absa recently had to refund one of its clients the R3.1m stolen from his account as a result of SIM-swap fraud, but says this is an isolated incident. It has had strong controls in place since 2017, says the bank, and customers who adopted the new safety features offered on apps and online, have not experienced SIM-swap fraud.
Last week, the case of a Cape Town businessman who had R3.1m stolen from his account while he was out of the country made headlines.
On Friday, Ulrich Janse van Rensburg, head of fraud strategy for the bank’s retail and business banking said that for customers who had not adopted the new controls, it was now placing holds on accounts where a SIMswap occurred. “SIM-swap fraud has been an isolated fraud type since the bank implemented the SIM-swap controls on the Absa banking application,” said Van Rensburg.
Standard Bank has adopted the same system, placing a hold on accounts once it has detected a SIM-swap on customer numbers linked to its accounts.
Capitec said its system can also detect SIM swaps if provided by the cellphone network provider. However, Capitec has taken its security measures a notch up by using fingerprint registration on its banking app to make sure the app is immune to SIM-swap fraud.
In its latest report, the SA Banking Risk Information Centre said digital banking crime related to SIM-swaps increased by 104% from January to August 2018, compared to the same period in 2017, the highest jump of all digital banking crime incidents.
This kind of fraud has become more sophisticated. Apart from the known SIMswap scam, fraudsters are now using a relatively new twin SIM scam where they duplicate people’s cellphone number onto another SIM card. They are able to divert certain phone calls and SMSs to the new SIM.
Bank customers will also be able to approve all debit orders against their accounts from October 2019, said Standard Bank. All banks are working on implementing a new system called DebiCheck, following the Reserve Bank’s directive to the Payment Association of SA to find a solution to the issue of illegal or incorrect debit orders.
“As a first step, a customer s mandate will have to be obtained and confirmed before a debit order instruction can be initiated. Customers will now have to electronically confirm the validity of a debit order request and confirm this with their bank,” said Standard Bank spokesperson Ross Linstrom.
The bank’s DebiCheck capability is now live, he said, although at a controlled volume level. At this point it is only used for early debit orders but all banks should have this feature fully operational by October.
In December, SA banks were again hit by a large-scale R99 debit-order scam which led to the likes of Capitec having to refund money to more than 25,000 customers. Capitec executive head of marketing and communications Francois Viviers said while waiting for DebiCheck to be rolled out, the bank will focus on creating awareness with clients to review and dispute potential fraudulent debit orders.
It has enabled customers to do this on their banking app as well.
FNB Consumer Core Banking CEO Ancley Jacobs said he believes that DebiCheck, which the bank is piloting, will provide a needed breakthrough for the industry in reducing debit-order fraud. The bank has a proactive fraudulent debit-order warning system which alerts customers to potential suspicious debit orders that are currently running, Jacobs said.
He added that FNB notifies customers every time a new debit order is raised for the first time, regardless of the amount.