Don’t be baited in vishing scam
Ombudsman advises how bank clients can avoid being ensnared
ALTHOUGH vishing is not new, customers might be new to the scam, so the Banking Ombudsman wants to warn customers to be vigilant.
“Vishing is a method used to trick banking customers into divulging their confidential banking details, to scam unsuspecting bank customers out of their hard-earned money,” says ombudsman Reana Steyn.
Fraudsters, posing as bank officials, phone bank customers or service providers and manipulate the unsuspecting customers into disclosing confidential information such as their card details and one-time passwords (OTPs).
“The caller may seem believable or genuine, because they have the customer’s telephone number and other personal details such as card number, ID number or address.
“However, the fact that the caller (has) such information does not prove that they are who they are claiming to be.
“This information could have been stolen, found in a dustbin or willingly handed over to another service provider during another transaction.”
Most internet banking fraud and credit card fraud cases opened by her office related to vishing fraud. It targets everyone, from the more sophisticated bank customers who have access to internet banking, to all customers whose bank cards have the capability to make card-not-present purchases, such as credit and some debit cards.
“Fraudsters do not need to be in physical possession of the bank customer’s card. If the fraudsters have your personal information, card number and CVV number, they will be able to perform card-not-present transactions, such as online and telephonic purchases. Banks require their customers to keep their bank cards safe and the CVV number confidential.”
Steyn say the office recognises that card details can be obtained by the fraudsters without customer negligence and/or bank staff involvement.
To add another layer of security, the banking industry introduced OTPs and other similar methods to authorise card-not-present transactions. When investigating such complaints, and depending on the facts of the matter, the OBS requires banks to provide proof that the authorisation was sent to the customer.
The fraudsters circumvent the bank’s efforts to protect their customers by sending an OTP, through the re-emergence of vishing scams accompanied by SIM swops. In such cases, the OTP and authorisation is sent to the correct number, however, it is received by the fraudster.
The Ombudsman says banks will never ask their customers to disclose their confidential card details or OTPs. Steyn advises customers to be extra vigilant when:
Receiving a call from someone saying that they are from the bank and asking them to provide their OTP.
Asked for their bank card details. They lose cellphone reception and/or receive an SMS from the cellphone network provider of a pending SIM swop.
In these cases, or if the call from the alleged bank employee feels suspicious, customers should call their bank’s fraud department.
In instances where it can be proved that a bank customer provided fraudsters with their card details and/or OTPs, banks could deny liability unless the OBS’s investigation established that there was maladministration on the part of the bank.
In some instances, the banks have made a commercial decision in line with their customer-centric approach to refund their customers, even in instances where no legal liability could be established.
Steyn say the banks’ decision to refund is on a case-by-case basis.
“The OBS welcomes any decision by banks to contact their clients directly, even after her office has made a legally sound finding, with the aim of customer retention and satisfaction.”
Tips From the ombudsman on how to protect yourself:
Be aware. Remember that legitimate businesses will never ask you for your personal, sensitive or confidential banking information. Anyone who does this over the phone is probably trying to scam you.
Don’t give in to pressure. If someone tries to coerce you into giving them sensitive information, hang up and immediately contact your bank’s fraud department .
Remain calm. Since these criminals frequently play on your emotions, keep a cool head and hang up the phone. Immediately call your bank, credit card company, or wherever the caller claimed to be from and verify whether there is a real problem.
Be sceptical. Even if your caller ID gives the name of a bank, or some other company or organisation, it could be a trick.