Weekend Argus (Saturday Edition)
‘SIM-swop scams are an inside job’
Striking parallels allow forensic expert to identify modus operandi
WHEN an internationally distinguished forensic scientist ventures an opinion, it is probably a good idea to take it seriously.
And Dr David Klatzow – who certainly fits such a profile – says there is no doubt in his mind a recent spate of internet banking frauds on which he has been consulting has been effected with the involvement of people inside the service providers involved.
Although other accounts held by other banks have been targeted in other cycles, the recent spike ( which started over the festive season) has focused on First National Bank accounts, and involved “authentication” via temporarily “hijacked” MTN cellphones.
“Examining the facts as they have been presented to me, I can’t see how the theft could have been done without insiders on both sides… FNB and MTN, even if it was only to pass on information about accounts that were going to be hacked into.”
And there are striking parallels between at least some of the cases that have come to light in recent weeks – after audiologist Gail Jacklin first approached Klatzow when she was defrauded of more than R300 000 over new year, as reported in the Weekend Argus last month.
Weekend Argus is in possession of detailed information recording what happened to Inri McManus, owner of the Riversong Guest House in Newlands. Like Jacklin, McManus banks at FNB in Claremont and got a cellphone contract with MTN through a dealership in Cavendish Centre.
Also, as was the case with Jacklin, the first sign anything was wrong (though it was not perceived as such at the time) came when she noticed her cellphone was showing a “no service” message at 9am on December 6.
Unaware anything was wrong, McManus went to the Waterfront, where she did some shopping and had lunch at the San Marco restaurant.
It was only around 4.30pm that afternoon – a Sunday – that she realised her cellphone was still offline when, on her return to the guest house, a member of staff told her he had been unable to get through to her on her cellphone.
The next day, she was able to address the issue of her nonfunctional cellphone at the dealership in Cavendish Square. Here, the consultant she dealt with informed her the SIM card in her handset was damaged and recommended a SIM swop.
Later that day, her cellphone came back online. Even now, however, McManus didn’t pick up the theft from her bank accounts – which started just before midnight on December 6.
What the MTN consultant had failed to tell McManus was that a SIM swop had been performed on the cellphone the day previously.
It was while that fraudulent SIM was operational, as McManus later discovered, that her bank accounts were raided.
As screengrabs in the possession of Weekend Argus detailing transactions in McManus’s cell account show, it is almost impossible not to notice that on December 6 her SIM had been swopped. It had been swopped at a dealership in Graaff-Reinet – at a time when McManus had been in Newlands and the Waterfront.
The name of the dealership is known to Weekend Argus, as is the sign-in under which the swop was effected. However, since this newspaper has not been able to contact the relevant parties so far, the details are being held back.
The sign-in in question was that of an employee who left the dealership in November.
This parallels the uncertainty into which Jacklin’s case descended when it emerged that the dealership in Bronkhorstspruit, where her SIM was swopped on the second last day of December, was purportedly offline at the time of the swop. In both cases it would have to be established whether the person/s to whom the log had been allocated had used it at the time the fraud was committed.
McManus’s second SIM swop – the one which restored her service – did not cut the scamsters off from her accounts and illegal transfers continued to be made until December 11 – from both McManus’s business and private accounts. Though around R150 000 was transferred out of the two accounts, some transactions were reversed and the total loss stands at just under R110 000.
In the course of the past week both MTN and FNB have been subjected to severe criticism by the public.
While FNB has approached several victims, and – though still not admitting liability – is reportedly negotiating possible reparations, in the light of the huge public outcry MTN seems to be less responsive.
The cellular provider has showed itself less than helpful in building confidence in either its customers or the media.
Several days after a detailed set of questions was sent to MTN’s media department, the following response was received: “We are currently looking into the matter and will provide feedback of the outcome to the customer as soon as the investigation is done.”
To the victims of the fraud themselves, MTN has been hardly more helpful.
Responding to McManus, MTN wished to “reiterate that it cannot be held liable for any fraud that may have been committed on your bank account, as such fraud can only be committed where a fraudster has your bank card/account number, your internet banking PIN and password. Accordingly, MTN accepts no liability with regard to this kind of fraud as it is not caused by any action on the side of MTN”.
“SIM swop fraud cases, including this matter, must be reported to the South African Police Service, who in turn will conduct the necessary investigations, once the ‘fraudster’ is identified, the affected party may institute criminal or civil proceedings in a court of law.”
But this would appear to ignore the responsibilities imposed on cellular providers by the Regulation of Interception of Communications and Provision of Communicationsrelated Information Act (Rica). Here – against a penalty of R150 000 per day – failure to assemble documentation authorising transactions like SIM swops and to inform the authorities of all that turn out to be suspicious – a responsibility is placed on communications providers.
In other words, MTN would seem to have responsibilities in respect of SIM swops like those at issue. The matter will however remain ambiguous and ill-defined, legal authorities consulted said, until new legislation introduced under the Protection of Information Act, already signed but not yet enacted, comes into force.
This would make MTN finally responsible for dealerships operating under its umbrella. – Additional reporting by Angelique Arde