Fin24 user Martin Bekker writes:
My letter is in response to the numerous calls for class action against banking cybercrime in Media24’s papers of early May 2013, following the report that R360 000 had been stolen from the Absa Group [JSE:ASA] account of the CEO of Media24, Esmaré Weideman.
I agree that it is high time that the long-suffering bank clients get together and claim their rights from the smug and arrogant South African banks.
Numerous South Africans have already fallen victim to this kind of cybercrime; some got something back from the banks, but the majority have to grin and bear their losses. It is rather far-fetched for an individual to take on the banking colossi, but together we can put legal and consumer pressure on them.
So, I offer to lead the pack, and invite aggrieved bank customers who have lost money through cyber scams to get in touch with me. We should make our voices heard.
Why is it neccessary?
It is neccessary because of the rising tide of internet and cellphone fraud that we all are exposed to as compulsory consumers of the services of banking and cellphone institutions.
We are not talking about a few hundred clients whose accounts are fraudulently raided from time to time, but about an orchestrated assault by sophisticated and unscrupulous criminal syndicates targeting thousands of innocent, trusting account holders at all banks.
An amount of R180m was stolen from their accounts in 2010, with credit card fraud adding a further R403m in the same year (figures by the South African Banking Risk Information Centre).
Such fraud cases rose by 8% last year, according to John Myburgh, chairperson of the Banking Ombudsman board, when no fewer than 4 450 cases were opened against banks – of which 1 335 were against Absa.
One thousand new cases of fraud have already been added this year. He said that there is a growing sophistication of attacks against banking systems, and that banks must tighten safety measures to protect their consumers.
Is it a local thing?
It’s a mistake to blame local good-for-nothings, Nigerians and Romanians for banking cyber fraud; they are operators, but the big fish are international crime syndicates.
Last week in a British court hackers who broke into Pentagon computers, crashed the CIA’s website and stole millions of identities from corporate giants like Sony and Fox were called latter-day pirates; they admitted laughing at existing cyber security.
And, in a bank heist earlier this year, a global cybercrime ring stole $45m from two banks by hacking into credit card processors and withdrawing money from ATMs in 27 countries in 36 000 transactions in just over 10 hours.
In this court case the prosecutor said: “This demonstrates the major threat that cybercrime poses to banks around the world, and how increasingly international and sophisticated criminal internet gangs have become.
"Operating with surgical precision, they are highly skilled and capable of devising ways to penetrate well-protected financial systems.” But Absa insists the onus is on the customer to safeguard his money.
The banks' reaction
The banks refuse to provide statistics and deny any liability, glibly blaming cybercrime on their clients, whose responsibility it is to safeguard their unique PIN numbers, access codes and passwords.
So, the standard reaction of the banks is to shift the impossible onus of proof to the client, even though they know their systems are unsafe – as proved by their impotence against the threats of electronic crime.
Compensation is awarded rather arbitrarily: I bet that Esmaré Weideman will be reimbursed because she can harm the image of Absa by virtue of her media position.
I know of others who were repaid because of their high social or political profiles or their media gatekeeper positions, but the average account holder can bargain on the standard letter, “Absa regrets...”.
What is the legal position?
Legally it is the fiduciary duty of banks to protect the funds their clients entrust to them, the safekeeping of which is the uncontested prime responsibility of banks. No bank may legally pay out or transfer any funds in their care without the express personal authorisation of their clients.
Banks also have a duty to commit to the Code of Banking Practice, which calls for safe, secure and reliable banking and payment systems.
We should not allow ourselves to be swayed by the media questions (see Sake24 of May 2013) as to who is responsible for the effects of cybercrime: the banks are.
If they refuse to accept this responsibility we should take our money away from them, and sue the pants off them for any losses we incurred. Consumers should not allow themselves to be intimidated by the greedy banks.
What can the client do?
Not many options are open to consumers whose accounts have been raided.
First of all, a fraud investigation must be opened at the bank - though the regret-letter has already been typed. Then the case must be reported to the police, who will tell you three months later that it is actually a commercial crime and should have been reported to the Commercial Branch in Bellville or the Dedicated Cybercrime Task Force in Gauteng...
Also, do not forget to cancel the corrupted internet transfer arrangement, and to change your passwords... otherwise you might be hit again.
On receipt of the bank’s slogan reply that they repudiate your claim, you can either appeal to the Banking Ombudsman (whose salary is paid by the banks, by the way) or sue the bank/cellphone company for your losses.
But the dice are loaded against you, unless you are a member of the Gupta or Zuma clans, because between you and your right is a no man's land patrolled by professional mercenaries.
In the recent (March 2013) court case of the consumer protector society New ERA against four major banks, the banks were represented by senior counsels whose fees amounted to an average of R50 000 each. The entire argument lasted no longer than an hour.
So, consumers should seek their right by concerted class action, and even then try to obtain the services of a public spirited legal counsel, who may even be prepared to act pro deo.
My own experience
I still find it hard to believe how a bank with a modicum of experience and common sence could have allowed a lot of money (nearly R100 000) to be stolen from my accounts in the way it was done, and then blame me for negligence.
It happened some six months ago, when an internal syndicate operating inside Absa/Vodacom fraudulently withdrew the money from my credit card account with a MasterCard that was withdrawn by the bank five years ago.
How do I know it was an inside job? Staff members of Absa as well as Vodacom confirmed the existence of such a syndicate; only insiders could have known that I had accumulated funds in my account with a view to paying contractors for renovations to my house; during the fraud investigation it came to light that Absa staff members noticed unusual attempts to access my account some time before the crime, but they failed to alert me, etc.
Anyway, how could any outsider have drawn money from my account with a non-existent card, without any password or ID? So, I got the knee-jerk letter from Absa informing me after the event that “you were a victim of crime. Absa regrets...”
I then appealed to the Banking Ombudsman, where my complaint is one of some 5 000, and I am waiting impatiently...
Please let me know how you intend to proceed with the action. I’m there with you all the way. We should certainly involve the media also, as well as consumer societies. The banks know they are unpopular, and they are losing
Absa last month engaged a PR firm to do research on its waning image. We should capitalise on this
My name is Martin Bekker and you can get in touch with me on e-mail at: email@example.com. No, I’m not providing my password!
Follow Fin24 on Twitter, Facebook, Google+ and Pinterest.