A Fin24 user says R100 000 was stolen from her bank account and she wants to warn the public to be careful. She writes:
I want to warn every Capitec customer. We had R100 000 stolen from our account. We reported it within the hour. They aren't interested to help us.
To steal money from an account you need to use the token three times. This person created a beneficiary, paid the beneficiary without a token.
Capitec just pulled up their shoulders and said "sorry, we can do nothing".
Please share this, maybe I can help someone save their money from being stolen.
Charl Nel, head of communications at Capitec, responds:
Without any of the details it is nearly impossible to comment.
However, internet banking fraud can only happen if a client’s username, sign-in password and security token have been shared with another party.
Capitec clients can choose between a token on a keyring (generates one-time passwords) or a token app with pin on a cellphone (also generates one time passwords).
These security tokens should be in the client’s possession at all times. We do not use the SMS method to send clients one time passwords (PTPs).
Fraudsters are particularly convincing and find clever ways to access people’s information and accounts worldwide.
In many cases the client has unknowingly assisted the fraudsters by clicking on a link in a phishing email and signing in to a “fake” website, divulging their sensitive account information (log on details and OTPs) in the process.
We regularly send all clients SMSs to remind them to never access their account via an email or SMS link. We also warn them when they open accounts.
We recently had high engagement on the following Facebook post:
“The bank is responsible for a secure product, like a safe. The client is responsible for the safekeeping of their PIN, like a key to that safe.
Due to this responsibility, loss in the case of negligence will not be compensated for.
Just like you don't expect the safe manufacturer to reimburse you for the loss of its contents, after you gave copies of the key to total strangers.
Negligence includes:
- Inserting your PIN or password on a fake website from a link in an email or SMS;
- Sharing your PIN with others, even with a bank employee or the Police;
- Being careless when you key in your PIN at an ATM or card machine.
The quickest recourse for a client of any South African bank, who is not in agreement with their bank, is through the Banking Ombudsman.
Their contact details are: Telephone 011 712 1800 or Sharecall 0860 800 900 or http://obssa.co.za.
A ruling by the Ombudsman is like a court ruling and the bank has to abide by the decision.
Note, however, that the Ombudsman weighs up the facts and if the client assisted the fraudsters, the client’s request will obviously not be supported.
While I do not have the details of this specific case, I trust that my answer gives you food for thought in terms of an approach.
- Fin24
Disclaimer: All articles and letters published on MyFin24 have been independently written by members of the Fin24 community. The views of users published on Fin24 are therefore their own and do not necessarily represent those of Fin24.
I want to warn every Capitec customer. We had R100 000 stolen from our account. We reported it within the hour. They aren't interested to help us.
To steal money from an account you need to use the token three times. This person created a beneficiary, paid the beneficiary without a token.
Capitec just pulled up their shoulders and said "sorry, we can do nothing".
Please share this, maybe I can help someone save their money from being stolen.
Charl Nel, head of communications at Capitec, responds:
Without any of the details it is nearly impossible to comment.
However, internet banking fraud can only happen if a client’s username, sign-in password and security token have been shared with another party.
Capitec clients can choose between a token on a keyring (generates one-time passwords) or a token app with pin on a cellphone (also generates one time passwords).
These security tokens should be in the client’s possession at all times. We do not use the SMS method to send clients one time passwords (PTPs).
Fraudsters are particularly convincing and find clever ways to access people’s information and accounts worldwide.
In many cases the client has unknowingly assisted the fraudsters by clicking on a link in a phishing email and signing in to a “fake” website, divulging their sensitive account information (log on details and OTPs) in the process.
We regularly send all clients SMSs to remind them to never access their account via an email or SMS link. We also warn them when they open accounts.
We recently had high engagement on the following Facebook post:
“The bank is responsible for a secure product, like a safe. The client is responsible for the safekeeping of their PIN, like a key to that safe.
Due to this responsibility, loss in the case of negligence will not be compensated for.
Just like you don't expect the safe manufacturer to reimburse you for the loss of its contents, after you gave copies of the key to total strangers.
Negligence includes:
- Inserting your PIN or password on a fake website from a link in an email or SMS;
- Sharing your PIN with others, even with a bank employee or the Police;
- Being careless when you key in your PIN at an ATM or card machine.
The quickest recourse for a client of any South African bank, who is not in agreement with their bank, is through the Banking Ombudsman.
Their contact details are: Telephone 011 712 1800 or Sharecall 0860 800 900 or http://obssa.co.za.
A ruling by the Ombudsman is like a court ruling and the bank has to abide by the decision.
Note, however, that the Ombudsman weighs up the facts and if the client assisted the fraudsters, the client’s request will obviously not be supported.
While I do not have the details of this specific case, I trust that my answer gives you food for thought in terms of an approach.
- Fin24
Disclaimer: All articles and letters published on MyFin24 have been independently written by members of the Fin24 community. The views of users published on Fin24 are therefore their own and do not necessarily represent those of Fin24.