Banking scams: Two-step verification isn't as safe as you think

Ever heard of a SIM swap scam? The SA Banking Risk Information Centre (Sabric) describes it as follows: criminals approach your service provider, pretending to be you, and request a transfer of your existing cellphone number to their new SIM card.

According to Wikipedia, SIM swap fraud is a kind of account takeover fraud that "targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or call placed to a mobile phone".

In other words, scammers access your mobile phone to intercept sensitive transactions that require two-step verification.

Sabric’s latest Digital Banking Crime Statistics report found that more than half (55%) of the gross losses due to crime reported to the centre occur online.

'Gross losses' is a term used in the banking industry to refer to the total loss to the consumer as well as the bank. Therefore, it includes instances where the bank refunded the client.

The related scam of number porting allows fraudsters to "move" your mobile number to one of their devices, but on a different network. This is made possible by mobile number portability (MNP), which gives mobile phone users the ability to move to another network, while retaining their number.

Once scammers have managed to either swap your SIM or port your number, they can use it to "authorise" transactions as though they are you.

Tips from Sabric to protect yourself from SIM swaps and number porting:

• Regularly verify whether the details received from cell phone notifications are correct and match recent activity on your account;
• Memorise your PIN and passwords – never write them down or share them, not even with a bank official;
• If reception on your cell phone is lost, immediately check what the problem could be;
• Inform your bank if your cell phone number changes so that your cell phone notification contact number is updated on its systems;
• Register for your bank's cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER