Cyber criminals use compromised e-commerce platforms to conduct fraudulent bank debit orders. (Duncan Alfreds, Fin24)
Cape Town - South African businesses lost an estimated R5.8bn to cybercrime as breaches continue at an alarming rate, an expert has said.
According to underwriter Candice Sutherland around 974 million company records were lost or stolen in 2014 - an estimated 31 records every second - perpetrated mainly by disgruntled employees.
She said that these stolen records amount to losses of at least R5.8bn which can also be attributed to organisational negligence, rivals and hackers.
"The Protection of Personal Information Act (Popi), gives effect to a constitutional right to privacy and the unauthorised access to information regarding the educational, medical, financial, criminal or employment history of an individual as well as their personal details such as ID numbers, contact details and physical addresses is restricted by the Act," said Sutherland, business development consultant at SHA Specialist Underwriters.
Companies that don't take adequate measure to protect personal information may find themselves liable for data compromised by unscrupulous individuals or organisations.
Sutherland said that executives who are found to be negligent with personal information may face fines of R10m or 10 years in prison.
Cybercrime is a lucrative enterprise for fraudsters.
In the US, the Federal Bureau of Investigation's (FBI) most wanted cyber criminal is Evgeniy Mikhailovich Bogachev. He is wanted in connection with bank fraud; conspiracy to violate the Computer Fraud and Abuse Act; conspiracy to Violate the Identity Theft and Assumption Deterrence Act; aggravated Identity Theft, among other crimes.
The FBI has posted a reward of $3m for information leading to his arrest and conviction. According to the agency, Bogachev is responsible for the Zeus malware which was able to "capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts".
In SA, identity theft is facilitated by an entire ecosystem of underworld operators who specialise in capturing financial information with which to conduct the crimes.
Fin24 user Beulah Roman recently had to change her entire bank account details after cyber criminals had managed to fraudulently debit her account with R400 per day.
While laws such as the Financial Intelligence Centre Act (38 of 2001), known as Fica, seek to eliminate money laundering and provide a safe financial transacting environment, criminals don't play by the rules.
"Through various channels including illicit means they [criminals] can then recreate an identity book or passport and proof of address (everything required by Fica). In essence enough information to be able to open a bank account, apply for credit, goods and services. Obviously none of this will be re-paid and the scam is complete," Independent Identity Verification expert Dawid Jacobs told Fin24.
- Follow Duncan on Twitter