Share

Why banking fraud is here to stay

accreditation
Password. (Duncan Alfreds, Fin24)
Password. (Duncan Alfreds, Fin24)

Cape Town - Internet users are contributing to banking and financial fraud by falling victims to cyber scams designed to steal cash, says a cyber security expert.

While credit card fraud has declined in SA by 28.6%, according to the South African Banking Risk Information Centre (Sabric), debit card fraud increased 8.3% to the year ended 2015.

The organisation also reported that Card Not Present (CNP) fraud increased by 12.6% to account for 75% of losses relating to South African issued credit cards.

“The problem is not that the cyber criminals are stealing our information, but rather that we are giving it to them,” said Tjaart van der Walt, chief executive of Truteq Group.

“We click on the links in the phishing emails and we install the ‘free’ apps on our mobile phones. This mechanism to get your banking information is more about social engineering than hacking in the old sense,” he added.

Trojan attacks

READ: 8 top tips for hacker proof passwords

Security firm Kaspersky Lab recently reported that cyber criminals have turned to Trojans designed to steal financial information and install malicious software on both PCs and smartphones.

“Almost every detected threat in South Africa is an advertising Trojan that can use root rights on the phone,” Roman Unuchek, senior malware analyst at Kaspersky Lab USA recently told Fin24.

Van der Walt said the divergent interests of communication and financial security between mobile phone operators and banks has left a security gap.

“Using mobile technology to secure financial transactions was not part of the specifications or the intended purpose. Three decades later, mobile telephony has turned out to be indispensable to our way of life and there is now a mobile phone in almost every pocket,” he said.

Banks typically use a one-time PIN (OTP) sent to a customer’s cellphone to secure online transactions. However, mobile operators do not want to expose themselves to additional risk.

“In the delivery of a one-time pin, a mobile network operator has very little (in all likelihood no) legal or financial risk. The terms and conditions of use limit their liability and case law exists to reinforce this position. In fact, a mobile network operator will not want to be associated with the authentication of financial transactions at all,” Van der Walt said.

The fact that many banks send the verification to the same mobile number to conduct the transaction may leave customers vulnerable if a cyber criminal has compromised the device.

SIM-swap fraud

READ: Beefed up baking malware stalks smartphones

“Using the same mobile phone to make a transaction and to verify it [financial transactions], wipes out the benefit of the two-factor authentication. Fraudsters only have to compromise you once in order to break into your bank account and clean it out,” said Van der Walt.

The problem is magnified when customers enact a SIM-swap – or if criminals conduct a fraudulent SIM-swap.

“The identification process followed by a mobile network operator’s call centre agent to verify your identity for the purposes of a SIM swap or network port is as simple as possible. Their interest is to keep us talking and if we cannot make a call, then we cannot talk and consume credit,” said Van der Walt.

“The banks, on the other hand, need the verification process to be as rigorous as possible in order to comply with anti-money laundering and counter-terrorism laws,” he added.

Van der Walt argued that about 1% of mobile subscribers conduct a SIM swap per month, implying a change in about 870 000 numbers in SA.

While not all mobile subscribers are banking customers, Van der Walt said number porting could place a strain in banks’ ability to keep track of customers.

“Even if a bank had the access to see if a user has ported or not, blocking a transaction purely on the basis of the user changing networks will drive hundreds of thousands of irate customers to their call centres,” he said.

Do you trust online banking? Let us know

WATCH this video on internet banking fraud:


- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.87
+0.3%
Rand - Pound
23.85
+0.2%
Rand - Euro
20.38
+0.3%
Rand - Aus dollar
12.32
+0.2%
Rand - Yen
0.12
+0.3%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders