Consumers warned to stay alert as digital banking fraud spikes
As the Covid-19 lockdown continues, albeit under relaxed level 3 rules, the SA Banking Risk Information Centre (Sabric) and banks warn consumers to stay alert for scams that can cost them their hard-earned cash — or even their identity.
This comes as Sabric reports that digital banking fraud increased by 20% in SA last year.
Nischal Mewalall, CEO of Sabric, says credit and debit card fraud increased by 20.5%, partially because of the growth of credit card payments — the number of credit card transactions processed by banks, and the number of card holders and merchants, have all increased significantly.
The leading contributor to card fraud losses remains card-not-present fraud (CNP), which occurs when your card number is used fraudulently to make a purchase at a merchant while the physical card is in your possession.
FNB’s head of card fraud Senzo Nsibande says a common scam the bank has picked up involves criminals calling and pretending to be from your bank, informing you that there’s been fraud detected on your account while offering to help to reverse the transactions.
“They then ask you to read out the one-time PIN that you just received, enabling them to fraudulently purchase goods using your card details online,” he says.
Mewalall says 66.6% of all fraud on SA-issued credit cards took place on merchant devices in a foreign country. SA e-commerce merchants largely comply with 3D Secure while merchants abroad don’t use it.
3D Secure is offered by Visa and MasterCard to address CNP fraud. If you sign up for the service, it enables you to validate any internet transaction by requesting a personal code (usually sent to your cellphone or e-mail address as a one-time PIN).
Phishing scams continue to rise
Andrew van der Hoven, head of digital banking at Standard Bank, says that during April alone the bank saw an increase in common cyber-crime techniques, such as phishing scams in which fraudsters try to get you to reveal your banking details through fake e-mails, SMSs or websites.
Van der Hoven says the highest volumes of cyber-fraud are perpetrated via internet banking, which is largely accessed via desktop or laptop.
He says a sizeable portion of Standard Bank customers still use internet banking. While this usage has dropped off during the lockdown, it is now ticking back up as more customers return to their places of work. “Not everyone uses a password manager or, worse, they store their password in their browser. This can expose users to vulnerabilities,” he says.
However, Van der Hoven notes that there are very few instances of fraud cases related to cellphone banking as biometric enablement has become a common feature on most mobile devices.
“Many smartphones already have biometrics, such as using facial recognition or being thumbprint enabled, which makes it difficult for anyone else to access the device. When these security points are permitted, it provides a better way of verifying whether someone is who they claim to be as opposed to password verification.”
Sabric tips to prevent CNP fraud
- Protect your personal information, such as your identity document, driver’s licence, passport, address and contact details, and share these on a need-to-know basis only.
- Never share your confidential information, such as usernames, passwords and PINs with anyone.
- Review your account statements regularly and query disputed transactions with your bank immediately.
- Make sure any online shopping is done on a secure website.
- Register for 3D Secure.
- Implement dual authentication for all accounts and products, especially financial services products.
- Do not send e-mails that quote your card number and expiry date.
- Register for SMS notifications to alert you when products and accounts are accessed.
- Conduct regular credit checks to verify whether someone has applied for credit using your personal information and, if so, advise the credit granter immediately.
- Investigate and register for credit-related alerts offered by credit bureaus.
Sabric tips to prevent phishing
- Do not click on links or icons in unsolicited e-mails.
- Do not reply and delete these e-mails immediately.
- Do not blindly accept the content of unsolicited e-mails. Contact your bank independently to verify any information or requests sent to you.
- Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.
- Check that you are on the real site before using any personal information.
- If you think you might have been compromised, contact your bank immediately.
- Create complicated passwords that are not easy to decipher, and change them often.
Would you like to comment on this article or view other readers' comments? Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.