Banks review security measures as cyber crime menace grows
Criminals are getting more sophisticated, warn SA's major banks, as they pilot debit-order system DebiCheck to fight SIM-swap fraud
SA’s major banks are reviewing their online security measures to combat increasingly sophisticated cyber crime.
Absa, which recently had to refund one of its clients the R3.1m stolen from his account as a result of SIM-swap fraud, says this is just an isolated incident.
The banking group says it has had strong controls in place since 2017 and that customers who adopted the new safety features offered on apps and online, have not experienced SIM-swap fraud.
Last week, the case of a Cape Town businessman who had R3.1m stolen from his account while he was out of the country made headlines.
On Friday, Ulrich Janse van Rensburg, head of fraud strategy for the bank’s retail and business banking said that for customers who had not adopted the new controls, it was now placing holds on accounts where a SIM-swap occurred.
“SIM-swap fraud has been an isolated fraud type since the bank implemented the SIM-swap controls on the Absa banking application,” said van Rensburg.
Standard Bank has also adopted the same system where it places a hold once it has detected a SIM-swap on customer numbers linked to its bank accounts.
Capitec said its system can also detect SIM swaps if provided by the cellphone network provider. However, Capitec has taken its security measures a notch up by using fingerprint registration on its banking app to make sure the app is immune to SIM-swap fraud.
In its latest report, the SA Banking Risk Information Centre said digital banking crime related to SIM-swaps increased by 104% from January to August 2018, compared to the same period in 2017, the highest jump of all digital banking crime incidents.
This kind of fraud has become more sophisticated. Apart from the known SIM-swap scam, fraudsters are now using a relatively new twin SIM scam where they duplicate people’s cellphone number onto another SIM card. They are able to divert certain phone calls and SMSs to the new SIM.
Bank customers will also be able to approve all debit orders against their accounts from October 2019, said Standard Bank. All banks are working on implementing a new system called DebiCheck, following the Reserve Bank’s directive to the Payment Association of SA to find a solution to the issue of illegal or incorrect debit orders.
“As a first step, a customer’s mandate will have to be obtained and confirmed before a debit order instruction can be initiated. Customers will now have to electronically confirm the validity of a debit order request and confirm this with their bank,” said Standard Bank spokesperson Ross Linstrom.
Linstrom said the bank’s DebiCheck capability was now live, although at a controlled volume level. At this point it is only used for early debit orders but all banks should have this feature fully operational by October.
In Decemebr, SA banks were again hit by a large-scale R99 debit-order scam which saw the likes of Capitec having to refund more than 25,000 customers. Capitec executive head of marketing and communications Francois Viviers that said while waiting for DebiCheck to be rolled out, the bank will focus on creating awareness with clients to review and dispute potential fraudulent debit orders. It has enabled customers to do this on their banking app as well.
FNB Consumer Core Banking CEO Ancley Jacobs said he believes that DebiCheck, which the bank is piloting, will provide a needed breakthrough for the industry in addressing and reducing debit-order fraud. He said the bank has a proactive fraudulent debit-order warning system which alerts customers to potential suspicious debit orders that are currently running.
He added that FNB notifies customers of every time a new debit order is raised for the first time, regardless of amount.