There has been a “massive increase” in fraud on banks' digital platforms that has the South African Banking Risk Information Centre (Sabric) “very concerned”.

Sabric released statistics on digital banking crime for the first time on Thursday. These include comparable figures for 2017 and 2018 from January to August, which show that the number of incidents has increased 64% in 2018, although gross losses in rand increased just 7%.

Commenting on the increase in digital banking crimes, Kalyani Pillay, the CEO of Sabric, said: “It is lots of money and lots of people are affected. We are pretty concerned about it.”

The first release of data on crimes on app, mobile and online platforms reveals that they affected more than 13,000 consumers in 2017 and cost the industry just over R250m. No data on the cost to individuals was disclosed.

Mobile banking fraud accounted for 5,719 of the 13 438 incidents reported to Sabric in 2017, banking app fraud 4,836 incidents and online banking fraud 2,883 incidents. Online banking fraud cost just less than R170m and accounted for 55% of all digital fraud, banking app fraud cost R57m and mobile banking fraud R22m.

Pillay said that banks were doing everything they could to make banking accessible and more convenient, for example, mobile banking. Unfortunately, that made consumers vulnerable to criminals.

Pillay said the banks were robust in how they dealt with protecting systems and customers from their side. “Criminals know this. They know everyone using digital platforms is not digital savvy. Criminals take advantage of those who know less.”

Prominent digital crimes include phishing, smishing and vishing. Pillay said the easy way to remember this is that smishing relates to SMS fraud, vishing voice and phishing email. Criminals use these platforms to either pretend to be someone from a bank, or get information about personal banking details such as pin numbers and passwords.

“Criminals use social engineering tactics to manipulate people into providing information they require in order to commit the crime.” Pillay said that criminals made it easy for people to believe fraudulent communications “that are couched in such a way that you get taken in”.

She stressed that people are often prompted to act when a criminal’s action makes them panic, which can happen if you receive an SMS saying there is a fraudulent transaction on your account, or an email saying your bank account will be frozen.

When people receive these mails they often follow the instructions in the message in an attempt to avoid the fraud or their account being frozen.

This is what criminals want, and in our attempt to safeguard our accounts we inadvertently give criminals the personal details they require to commit fraud, Pillay said.

“Fear makes you give this without stopping to think,” she said.

SIM card swaps also give criminals an opportunity to obtain personal information, and in some cases when a SIM card is swapped criminals can access the phone number and use it to download a banking app and transact on your account.

Pillay said e-mail spoofing is another form of fraud where a person pretends to be someone else — the manager from a store or service provider where the victim has an account, for example — and advises of a change in bank account details. The next time the victim receives a statement, they pay into the new account, which is actually the criminal’s bank account. 

“Don’t give anybody your information, Your banking and personal information is key. It is critical it is protected at all times,” says.

Pillay also advised against using the same e-mail address on public websites, such as for an online subscription to a newsletter as you provide your banking details. “Rather have a separate e-mail address.”