A bank will never call you to ask for your personal information. If you receive such a call, put the phone down immediately. Picture: 123RF/MANGOSTAR
A bank will never call you to ask for your personal information. If you receive such a call, put the phone down immediately. Picture: 123RF/MANGOSTAR

Digital banking fraud across all platforms increased a staggering 75% in 2018, with the incidence of fraud via banking app alone increasing 54%, the latest crime statistics released by the SA Banking Risk Information Centre (Sabric) show.

In 2018, 23,466 incidents across banking apps, online banking and mobile banking amounted to R262-million in gross losses, Sabric says.

Sabric says the increase in banking app fraud can be attributed to increased usage of this platform by clients and that there have been no reports of banking app software being compromised to commit this fraud.

The most common modus operandi in banking app fraud is “vishing”, or voice phishing, Sabric says. Vishing is when a fraudster phones you posing as a bank official or service provider and uses social engineering skills to manipulate you into disclosing confidential information, such as one-time passwords (OTPs) and random verification numbers (RVNs), Sabric says.

Mobile banking fraud involving a SIM swap shot up 200% in 2018. Kalyani Pillay, the CEO of Sabric, says there were 11,077 such incidents during the reporting period of January 1 2018 to December 31 2018.

[Criminals] call a mobile service provider and claim the phone has been smashed or fell in water, and request the number to be ported to another phone, to motivate for a SIM swap
Sabric CEO Kalyani Pillay

Mobile banking is classified as banking via unstructured supplementary service data (USSD). The USSD interface is a channel between a bank and a mobile network operator on which the USSD communication takes place.

If you find yourself suddenly without network connectivity, you could be a victim of an illegal SIM swap and should immediately call your mobile network provider on another device to find out if an unauthorised SIM swap is under way, says Pillay.

You should also alert your bank to your suspicions and ask for a hold to be placed on all of your accounts.

“[Criminals] call a mobile service provider and claim the phone has been smashed or fell in water and request the number to be ported to another phone,” to motivate for a SIM swap. Then they carry out online banking transactions on your behalf having harvested your online banking credentials illegally.”

Pillay says that if you tell the bank you didn’t authorise the transactions and OTPs were required to carry them out, the bank and the police will ask your service provider if a SIM swap was carried out, as part of a forensic investigation into the fraud on your account.

Sabric says losses due to “card not present” fraud on SA-issued cards remain a leading contributor to gross fraud losses and constituted 79% of all losses as criminals increasingly pose as banking staff and request confidential card and personal information.

“A bank will never call you to ask for this [personal] information. If you receive such a call, put the phone down immediately,”  Pillay says.