SABRIC (South African Banking Risk Information Centre) has warned bank clients to protect their mobile devices.
The theft of mobile phones is not a new phenomenon; however, there is an emerging trend where mobile phones that are being snatched from owners, affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.
Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account
“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously,” says Susan Potgieter, acting CEO of SABRIC.
There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you:
- Criminals access all open applications on your unlocked phone and view your sensitive data
- Social engineering is used to obtain your usernames and passwords stored in the cloud
- Vishing might occur, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords
- Phishing occurs where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited.
- Your credentials could also be compromised through shoulder surfing in public places such as restaurants.
In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account. Make sure you always have your banks hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to Vish or Phish you. If you receive an email or SMS after doing this, don’t click on any links as these are not safe.
“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money,” concludes Potgieter.
Tips for banking clients
PINS and passwords
- Reset/change your passwords and PINs often
- Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app or on the phone itself
- Never save your banking app username and password on your device in the contacts or notes
- Never autosave your banking app username and password on your device
- Disable the autosave function on your smart phone
- Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric on your device.
- Do not click links in SMSes or emails stating that your lost or stolen device has been located as criminals use this as a way to get your banking app credentials
- Always be vigilant by being aware of who is around you when using your phone in public
- Treat your mobile device the same way you would treat your bank card
- Pickpocketing is prevalent so ensure that your handbag or and backpacks are properly closed or zipped
- If your mobile device is lost or stolen notify your Bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app
- In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions
- If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device
- Avoid using Public WiFi “hotspots”. It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone
- Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed
- When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all of your info
- Always log out of your banking app manually once you have finished transacting
- Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile