Tag: banking

According to a recent Business Tech article, businesses are often unaware that by giving a third-party or software programmes access to their financial information, they are potentially being exposed to the risk of screen scraping. This is a data gathering technique that tricks users into providing internet banking login details to a third-party website.

  • The third-party logs onto to your Internet banking using your details. This exposes you to potential risks of fraud, financial crime and data privacy risks
  • There are risks associated with instant online EFT (electronic fund transaction) payments
  • There are risks for businesses that sign over authority to a third party to access their banking and client information
  • The most common screen scraping from a business perspective would be when businesses use software that are authorised to access banking transactions.
  • This may also leave your business vulnerable to third parties accessing your company data and even that of your clients.
  • Companies that use screen scraping to facilitate transactions on your behalf may have no intention of compromising your account or committing fraud, but the risk remains.

FNB: how to protect your company data

  • Be vigilant when it comes to reading through any terms and conditions on any software or website before you click “accept”.
  • Make use of an application security testing tool before you sign any agreements authorising access to your company data.
  • Cloud-based software is not without its own risks. Insist on having both testing and sandbox environments, providing analysis for security gaps.
  • Find out from your third-party software vendors if they use open-source tools in their product. How they deal with open source can be a high risk if not done properly.
  • Do not share login credentials with any third parties and never enter these into any third party websites other than their own bank’s legitimate platforms.

Consumers slate Discovery bank in survey

By Londiwe Buthelezi for Fin24

BrandsEye’s annual SA Banking Sentiment Index reveals that African Bank had the most positive social media mentions this year.
On the other hand, Discovery Bank had the worst.

BrandsEye also found that, in the early days of the lockdown, customer queries on social media spiked by 61%.

The social distance between banks and their customers, created by Covid-19, has left many unhappy as overwhelmed banks fail to keep up with their customers’ frustrations on social media, according to the latest South African Banking Sentiment Index.

The index, compiled by customer experience data provider, BrandsEye, reveals that, during the early phases of the lockdown, more customers used social media to reach out to their banks. It spiked conversation volumes by 61%, while banks’ response rate to customers over the same period fell by 39%.

“With the influx of customers seeking assistance on digital channels, banks struggled to keep up with the demand for support on social media. 47.3% of priority customer conversation (those which require the banks’ attention and action) on social media went unanswered by the banks,” wrote BrandsEye.

Policing banks’ conduct towards their customers

While BrandsEye has compiled the South African Banking Sentiment Index annually since 2015, this year’s index was more than just about determining which bank has the most unhappy customers on social media.

The Financial Sector Conduct Authority (FSCA) used the index to gauge banks’ Banking Conduct Standard, which the regulator launched in July.

The Standard is based on the six Treating Customers Fairly (TCF) outcomes.

In the past, TCF regulations only policed the conduct of insurers as the FSCA’s predecessor, the Financial Services Board, did not regulate banks.

Looking at data that BrandsEye collected from over two million social media posts about South African banks between September 2019 to August 2020, the FSCA’s divisional executive of regulatory policy, Caroline Da Silva, said 90.7% of customer complaints on social media included issues that touched on fair or unfair treatment of customers or TCF compliance themes.

These ranged from complaints about unauthorised debit orders to complicated product structures and misleading advertising.

“Social media is indeed a rich source of conduct-related conversation that banks ought to pay close attention to. As the regulator, we are concerned with the volume of complaints that BrandsEye has identified,” wrote Da Silva in the report.

The FSCA and BrandsEye said the fact that almost half of customer conversations that required the banks’ attention and action went unanswered “should be alarming for the industry” because had banks paid more attention to these, they would have avoided reputational damage and escalation of complaints to the regulator.

But because they are missing out on doing something when these complaints surface, “they risk facing heavy fines from the regulator as well as significant reputational risks that such sanctions would generate”, read the report.

African Bank scores highest and Discovery Bank the lowest

According to the report, Nedbank and African Bank were the two most responsive banks and Discovery Bank the least responsive.

It said Discovery Bank only replied to about one out of every 10 interactions that required its attention and action.

Overall, African Bank received the most positive posts on social media over the period of data collection, followed by Capitec. Discovery had the most negative customer sentiment, scoring the lowest in net sentiment, after FNB.

On the positive side, the net sentiment score for all eight banks included in the report – which include the big four, Capitec, TymeBank, Discovery Bank and African Bank – improved by 0.9% percentage points compared to 2019.

The net sentiment score tallies the percent of positive sentiments on social media posts, minus the percent of negative sentiments.

The sentiment score around all banks’ turnaround time – which is usually the biggest source of social media users’ frustrations – also improved, a phenomenon that BrandsEye attributed to the increased adoption of digital channels by banks as a result of Covid-19.

 

R450m worth of eBucks spent during lockdown

Source: IOL

While many people are still coming to terms with the financial difficulties caused by Covid-19 and the national lockdown, FNB customers have turned to eBucks rewards to help them extend and better manage their finances.

Johan Moolman, eBucks Rewards Chief Executive said, “We’ve seen how eBucks members are using their rewards to buy essentials. Since the start of the national lockdown towards the end of March, members have spent over R451 million worth of eBucks on things like fuel, groceries, airtime and data and other day-to-day necessities, helping them stretch their monthly budgets even further”.

He said that the tools they have provided members are helping them save and grow their money every day.

“We want to help our members to earn eBucks so they can use them to supplement their household income, especially during these times of uncertainty. This is why we’ve introduced tools on the FNB App such as ‘Track my rewards’ and ‘Earn more eBucks’, which allow members to track their current banking behaviour daily and easily perform the necessary banking behaviours to move up a reward level and earn more eBucks in the upcoming month,” said Moolman.

He points out that the value of a good rewards programme goes far beyond just the day-to-day rewards that members enjoy. A valuable rewards programme should also be designed to enable members to practice good money management and encourage them to grow their savings to protect their future.

eBucks Rewards members earn reward level points for having an FNB savings or investment account, maintaining a healthy credit status with nav» Money on the FNB App, and for using Cash@Till withdrawals.

It’s important to encourage members to bank responsibly and manage their finances well.

“At FNB, our philosophy has always been to find ways to help our customers. Through our eBucks Rewards programme, we are delivering on that promise,” concluded Moolman.

Keep your money safe with these tips

Be your money’s best protection by following these SABRIC tips:

Tips to prevent card not present (CNP) fraud

  • Personal information includes identity documents, driver’s licenses, passports, addresses and contact details amongst others. Always protect your personal information by sharing it very selectively and on a need to know basis only
  • Never share your confidential information which includes usernames, passwords and PIN numbers with anyone
  • Review your account statements on a timely basis; query disputed transactions with your bank immediately
  • When shopping online, only place orders with your card on a secure website
  • Register for 3D Secure
  • Implement dual authentication for all accounts and products, especially for financial services products
  • Do not send e-mails that quote your card number and expiry date
  • Do not use your information if you suspect it may have been compromised. Rather use other personal information that you have not used previously in order to confirm your identity in future
  • Register for SMS notifications to alert you when products and accounts are accessed
  • Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately
  • Investigate and register for credit related alerts offered by credit bureaus

Tips to prevent phishing and vishing

Phishing:

  • Do not click on links or icons in unsolicited e-mails
  • Do not reply to these e-mails. Delete them immediately
  • Do not believe the content of unsolicited e-mails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage
  • Check that you are on the real site before using any personal information
  • If you think that you might have been compromised, contact your bank immediately
  • Create complicated passwords that are not easy to decipher and change them often

Vishing:

  • Banks will never ask you to confirm your confidential information over the phone
  • If you receive a phone call requesting confidential or personal information, do not respond and end the call
  • If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised
  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop

Tips for protecting your personal information

  • Don’t use the same username and password for access to banking and social media platforms
  • Avoid sharing or having joint social media accounts
  • Be cautious about what you share on social media
  • Activate your security settings which restrict access to your personal information
  • Don’t carry unnecessary personal information in your wallet or purse
  • Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email
  • Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names
  • Don’t use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN)
  • Don’t use Internet Cafes or unsecure terminals (hotels, conference centres etc.) to do your banking
  • Use strong passwords for all your accounts
  • Change your password regularly and never share them with anyone else
  • Store personal and financial documentation safely. Always lock it away
  • Keep PIN numbers and passwords confidential
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so
  • To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at www.safps.org.za
  • Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer
  • When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag)
  • Should your ID or driver’s license be stolen report it to SAPS immediately

Tips for protecting yourself against SIM swops

  • If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately
  • Inform your Bank should your cell phone number changes so that your cell phone notification contact number is updated on its systems
  • Register for your Bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur
  • Regularly verify whether the details received from cell phone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately contact your bank and report all log-on notification that are unknown to you
  • Memorise your PIN and passwords, never write them down or share them, not even with a bank official
  • Make sure your PIN and passwords cannot be seen when you enter them
  • If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch
  • Choose an unusual PIN and password that are hard to guess and change them often

Tips for carrying cash safely

Tips for individuals

  • Carry as little cash as possible
  • Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options)
  • Consider making use of cell phone banking or internet transfers or ATMs to do your banking
  • Never make your bank visits public, even to people close to you

Tips for businesses

  • Vary the days and times on which you deposit cash
  • Never make your bank visits public, even to people close to you
  • Do not openly display the money you are depositing while you are standing in the bank queue
  • Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book
  • It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected
  • If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company
  • Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank
  • Consider arranging for electronic transfers of wages to contract or casual labourer’s personal bank accounts

Source: MyBroadband

Nedbank has launched a new “super app”, called Avo, which will give the bank’s customers to access online shopping, essential services and financial products on a single platform.

The group said the term “super app” refers to the fact that Avo is actually a multitude of apps aggregated into one.

Some of the key features of the app include:

  • Online groceries and food – Nedbank has partnered with OneCart to allow customers to buy groceries from leading retailers in one delivery or browse the Avo Shop for essential items at the best prices.
  • Essential professional home services – The app currently has 170 registered home repair and services merchants, with more being added
  • Digital home entertainment – Users can access a number of home entertainment options including Showmax, Tidal and Deezer
  • Airtime, data and electricity – Users can easily top-up and purchase airtime, data and electricity bundles
  • Avo points – The app has a built-in rewards system and users can earn 1% in Avo Points on every transaction made on the platform.
  • Business listing – Nedbank said it will allow businesses to list for free on the app. This will allow them to reach more potential customers, communicate easily, send quotations and receive payments in-app.

Because the app launched in the middle of the country’s coronavirus lockdown, Nedbank said the services available through the app are level-5 compliant.

It added that the beta version of Avo has already been delivering essential goods, providing home entertainment and connecting home service providers across provinces.

While the app was originally trialled by staff, Nedbank said it has now released a beta version to its Nedbank Money App users.

“This will see the phased release of Avo to Nedbank clients, to allow for further enhancements before full public launch.”

“The beta will allow Nedbank Money App users to use a two-click process to sign up seamlessly onto Avo.”

Bank Zero goes live with debit card

Bank Zero has now fully completed its core value proposition by going live with its debit card. Following this card go-live, rigorous health-checks such as simulated card attacks, card fraud detection and retailer readiness are currently underway. Thereafter the final countdown to starting public operations will begin.

South African card holders suffered a whopping R873m in theft in 2018, according to SABRIC statistics. To protect customers from this traumatic experience, Bank Zero has designed a new patented card which offers vital security and convenience. This patent will dramatically minimise the negative impact of card data theft and card skimming on Bank Zero customers.

Open source technology combined with a scientific design approach delivered this card in record time. MasterCard teams from South Africa, India and the USA were closely involved in validating and commissioning this card solution. IBM’s global expertise in encrypted card security was also tapped into. Michael Jordaan, Bank Zero chair, says: “Globally, banks are big spenders on such projects, often spanning multiple years, but sweat capital along with an integrated business-and-tech design approach is our strategic advantage.”

“During the development of Bank Zero, no traditional banking systems were bought nor was any outsourcing done – these are expensive yet conventional solutions. We wanted to create an exciting customer offering which required building our own systems,” says Yatin Narsai, Bank Zero CEO. He explains that, in just over a year, three large payment rails were created, each from a clean slate:

  • Direct integration into the South African Reserve Bank’s system, in order to become a settlement bank
  • Electronic payments (EFTs) and debit orders, establishing Bank Zero as a clearing bank
  • Issuing and processing of debit cards

“Zero pricing, along with our advanced card security, are just some of the ways in which we make our customers’ lives easier. We also bring special functionality around social connectedness, transparency, control, advanced payments and a focus on savings,” says Narsai.

“Feature-rich banking must never force customers into paying exorbitant fees.”

The card go-live sets Bank Zero on the path to opening its digital doors to the public, and current internal beta testing continues to provide solid insights. Bank Zero now begins its final countdown towards starting public operations in the first half of 2020:

  • Add the final ‘shine’ to the Android and iOS Apps for both individuals and businesses
  • Put the patented card through its paces by actively using the first cards which recently arrived, sporting a fresh new design
  • Confirm regulatory reporting is in order
  • Perform the annual disaster recovery test
  • Ensure that cards can be used internationally
  • Confirm security and performance testing to ensure Bank Zero’s systems can handle massive volumes
  • Implement a standby system, enabling maintenance without inconveniencing customers
  • Fine-tune and complete the build-out of the customer service model
  • Extend current beta testing
  • Start public operations

“The last mile is always the hardest. You can walk this last mile with us by following our tweets,” says Jordaan.

Discovery Bank discovered a system flaw on Monday which allowed the incorrect credit card card verification value (CVV) numbers to be used for online payments.

The CVV is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.

Business Insider South Africa was tipped off about the flaw, and on Monday morning was able to make payments with a random CVV code, such as 000.

  • Discovery Bank said it was alerted about the issue last week
  • The bank suffered no fraud losses due to the issue
  • The flaw has now been fixed
  • Previously, the Bank didn’t require further authorisation such as an OTP (one-time pin)
  • When Business Insider later tried to use an incorrect CVV number, a call centre agent phoned to let them know it was incorrect us after the transaction to alert us that an incorrect CVV number had been used.

 

The South African Society of Bank Officials (Sasbo) has vowed to shut down all digital banking platforms on Friday, according to an article published by ITWeb.

South Africa’s largest financial union has threatened the country with a complete blackout of transactional services, including cash withdrawals, in response to the increase in digitalisation and job losses in the sector.

South African banks have been advising their customers to use online banking platforms on Friday.

However, Sasbo general secretary Joe Kokela told ITWeb in an interview: “Whatever the banks say, it’s their right; I can only speak on behalf of Sasbo and say the digital platforms will be affected. Those services are all controlled by human beings to be able to perform a function. Our argument is that these services will be affected on Friday.”

Sasbo hopes the single day of industrial action will mitigate the retrenchments that have become common in the sector.

FNB backtracks on password decision

FNB recently announced a new online banking policy which prevented users from saving their passwords to their browsers.

However, the bank received a backlash from techsavvy users, who pointed out that using software to bypass this feature would create more vulnerability.

FNB head of digital banking Giuseppe Virgillito told MyBroadband that the bank had taken note of social media feedback.

“FNB recognises the valuable feedback from our customers regarding the measures to prevent auto-filling of banking passwords,” Virgillito said.

“We have found that a number of our customers save their banking passwords to their browsers. This places customers with stolen or unattended devices at considerable risk.

“As a consequence, we strongly discourage customers from storing their banking passwords in their browsers.

“The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device.

“Alternatively, it also places users at an increased risk of phishing. As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time,” Virgillito said.

FNB users should now be able to log in to their online banking as normal, using password managers or auto-fill passwords.

First National Bank (FNB) has announced that users will no longer be able to save their online banking passwords in their browsers.

Going forward, whenever a user wants to log into their account they will have to do so manually.

This forces users to keep their banking passwords secure.

“All stored passwords on your device can be viewed during a malware attack. Passwords can be easily accessed on your unattended/unlocked/stolen device,” FNB stated in a MyBroadband article.

FNB advises that users do the following to keep their passwords safe:

  • Do not share login details with anyone
  • Always use a different password for different websites. Avoid using the same one over and over
  • Report any fraudulent activity immediately to the FNB Fraud Centre: 087 575 9444
  • This change may interfere with various third-party password lockers such as LastPass
  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top