Tag: card

Postbank forced to replace 12m bank cards

Source: MyBroadband

Postbank needs to replace 12-million bank cards at a cost of R1-billion after its “master key” was compromised, the Sunday Times reported.

Citing several internal Postbank reports, the Times found that the bank’s master key was stored in plaintext during a data centre migration in July 2018. Two staff members also stored the key in plaintext on USB flash drives and one of the drives can’t be located.

One of the internal reports cited in the article, an overview of financial crime, reportedly stated that Postbank found 25,000 fraudulent transactions between March 2018 and December 2019. R56 million was stolen.

The master key was generated in January 2018, according to the report.

The article described the master key as a 36-digit code which allows anyone to read and write account balances, and read and change information on any of the cards the bank has issued.

The Post Office denied that its master key for Postbank’s cards had been compromised, saying that the “stories” were unfounded and only seek to create panic among Postbank’s clients.

Postbank’s clients include millions of social security beneficiaries who receive grants from the government every month.

No audit trail
Referring to another internal report titled “Overall IT Security Register” from January 2020, the Sunday Times reported that the Postbank had no logging in place to trace fraudulent transactions.

Postbank was not able to audit when an account was accessed, who accessed it, and what was done on the account.

A spokesperson for the Post Office said that it is on record that “systematic difficulties” were uncovered with the “reconciliation functionality” of the integrated grant payments system, and that the issue has been resolved.

R42-million stolen from Postbank in 2012
This is not the first time information security problems at Postbank has resulted in money being stolen.

In 2012, a syndicate stole R42 million from Postbank in a heist that took place over the New Year holidays — between 1 January and 3 January.

The syndicate opened several Postbank accounts across South Africa towards the end of 2011, and over New Year’s they gained access to a Rustenburg Post Office employee’s computer. From there the syndicate made deposits from other accounts into its own.

Over the next three days, automated teller machines in Gauteng, Free State and KwaZulu-Natal were used to withdraw cash from the accounts.

By Wendy Knowler for Times Live

Do courier company drivers have the necessary training and experience to verify proof of identity and address before handing over a credit card, complete with its PIN number?

If First National Bank (FNB) client Ivan Kistnasami’s experience is anything to go by, definitely not.

He recently discovered that a fraudster had applied for a Discovery card in his name, and had it delivered to an address in Howick, KwaZulu-Natal, in November.

“With his new credit card and pin – and a massive credit limit of R102,000 – the fraudster had access to my cheque and credit card accounts, and within two days he had transferred all funds that were available, up to my credit limits, creating debt to the tune of R157,000,” the Pietermaritzburg resident said.

When he approached TimesLIVE for help shortly before the festive season corporate shut-down, his credit profile was in tatters and FNB had failed to honour his monthly debit orders.

“I believe that FNB was negligent in that they have delivered this credit card with the pin through a courier driver who clearly had no experience in verifying the documentation,” Kistnasami said.

The proof of address, a Woolworths account, bears an address which doesn’t quite match the font of the name; a clear sign of fraudulent tampering.

And the ID in Kistnsami’s name bore the photo of a black man, another obvious identity mismatch.

“FNB has my picture on their system, yet the courier driver accepted an ID document with a photo of someone very different.”

The courier company employee stamped the copy of the ID and the Woolworths account, and put his signature to the statement that he’d seen the originals and confirmed the copies to be true.

Kistnasami said when he approached FNB about the couriering of credit cards to its clients, “I was told that the bank does not allow clients to collect from the branch as they are trying to reduce the number of clients transacting at branches”.

In fact, since July 2018 FNB has not stopped allowing its clients from collecting their cards at a bank branch, but strongly discouraged that by charging them R200 if they choose to do so, while offering a free courier service.

“The reduction of card deliveries to branches is in accordance with the bank’s business and digital migration strategy, which continues to benefit customers from a convenience and cost-saving perspective,” the bank told TimesLIVE.

By December, thanks to the bank’s “convenient” delivery of Kistnasami’s card and PIN to the fraudster, he was deep in debt, his medical cover had been suspended due to non-payment, his insurance policy premiums had not been paid and his car insurance was a month in arrears.

TimeLIVE asked FNB whether fraudsters had abused the bank’s card courier policy to acquire credit cards in the name of other clients and whether it intended to implement new security measures to counter this form of fraud.

Does the bank feel it is appropriate for courier staff to have to determine whether or not an alleged card holder’s proof of identity/address are authentic or not?

Responding, FNB said very little, other than Kistnasami was the victim of identity theft and had been refunded.

“Our investigation into the circumstances of the fraud is still pending and we will communicate with the customer until the matter has been amicably finalised.

“Due to the ongoing investigation, we cannot disclose any further information on the matter.”

Kistnasami told TimesLIVE that he has repeatedly been told by FNB that the investigation was still “ongoing”.

“Yes, I was reimbursed, but the accounts are on hold. When I try to settle or balance the accounts so that I can close them, the system says ‘on hold’.

“All I want is to put this nightmare behind me and move on with my life,” he said.

“I do not want the bank to come back to me a year or more later and say I owe them a large sum of money.”

Asked to comment, Discovery said that as Discovery Card was “still operating through a joint venture with FNB” it would leave FNB to comment on the matter.

When Discovery Bank launches later this year, the spokesman said, “it will have incredibly strong security controls”, which would be explained at the time.

FNB is the only bank which charges its clients a fee for wanting to collect their cards from a branch of the bank.

Its competitors do the reverse, charging clients a fee of between R150 and R175 to have their cards delivered to their chosen address by courier.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top