Tag: identity fraud

SABRIC (South African Banking Risk Information Centre) has warned bank clients to protect their mobile devices.

The theft of mobile phones is not a new phenomenon; however, there is an emerging trend where mobile phones that are being snatched from owners, affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.

Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account

“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously,” says Susan Potgieter, acting CEO of SABRIC.

There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you:

  • Criminals access all open applications on your unlocked phone and view your sensitive data
  • Social engineering is used to obtain your usernames and passwords stored in the cloud
  • Vishing might occur, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords
  • Phishing occurs where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited.
  • Your credentials could also be compromised through shoulder surfing in public places such as restaurants.

In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account. Make sure you always have your banks hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to Vish or Phish you. If you receive an email or SMS after doing this, don’t click on any links as these are not safe.

“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money,” concludes Potgieter.

Tips for banking clients

PINS and passwords

  • Reset/change your passwords and PINs often
  • Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app or on the phone itself
  • Never save your banking app username and password on your device in the contacts or notes
  • Never autosave your banking app username and password on your device
  • Disable the autosave function on your smart phone
  • Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric on your device.

Behaviour

  • Do not click links in SMSes or emails stating that your lost or stolen device has been located as criminals use this as a way to get your banking app credentials
  • Always be vigilant by being aware of who is around you when using your phone in public

Your device

  • Treat your mobile device the same way you would treat your bank card
  • Pickpocketing is prevalent so ensure that your handbag or and backpacks are properly closed or zipped
  • If your mobile device is lost or stolen notify your Bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app
  • In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions
  • If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device
  • Avoid using Public WiFi “hotspots”. It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone
  • Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed
  • When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all of your info

Banking app

  • Always log out of your banking app manually once you have finished transacting
  • Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile

By Wendy Knowler for Times Live

Do courier company drivers have the necessary training and experience to verify proof of identity and address before handing over a credit card, complete with its PIN number?

If First National Bank (FNB) client Ivan Kistnasami’s experience is anything to go by, definitely not.

He recently discovered that a fraudster had applied for a Discovery card in his name, and had it delivered to an address in Howick, KwaZulu-Natal, in November.

“With his new credit card and pin – and a massive credit limit of R102,000 – the fraudster had access to my cheque and credit card accounts, and within two days he had transferred all funds that were available, up to my credit limits, creating debt to the tune of R157,000,” the Pietermaritzburg resident said.

When he approached TimesLIVE for help shortly before the festive season corporate shut-down, his credit profile was in tatters and FNB had failed to honour his monthly debit orders.

“I believe that FNB was negligent in that they have delivered this credit card with the pin through a courier driver who clearly had no experience in verifying the documentation,” Kistnasami said.

The proof of address, a Woolworths account, bears an address which doesn’t quite match the font of the name; a clear sign of fraudulent tampering.

And the ID in Kistnsami’s name bore the photo of a black man, another obvious identity mismatch.

“FNB has my picture on their system, yet the courier driver accepted an ID document with a photo of someone very different.”

The courier company employee stamped the copy of the ID and the Woolworths account, and put his signature to the statement that he’d seen the originals and confirmed the copies to be true.

Kistnasami said when he approached FNB about the couriering of credit cards to its clients, “I was told that the bank does not allow clients to collect from the branch as they are trying to reduce the number of clients transacting at branches”.

In fact, since July 2018 FNB has not stopped allowing its clients from collecting their cards at a bank branch, but strongly discouraged that by charging them R200 if they choose to do so, while offering a free courier service.

“The reduction of card deliveries to branches is in accordance with the bank’s business and digital migration strategy, which continues to benefit customers from a convenience and cost-saving perspective,” the bank told TimesLIVE.

By December, thanks to the bank’s “convenient” delivery of Kistnasami’s card and PIN to the fraudster, he was deep in debt, his medical cover had been suspended due to non-payment, his insurance policy premiums had not been paid and his car insurance was a month in arrears.

TimeLIVE asked FNB whether fraudsters had abused the bank’s card courier policy to acquire credit cards in the name of other clients and whether it intended to implement new security measures to counter this form of fraud.

Does the bank feel it is appropriate for courier staff to have to determine whether or not an alleged card holder’s proof of identity/address are authentic or not?

Responding, FNB said very little, other than Kistnasami was the victim of identity theft and had been refunded.

“Our investigation into the circumstances of the fraud is still pending and we will communicate with the customer until the matter has been amicably finalised.

“Due to the ongoing investigation, we cannot disclose any further information on the matter.”

Kistnasami told TimesLIVE that he has repeatedly been told by FNB that the investigation was still “ongoing”.

“Yes, I was reimbursed, but the accounts are on hold. When I try to settle or balance the accounts so that I can close them, the system says ‘on hold’.

“All I want is to put this nightmare behind me and move on with my life,” he said.

“I do not want the bank to come back to me a year or more later and say I owe them a large sum of money.”

Asked to comment, Discovery said that as Discovery Card was “still operating through a joint venture with FNB” it would leave FNB to comment on the matter.

When Discovery Bank launches later this year, the spokesman said, “it will have incredibly strong security controls”, which would be explained at the time.

FNB is the only bank which charges its clients a fee for wanting to collect their cards from a branch of the bank.

Its competitors do the reverse, charging clients a fee of between R150 and R175 to have their cards delivered to their chosen address by courier.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top