Tag: information

Watch out for these common banking crimes

SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry has released its annual crime stats for 2018.

“We are concerned about some of the increases, which clearly reflect that criminals will take every opportunity to get their hands on bank customers’ money,” says SABRIC CEO, Kalyani Pillay.

Combined gross card fraud losses on South African issued cards saw an 18% increase from 2017 to 2018, totalling R873 394 351, with credit card fraud increasing by 18.4% and debit card fraud increasing by 17.5%.

Card Not Present (CNP) fraud on South African issued credit cards remained the leading contributor to gross fraud losses in the country, accounting for 79.5% of all losses. CNP debit card fraud showed the greatest increase in losses at 62.3%, due to the enablement of Card Not Present transactions on debit cards.

“We have seen a sharp increase in Vishing incidents, where criminals phone bank customers, lead them to believe that they are speaking to the bank or a legitimate service provider and use social engineering tactics to manipulate them into disclosing their confidential bank card details, as well as other personal information. “A bank will never call you to ask for this information. If you receive such a call, put the phone down immediately,” says Pillay.

In 2018, Lost and/or Stolen debit card fraud amounted to 42.5% of all debit card fraud and bank customers continue to fall victim to fraud at ATM’s while transacting. Criminals approach victims under the pretext of being helpful, and in many instances even pose as a bank official. They then steal the victim’s banks card and shoulder surf to obtain the PIN. SABRIC therefore urges bank clients to never accept assistance from anyone at an ATM, no matter how friendly or helpful they may appear.

In 2018, 23 466 incidents across banking apps, online banking and mobile banking amounted to R262 826 888 in gross losses. It is concerning that incidents across these platforms increased by 75,3%. Mobile banking incidents showed an increase of 100%, with gross losses of R28 941 040, while online banking incidents showed an increase of 37.5% with gross losses of R129 002 523. Banking app incidents increased by 55.4%, with gross losses of R104 883 325 for the same period. SIM swops in the Mobile Banking space saw an increase of over 200% to 11077 incidents.

Criminals are very adept at understanding psychology and will use social engineering tactics to exploit any human vulnerability to harvest confidential information like a PIN or a password in order to steal cash. When it comes to online banking, beware of Phishing emails that request that you click on a link. The link directs you to a “spoofed” website designed to obtain, verify or update contact details or other sensitive financial information. “Never click on links in unsolicited emails!” says Pillay.

We are pleased that Cash in transit (CIT) robberies decreased by 22% from 376 to 292 incidents from 2017 to 2018. Cash losses here also showed a decrease of 22% for the same period. SABRIC will continue to work closely with law enforcement and other partners to address the scourge and ensure further declines.

“To have any significant impact on the fight against all of these crimes, the collective efforts of banks, bank customers and law enforcement are imperative,” says Pillay.

SABRIC urges you to be your money’s best protection by following these tips:

Tips when using ATMs

· If you think the ATM is faulty cancel the transaction IMMEDIATELY, report the fault to your Bank and transact at another ATM.

· Avoid ATMs that are dimly lit or surrounded by loiterers, and never allow your children to draw money using your card, since they’re the most vulnerable to perpetrators.

· Have your card ready in your hand before you approach the ATM to avoid opening your purse, bag or wallet while in the queue.

· Be cautious of strangers offering to help as they could be trying to distract you to get your card or PIN.

· Follow the instructions on the ATM screen carefully.

· ONLY punch in your PIN once prompted by the ATM.

· Report suspicious items or people around ATMs to the Bank.

· Choose familiar and well-lit ATMs where you are visible and safe.

· Report any concerns regarding the ATM to the Bank. Toll free numbers are displayed on all ATMs.

· Be alert to your surroundings. Do not use the ATM if there are loiterers or suspicious people in the vicinity. Also take note that fraudsters are often well dressed, well-spoken and respectable looking individuals.

· If you are disturbed or interfered with, whilst transacting at the ATM, your card may be skimmed, by being removed and replaced back into the ATM without your knowledge. Cancel the transaction immediately and report the incident using your Bank’s Stop Card Toll free number which is displayed on all ATMs, as well as on the back of your Bank card.

· Should you have been disturbed whilst transacting, immediately change your PIN or stop the card, to protect yourself from any illegal transactions occurring on your account.

· Know what your ATM looks like so that you can identify any foreign objects attached to it.

· Do not ask anyone to assist you at the ATM, not even the security guarding the ATM or a Bank official. Rather go inside the Bank for help.

· Never force your card into the slot as it might have been tampered with.

· Do not insert your card if the screen layout is not familiar to you and looks like the machine has been tampered with.

· Don’t use ATMs where the card slot, keypad or screen has been tampered with. It could be an attempt to get hold of your card.

· Your PIN is your personal key to secure banking and it is crucial to keep it confidential.

· Memorise your PIN, never write it down or share it with anyone, not even with your family member or a Bank official.

· Choose a PIN that will not be easily guessed. Do not use your date of birth as a PIN.

· Cover your PIN when punching the numbers even when alone at the ATM as some criminals may place secret cameras to observe your PIN.

· Don’t let anyone stand too close to you to keep both your card and PIN safe.

· Some fraudsters wait until you’ve drawn your cash to take advantage. Be wary of people loitering around the ATM and ensure that you are not followed.

· Take your time to complete your transaction and secure your card and your cash in your wallet, handbag or pocket before leaving the ATM.

· Set a daily withdrawal limit that suits your needs (the default amount is set at R1000.00), to protect yourself in an event that your card and PIN are compromised.

· Check your balance regularly and report discrepancies to your Bank IMMEDIATELY.

· Avoid withdrawing cash to pay for goods/services as your Debit Card can be used for these transactions. You can use your Debit Card wherever the Maestro/Visa Electron logo is displayed.

After you have completed your transaction successfully, leave the ATM area immediately. Be cautious of strangers requesting you to return to the ATM to finalise/close the transaction because they are unable to transact. Skimming may occur during this request.
Prioritise the setting of daily withdrawal and transaction limits.
Set a daily ATM withdrawal limit that suits your needs.
Transaction limits should also be in line with daily spending.
Set limits on international transaction expenditure.
Inter account transfer limits should also be managed wisely.

Tips to prevent phishing and vishing

Phishing:

· Do not click on links or icons in unsolicited e-mails.

· Do not reply to these e-mails. Delete them immediately.

· Do not believe the content of unsolicited e-mails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.

· Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.

· Check that you are on the real site before using any personal information.

· If you think that you might have been compromised, contact your bank immediately.

· Create complicated passwords that are not easy to decipher and change them often.

Vishing:

· Banks will never ask you to confirm your confidential information over the phone.

· If you receive a phone call requesting confidential or personal information, do not respond and end the call.

· If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.

· If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.

Tips for carrying cash safely

Tips for Individuals

· Carry as little cash as possible.

· Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options).

· Consider making use of cell phone banking or internet transfers or ATMs to do your banking.

· Never make your bank visits public, even to people close to you.

Tips for Businesses

· Vary the days and times on which you deposit cash.

· Never make your bank visits public, even to people close to you.

· Do not openly display the money you are depositing while you are standing in the bank queue.

· Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book.

· It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected.

· If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company.

· Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank.

· Consider arranging for electronic transfers of wages to contract or casual labourers’ personal bank accounts.

Tips for Stokvel Groupings

· Refrain from making cash deposits of club members’ contributions on high-risk days (e.g. Monday after month end).

· Ensure persons depositing club cash contributions or making withdrawals are accompanied by another club member.

· A stokvel savings club or burial society can arrange for members to deposit cash directly into the club’s account instead of collecting cash contributions.

· Arrange for the club’s pay out to be electronically transferred into each club member’s personal account or accounts of their choice.

· Take another person with when going to deposit club cash contributions

Tips for protecting your personal information

· Don’t use the same username and password for access to banking and social media platforms.

· Avoid sharing or having joint social media accounts.

· Be cautious about what you share on social media.

· Activate your security settings which restrict access to your personal information.

· Don’t carry unnecessary personal information in your wallet or purse.

· Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email.

· Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names.

· Don’t use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN).

· Don’t use Internet Cafes or unsecure terminals (hotels, conference centers etc.) to do your banking.

· Use strong passwords for all your accounts.

· Change your password regularly and never share them with anyone else.

· Store personal and financial documentation safely. Always lock it away.

· Keep PIN numbers and passwords confidential.

· Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

· To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at www.safps.org.za.

· Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer.

· When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag).

· Should your ID or driver’s license be stolen report it to SAPS immediately.

Tips for protecting yourself against SIM Swops

· If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately.

· Inform your Bank should your cell phone number changes so that your cell phone notification contact number is updated on its systems.

· Register for your Bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.

· Regularly verify whether the details received from cell phone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately contact your Bank and report all log-on notification that are unknown to you.

· Memorise your PIN and passwords, never write them down or share them, not even with a bank official.

· Make sure your PIN and passwords cannot be seen when you enter them.

· If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.

· Choose an unusual PIN and password that are hard to guess and change them often.

They may not have the cachet of entrepreneurs, or geek chic of developers, but data protection officers are suddenly the hottest properties in technology.

When Jen Brown got her first certification for information privacy in 2006, few companies were looking for people qualified to manage the legal and ethical issues related to handling customer data.

But now it’s 2018, companies across the globe are scrambling to comply with a European law that represents the biggest shake-up of personal data privacy rules since the birth of the internet – and Brown’s inbox is being besieged by recruiters.

“I got into security before anyone cared about it, and I had a hard time finding a job,” said the 46-year-old, who is the data protection officer (DPO) of analytics start-up Sumo Logic in Redwood City near San Francisco.

“Suddenly, people are sitting up and taking notice.”

Brown is among a hitherto rare breed of workers who are becoming sought-after commodities in the global tech industry ahead of the European Union’s General Data Protection Regulation (GDPR), which goes into effect in May.

The law is intended to give European citizens more control over their online information and applies to all firms that do business with Europeans. It requires that all companies whose core activities include substantial monitoring or processing of personal data hire a DPO. And finding DPOs is not easy.

More than 28,000 will be needed in Europe and U.S. and as many as 75,000 around the globe as a result of GDPR, the International Association of Privacy Professionals (IAPP) estimates. The organization said it did not previously track DPO figures because, prior to GDPR, Germany and the Philippines were the only countries it was aware of with mandatory DPO laws.

DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months, from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.

The need for DPOs is expected to be particularly high in any data-rich industries, such as tech, digital marketing, finance, healthcare and retail. Uber, Twitter (TWTR.N), Airbnb, Cloudflare and Experian (EXPN.L) are advertising for a DPO, online job advertisements show. Microsoft (MSFT.O), Facebook (FB.O), Salesforce.com and Slack are also currently working to fill the position, the companies told Reuters.

“I would say that I get between eight and 10 calls a week about a role (from recruiters),” said Marc French, DPO of Massachusetts email management company Mimecast. “Come Jan. 1 the phone calls increased exponentially because everybody realized, ‘Oh my god, GDPR is only five months away.’”

GDPR requires that DPOs assist their companies on data audits for compliance with privacy laws, train employees on data privacy and serve as the point of contact for European regulators. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.

On a typical day, French said he monitors for any guidance updates for GDPR, meets with Mimecast’s engineering teams to discuss privacy in new product features, reviews the marketing team’s data usage requests, works on privacy policy revisions and conducts one or two calls with clients to discuss the company’s position on GDPR and privacy.

“Given that we’re trying to march to the deadline, I would say that 65 percent of my time is focused on GDPR right now,” said French, who is also a senior vice president of Mimecast.

The demand for DPOs has sparked renewed interest in data privacy training, said Sam Pfeifle, content director of the IAPP, which introduced a GDPR Ready program last year for aspiring DPOs.

“We already sold out all of our GDPR training through the first six months of 2018,” said Pfeifle, adding that the IAPP saw a surge in new memberships in 2017, from 24,000 to 36,000.

Those companies who have DPOs, meanwhile, are braced for poaching.

Many of those firms reside in Germany, which has long required that most companies that process data designate DPOs. They include Simplaex, a Berlin ad-targeting startup.

“Everyone is looking for a DPO,” said Simplaex CEO Jeffry van Ede. “I need to have some cash ready for when someone tries to take mine so I can keep him.”

Reporting by Salvador Rodriguez; Additional reporting by Stephen Nellis; Editing by Jonathan Weber and Pravin Char for Reuters

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top