Call to arms: Banks tackle SIM-swap menace
SA's big banking players beef up security amid a shocking rise in this type of fraud
SA’s major banks are reviewing their online security measures to combat increasingly sophisticated cyber crime.
Absa, which recently had to recently refund one of its clients the R3.1m he lost when his account was cleaned out as a result of SIM-swap fraud, says this is an isolated incident.
The banking group says it has had strong controls in place since 2017. It says customers who adopted the new safety features offered on apps and online have not experienced SIM-swap fraud.
The case of a Cape Town businessman who had R3.1m stolen from his account while he was out of the country made headlines last week.
On Friday, Ulrich Janse van Rensburg, head of fraud strategy for the bank’s retail and business banking, said that for customers who had not adopted the new controls, it was now placing holds on accounts where a SIM-swap occurred.
“SIM-swap fraud has been an isolated fraud type since the bank implemented the SIM-swap controls on the Absa banking application. It is important to note that social engineering is required before fraud attempts can be realised,” said van Rensburg.
Standard Bank has also adopted the same system where it places a hold once it has detected a SIM swap.
Capitec says its system can also detect SIM swaps if provided by the cellphone network provider. However, it has taken its security measures a notch up by using fingerprint registration on its banking app.
In its latest report, the South African Banking Risk Information Centre says digital banking crime related to SIM swaps increased by 104% from January to August 2018, compared with the same period in 2017 – the highest jump of all digital banking crime incidents.
This kind of fraud has become more sophisticated. Apart from the known SIM-swap scam, fraudsters are now using a relatively new twin-SIM scam where they duplicate people’s cellphone number onto another SIM card. They are then able to divert certain phone calls and SMSes to the new SIM.
Made to order
Bank customers will also be able to approve all debit orders against their accounts from October 2019, this year, said Standard Bank.
All banks are working on implementing a new system called DebiCheck, following the SA Reserve Bank’s directive to the Payment Association of SA to find a solution to the issue of illegal or incorrect debit orders.
“As a first step, a customer’s mandate will have to be obtained and confirmed before a debit order instruction can be initiated. Customers will now have to electronically confirm the validity of a debit order request and confirm this with their bank,” says Standard Bank spokesperson Ross Linstrom.
The bank’s DebiCheck capability was now live, although at a controlled volume level. At this point it was only used for early debit orders but all banks should have this feature fully operational by October.
In December, SA banks were again hit by a large-scale R99 debit-order scam, where the likes of Capitec had to refund more than 25,000 customers. Capitec’s executive head of marketing and communications, Francois Viviers, says that while waiting for DebiCheck to be rolled out the bank will focus on creating awareness with clients to review and dispute potential fraudulent debit orders. It had enabled customers to do this on their banking app as well.
FNB’s consumer core banking CEO, Ancley Jacobs, says he believes DebiCheck, which the bank is piloting, will provide a needed breakthrough for the industry in addressing and reducing debit order fraud. He says the bank has a proactive fraudulent debit order warning system which alerts customers to potential suspicious debit orders that are currently running.
He adds that FNB notifies customers every time a new debit order is raised for the first time, regardless of the amount.