Johannesburg, 10 May 2007
All countries with sophisticated financial sectors and electronic payment mechanisms such as Internet banking in place, are experiencing a dramatic rise in phishing attacks.
This is according to Chris Kotze, FNB Online CEO, who says SA is no different and, around the globe, identity theft in the form of phishing has more than doubled when compared to a year ago.
FNB, in particular, has been the victim of persistent and relentless attacks in recent weeks, although Kotze says it is difficult to compare the extent to which FNB clients have been targets of phishing attacks to that of the other South African banks, as this information is not available in the public domain.
However, he says FNB does have information that indicates similar attacks against the other large South African banks.
According to the bank, some of its clients were defrauded, but said FNB has a 100% refund policy under these circumstances.
Kotze says FNB's security measures are not inferior to those of the other service providers and the bank was the first local bank to introduce a 'one-time password' in the form of a DigiTag.
He also says FNB was the first local bank to introduce the free 'in-contact' service that alerts clients of all the activity on their accounts, enabling clients to immediately report suspicious transactions.
"Certain rules are applied to all online banking transactions to interrogate and block potentially fraudulent transactions," he says. This is dubbed the SmartBlock solution.
To ensure its clients are not subjected to too many changes, Kotze says FNB recently embarked on a significant online banking platform migration. The bank decided to overlap the platform change with the launch of a new security module, a mandatory 'one-time PIN' via cellphone text message.
Unfortunately, he says, the migration caused FNB to lag behind the other South African banks by a couple of months, with the introduction of a mandatory 'one-time password' via SMS. Kotze says this, combined with the uncertainty created by the change-over to the new platform, resulted in a perceived phishing attack focus on the FNB online users.
He says all FNB Online clients now have mandatory second-level authentication in place, such as DigiTag, one-time PIN via SMS or digital certificate, which, combined with in-contact and SmartBlock, negates the effective impact of phishing attacks.
"We are well advanced with further security measures to proactively block the next wave of potential online fraud attacks," he concludes.
Related stories:
Banking fraud increases
Share