About
Subscribe

Banks meet on Internet fraud

Paul Vecchiatto
By Paul Vecchiatto, ITWeb Cape Town correspondent
Cape Town, 22 Jul 2003

Representatives of the four major commercial met in Johannesburg this morning to learn from Absa clients` compromised online . However, the terse statement released after the meeting does not say what issues were discussed.

"We took the initiative in convening the meeting to share information about this new crime with the other banks to ensure they benefit from the experience we gained in dealing with the incidences in the Western Cape," says Richard Peasey, Absa`s group information security officer.

The statement says each of the banks will use the information provided to the benefit of their own customers.

Peasey says Absa plans to convene similar meetings with other industry players. "Our focus is on and sharing information to ensure peace of mind for consumers," he says.

Representatives from Nedcor, First National Bank (FNB) and Standard Bank attended the meeting, which was called by Absa following weekend revelations that at least R500 000 had been withdrawn online from client accounts. The clients were mainly in the Bellville area north of Cape Town.

All the other banks that attended the meeting have stated they are unaware of similar hacks into their own clients` accounts.

Banks give assurances

Meanwhile, the major commercial banks are reiterating warnings about secure usage of online banking services, and are assuring clients that their services are secure.

Roland Le Seur, head of Internet banking at FNB, says none of his bank`s Internet banking accounts have been jeopardised in any way.

"Our technology experts make use of the very latest security measures such as 128-bit encryption, and are constantly monitoring our Web site to ensure personal details and financial transactions remain completely secure. Nevertheless, with the constant changes and updates made in technology come new and more advanced security risks, including certain risks that can occur on the customer`s side."

Le Seur says in the case of these specific reports, the thefts have occurred, not on the bank`s side, but as a result of "identity theft" on the customer`s personal computer. One of the methods that identity theft makes use of is an e-mail whereby a computer virus is downloaded when the e-mail message is opened. Thereafter the customer`s personal banking details, including passwords and PINs, are intercepted and made available to the fraudster.

Standard Bank says in a statement that it has built specific control measures into its online banking to protect its customers. These include the way that customers create payment beneficiaries on their accounts as well as monthly transactional limits.

"It is important for online customers to have an appropriate daily payment limit set for their account; this may be done at their branch. We also inform customers immediately by e-mail of changes to their Internet banking profile or beneficiaries when they occur. It is therefore important that customers check their e-mail regularly, and ensure their profile is always updated with their latest contact details," says Herman Singh, director of direct channels at Standard Bank.

The statement says the principles of good security remain the same, regardless of whether customers use ATMs, credit cards or online banking applications. They must ensure their PIN and password remain secure at all times.

"It is important that customers regularly update anti-virus software as well as the licensed copy of the PC operating system and not open any suspicious e-mails. Customers must also practice `safe' surfing habits, such as not following links to unknown Web sites and be cautious of PCs with public access to them. They may also want to restrict access to their own PC," Singh says.

Related stories:
Banks say education stops online fraud
eBlaster tool may be Absa fraud culprit

Share