Fraudsters also prefer digital banking

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 27 Jun 2019
Kalyani Pillay, CEO of Sabric.
Kalyani Pillay, CEO of Sabric.

The latest Annual Crime Statistics, released by the South African Banking Risk Information Centre (Sabric) yesterday, show a 75.3% rise in mobile banking (USSD), online banking and banking apps crimes combined.

There was a total of 23 466 digital banking incidents, amounting to R263 million in gross losses.

Phishing, vishing (voice phishing), SMishing (SMS phishing) and e-mail hacking or business e-mail compromise were the most prominent fraud types affecting the digital banking space.

However, the banking industry reported some isolated incidents where malware was used as a method of compromising a client’s digital banking credentials, according to Sabric.

“We are concerned about some of the increases, which clearly reflect that criminals will take every opportunity to get their hands on bank customers’ money,” says Sabric CEO Kalyani Pillay.

“With regards to cyber crime, history has shown that innovation is followed by disruption. The evolution of banking has seen the emergence of digital platforms for bank clients to self-service without ever having to set foot in a bank branch.

“Online banking consumers must beware of phishing e-mails that request you click on a link. The link directs you to a ‘spoofed’ Web site designed to obtain, verify or update contact details or other sensitive financial information. Never click on links in unsolicited e-mails.”

Mobile banking incidents alone showed an increase of 100%, with gross losses of R29 million, while online banking (Web browser) incidents showed an increase of 37.5%, with gross losses of R129 million.

Banking app incidents increased by 55.4%, with gross losses of R104 million for the same period. SIM swaps in the mobile banking space saw an increase of over 200% to 11 077 incidents.

“The increase in banking app fraud can be attributed to increased usage of this platform by bank clients. Fraudsters use vishing to obtain transaction verification tokens also known as one-time passwords and random verification numbers,” states the report.

“The most prominent modus operandi in banking app fraud is vishing. Vishing is where a fraudster phones their victim posing as a bank official or service provider and uses social engineering skills to manipulate them into disclosing confidential information. This information is then used to defraud the victim.”

A recent SITEisfaction report, based on an survey of local banking clients, found online fraud is at an all-time high, with 69% of users reporting to have been targeted by fraudsters (up from 62% in 2018, and 46% in 2017). One out of every three respondents (33%) fell victim to fraud (up from 22% in 2018 and 19% in 2017), according to the report.

Combined gross card fraud losses on South African-issued bank cards saw an 18% increase from 2017 to 2018, totalling R873 million, with credit card fraud increasing by 18.4% and debit card fraud increasing by 17.5%, notes the report.

Card not present (CNP) fraud on South African-issued credit cards remained the leading contributor to gross fraud losses in the country, accounting for 79.5% of all losses. CNP debit card fraud showed the greatest increase in card-related losses at 62.3%, due to the enablement of CNP transactions on debit cards.

The good news is that cash-in-transit robberies decreased by 22%, from 376 to 292 incidents from 2017 to 2018. Cash losses here also showed a decrease of 22% for the same period.

Sabric says it will continue to work closely with law enforcement and other partners to address the scourge and ensure further incident declines.

In 2018, lost and/or stolen debit card fraud amounted to 42.5% of all debit card fraud, and bank customers continue to fall victim to fraud at ATMs while transacting. Criminals approach victims under the pretext of being helpful, and in many instances even pose as a bank official.

They then steal the victim’s bank card and shoulder-surf to obtain the PIN. Sabric urges bank clients to never accept assistance from anyone at an ATM, no matter how friendly or helpful they may appear.

"We have seen a sharp increase in vishing incidents, where criminals phone bank customers, lead them to believe they are speaking to the bank or a legitimate service provider, and use social engineering tactics to manipulate them into disclosing their confidential bank card details, as well as other personal information. A bank will never call you to ask for this information. If you receive such a call, put the phone down immediately," advises Pillay.

Top seven banking crimes