Prevention better than cure

Banks spend billions of rands on customer education, training users to prevent them from becoming victims.

Rabelani Dagada
By Rabelani Dagada, Professor, University of Johannesburg
Johannesburg, 14 Oct 2014

In my view, the Johannesburg-based Saturday Staris one of the publications that has reported extensively on digital banking-related crimes. Some of the catchy headlines which appeared in the paper read as follows: "Victims' SIM swap fraud nightmare", "Banks clam up as clients lose millions in scam", "Online criminals getting very sneaky as they find ways to rob you", and "ATMs under siege from the bombers".

During the study on which this Industry Insight is based, I realised that South African banks use customer training to protect customers and improve the perceptions regarding the credibility of the digital banking delivery channels. Banks also avoid litigation and poor adoption of cellphone and mobile delivery channels by ensuring users are adequately trained. It is on this premise that banks have largely refused to repay customers' money defrauded through digital banking crimes, such as phishing, spoofing and skimming.

Education is a priority in all the banks and thus there is frequent employee and customer education regarding security. Each of the four big banks posts vast amounts of security-related materials on their Web sites. Newsletters are also sent to the clients on a quarterly basis to provide security-related tips. Banks are being proactive in warning their clients.

Forewarned is forearmed

South African banks are being proactive when it comes to crime, and they have early warning mechanisms in place that enable them to see what is happening globally regarding the security of their customers' accounts. These mechanisms put the South African banks in the position of being informed about potential security threats before they manifest. And if the crime actually happens, affected clients are informed speedily.

Information security intelligence provided to customers has increased dramatically since the first famous digital banking crime in SA in 2003. When digital banking-related crimes were reported for the first time in SA 11 years ago, banks would reimburse the clients. However, banks currently refuse to reimburse their clients because they are doing a lot to educate and support the clients. This includes providing clients with the "freebies" to enhance their security.

Banks are being proactive in warning their clients.

It is the responsibility of clients to ensure anti-virus software is deployed on their computers. This would assist in making the computer safe. Also 'for free', banks send an SMS when a user logs into Internet banking. There is a telephone number contained in the SMS that banks send to clients. Clients can call this number the moment they become suspicious regarding the security of their digital banking accounts. Users should ensure they do not conduct transactions in unsafe computing environments like Internet cafes.

If the clients decide to ignore SMSes from the bank regarding transactions that are taking place on their accounts, then the bank cannot be expected to be liable. South African banks are becoming more sophisticated in terms of ensuring clients are more secure in the digital banking environment.

Based on the findings of the study on which this Industry Insight is based, I can assert that the South African banks are leaders worldwide in terms of digital banking innovation and information security.

#Dagada investigated digital banking security as part of his PhD study at the University of South Africa. Banks that participated in this study include Absa, FNB, Investec, Nedbank and Standard Bank.