SA sees rise in mobile bank fraud
The South African Bank Risk Information Centre (Sabric) has warned bank customers to pay more attention to their mobile security.
According to the company, mobile banking fraud is on the rise in South Africa and cyber crime is costing the country $1 billion each year.
Sabric says online banking fraud increased especially as a result of the high level of phishing and malware attacks targeting banking customers.
Sabric CEO Kalyani Pillay says while banks continuously provide cyber security messages and advice, criminals are also devising new ways to steal from customers.
"As more bank consumers migrate to online banking platforms, the risk of smartphones and handheld devices being compromised has also amplified.
Consumers need to ensure that anti-virus software is downloaded onto their smart devices as well as their PCs before they access their online banking profiles."
Software is made available by most banking institutions and can be accessed on their Web sites for free download by customers, notes Pillay.
As mobile smartphones and the dedicated apps they support become an attractive target for fraudsters, many cyber criminals are using social engineering to elicit private information from unsuspecting users in order to commit fraudulent transactions, says Xavier Larduinat, senior technologist at Gemalto.
With the local roll-out of chip and PIN banking cards, we're seeing fraudsters move away from targeting secure transactions and start focusing on less secure digital channels, he adds.
A combination of applications on mobile phones, spam and weak passwords have led to personal and financial data being compromised in many instances - offering criminals compelling opportunities to target consumers and steal their identity, says Larduinat.
"Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.
"For example, it is much easier to fool someone into sharing their password than it is to hack their password unless the password is really weak."
While new technologies such as apps and WiFi hotspots have made banking easily accessible to the public, they also carry certain risks, says Larduinat. Consumers must be aware of these risks and take steps to safeguard themselves, he adds.
Tjaart van der Walt, Truteq Group CEO and international MD, says as more and more banks migrate banking services to mobile, enterprising and sophisticated (often globalised) criminal networks have devised ever-ingenious ways to use mobile phones to separate customers from their money.
According to Van der Walt, a user's mobile identity has become a natural target for criminals because most banks today use their customers' mobile phone as another way (or 'second-factor') to identify and authorise credit card, ATM, point-of-sale or Internet banking transactions.
All these types of fraud have one thing in common - they use mobile phones to authorise the transaction, he adds.
As the problem of banking fraud has been growing, so has the media attention it has been receiving, says Van der Walt.
However, the true scale of the mobile and online banking fraud may be underreported because it is in the best interest of the banks not to draw too much attention to these losses, he observes.
Meanwhile, Sabric has started a campaign, titled "Skelm", which aims to empower South Africans to protect themselves against banking fraud.
The campaign will provide various platforms on social media for the public to share their own experiences of being scammed in order to empower one another.
The managing and protecting of electronic devices such as mobile phones, tablets and PCs is crucial to ensuring that the scourge of cyber crime is minimised, says Sabric.
It points out banks are constantly enhancing their platforms and products to ensure that their customers are not easily duped by criminals and to mitigate against the risk of cyber crime.
However, it is important that the consumer is also empowered in avoiding compromising their cyber security, it adds.