Online banking fraud - consumers have a say and a responsibility
Financial institutions are obliged to provide secure mechanisms for their customers, and consumers must protect their personal information and interests, says Charl Ueckermann, CEO at AVeS Cyber Security.
Incidents of online banking fraud continue to rise in South Africa as more consumers become comfortable with transacting on the Internet. While cyber fraudsters are known to target companies - or financial institutions - in order to steal larger amounts, individuals are frequently targeted for quick and easy wins.
"Certainly, as we have seen in the past few years, banks can become the targets of cyber hacker syndicates. However, a lot of the online banking fraud we see is the result of malware or spyware that has been installed on a user's computer or device unbeknown to the individual. Due to poor security measures on consumers' devices, hackers are able to access their banking details and steal their money. Social engineering, however, is another growing problem. People are tricked into giving away their personal or banking details via phishing e-mails or over the phone. Fraudsters then use these details to gain access to their bank accounts online.
"Various pieces of legislation place considerably onerous responsibilities on financial institutions to implement measures to protect the information about their customers that they collect, process and store. Financial institutions are also obliged provide secure mechanisms for their customers to conduct their banking safely online. But, there is some onus on consumers to protect their personal information and interests. Therefore, it is important for everyone transacting online to understand their rights and responsibilities," says Charl Ueckermann, CEO at AVeS Cyber Security.
Read more: How risky am I?
According to him, most financial institutions offer stringent online security on their Web sites as well as a commitment that protects their customers while using their online banking features. These guarantees are created to protect consumers if they suffer a loss from unauthorised transactions made using the financial institution's online banking service. Consumers are advised to find out what security measures their bank has in place to protect them when banking online; what their bank's online banking service commitments are; as well as their policy on unauthorised transactions.
"Consumers have the right to ask what mechanisms their bank has in place to protect their personal information as well as their money when they transact online. Bear in mind that cyber criminals make it their business to stay a step ahead of their targets. So choose a bank that takes its online security very seriously," he says.
"People should also take the time to read their bank's online banking or electronic access agreement to check that they are meeting all the bank's requirements for when banking online. Some banks may require users to install a specific security tool or add-on to the computer or device they use to transact online."
On the flip side of this, it is the consumer's responsibility to always keep their banking information, user IDs, passwords and PIN numbers confidential.
"If you give your online banking details to anyone, it comes with the risk of losing whatever protection your bank offers against unauthorised transactions. This could result in you being responsible for any unauthorised transactions on your account, and you won't be refunded for your loss," warns Ueckermann.
Consumers can help make their online banking safer by:
* Keeping PINs, passwords and personal verification questions secret;
* Always logging off the banking Web site properly, and closing the Internet browser completely after each and every online banking session;
* Installing tools and security add-ons provided by the financial institution to make online banking features more secure;
* Making sure the IT security software on computers and devices used for Internet banking are up to date;
* Avoiding the use of free WiFi hotspots to access the Internet for online banking;
* Not opening attachments in unsolicited mails. This could activate the installation of malware onto your computer;
* Using encrypted sites where possible; check for the little padlock symbol in the address bar. Banks' official online banking sites are encrypted;
* Never entering personal information onto a Web site from an external link or pop-up. First, open a new browser window and type the URL directly into the address bar to ensure the site is legitimate; and
* Making sure financial providers can deliver information about the latest security trends and security mechanisms in place to protect consumers from being exposed to hackers.
Read more: Personal security information stakeholders
"It is also important to regularly check your bank account for unusual or unexplained transactions. Report anything suspicious to your bank straight away. To keep tabs on the money flowing in and out of your account, register for SMS notifications so that you receive alerts when there is a transaction on your account. Also, read the messages from your bank that may pop up from time to time when you log onto your online banking. There could be a warning or an important tip to take heed of. Credible financial institutions will make these and other interventions available to their customers in order to enhance the level of protection," concludes Ueckermann.