The key to avoiding the issue of identity theft when transacting online is to practice good PC housekeeping, by making sure you have the latest anti-virus programs, a personal firewall installed and some form of privacy control on your machine, say banks.
According to Richard Peasy, Absa Bank`s information security officer, if home PC users follow these practices, there is far less likelihood of them being affected the way several Bellville residents have been, following this weekend`s widely reported identity theft cases.
Bellville police are reportedly investigating 10 complaints of online theft of over R500 000 from Absa bank accounts. It appears that a fraudster using "spyware" - a program that deposits a payload on a PC, usually through an e-mail, and can then track the keystrokes a person uses - has illegally accessed a number of accounts and transferred money from them.
"Absa has so far confirmed three of the reported cases of keystroke logging through an independent company. While this has occurred, we want to stress that Internet banking is very safe and on Absa`s side, we have not had any hack penetration," says Peasy.
"In fact, we have people testing for penetration every day, to make sure that our online site is extremely secure."
He says that one of the major problems is that, because cost is an ugly thing, people are often tempted to download free software off the Internet, but that it is far safer to purchase it from a licensed dealer, as this limits the chances of spyware being embedded in the programs.
According to Patrick Evans, regional manager of Symantec Africa region, spyware is typically available online, and various types exist.
"Spyware can be used to monitor what a person types on their PC, and while it doesn`t necessarily know what each key means, someone who is adept enough will be able to work out what a person has typed, meaning they can get at a particular login name and password," says Evans.
<B>General PC safety tips and ways to prevent key-logging:</B>
* Make sure that no one has unauthorised access to your PC.
* Ensure you have the latest anti-virus applications loaded on your PC.
* Ensure that software loaded onto your PC via a third party is licensed.
* Regularly update your operating system and browser with the latest security patches.
* Do not open suspicious or unfamiliar e-mails.
* Ensure that you have control over the shared folders on your PC.
* Always ensure the secrecy of your PIN number.
* Never disclose your PIN number to anyone - this includes bank staff members. A bank staff member will never ask you for your PIN.
* Be especially vigilant of security cameras trained on your PC.
"The legality of much of what is available on the Internet is something of a grey area, as the software itself is often not illegal, but it can certainly be used for illegal purposes."
He says he believes the current identity fraud problem is a banking issue as a whole and that it is wrong to single Absa out, even though it is that bank`s accounts that have been robbed.
"One needs to remember that the bank`s security was fine, it was a security problem on the customers` side that allowed the fraudster access to the various login and password details," he says.
"It is a matter of client education. People need to be made aware that there are bigger issues than purely anti-virus software and that additional tools are required for a home PC to remain secure."
He says that in the developing world, people are less well informed than their counterparts in the First World. For example, in Germany, over 50% of private individuals use an integrated security solution, while in SA, over 90% of people are still solely reliant on anti-virus software.
"Banking online is just as safe as going to the bank itself, provided your security on your home PC is up-to-date and your environment is secure and correctly configured, to make sure that hackers can`t illegally enter through 'holes` in your configuration," says Evans.
Roland Le Sueur, head of Internet banking at First National Bank (FNB), says that as technology advances, so more risks are incurred, which is why FNB continuously monitors and keeps abreast of the latest developments, in order to help keep its clients secure.
"We do a lot in terms of customer education, such as placing online security tips on the eBucks Web site, which are continually updated as new issues come to the fore. We also host an annual Internet Banking Week, which is aimed at making customers take their systems seriously.
"Online banking is one of the most secure and convenient channels for transacting. In much the same way as people are aware of the dangers and the preventative measures to take in terms of ATM banking, we are working to make our clients aware of the similar online issues," says Le Sueur.
Both Le Sueur and Peasy believe the South African banking fraternity will work together to combat the issue of identity fraud.
"This is certainly not a competitive issue for the banks. It is about protecting the integrity and security of the Internet banking channel, so it is an issue that affects us all, and as such we will all work together to overcome these problems," says Peasy.
Related story:
E-government could aggravate SA`s identity fraud problems

