Facebook   Twitter    YouTube    RSS Feed    Android App    iPhone and iPad App     BlackBerry App    
Subscribe to Newsletter



Page 1 of 3 1 23 LastLast
Results 1 to 15 of 37

Thread: Vodacom at centre of banking SMS scam

  1. #1

    Default Vodacom at centre of banking SMS scam

    Vodacom at centre of banking SMS scam

    Vodacom subscribers scammed out of R 2.4 million; cellular provider dodges questions about safety of SMS banking

  2. #2
    Grandmaster
    Join Date
    Aug 2003
    Location
    Home: Wapadrant Office: Lyttelton
    Posts
    3,739

    Default

    Will VC compensate those defrauded the easy way, or will a few lawyers need to be enriched before the fraud victims will be compensated?
    South Africa needs World Class Broadband at World Competitive Prices.

  3. #3

    Default

    this is such rubbish... big companies getting away with murder as always... so sad!
    Better to Live 1 Day as a Lion then 1000 Years as a Sheep

  4. #4
    Senior Member
    Join Date
    May 2004
    Location
    South Africa.
    Posts
    284

    Default

    Vodacom did warn that “due to the immediacy of online banking, consumers are reminded to keep their online banking details secure from any third party”. This advice is however unlikely to put Vodacom subscribers’ minds at ease when the cellular provider itself was partly to blame for the security breach of their clients’ accounts.
    secure from any third party? like Vodacom employees?

    also want to know if Vodacom will pay back the money stolen with the help of their employee? (their employee's help was presumably key for the scam to work)

    deduct the money from the director's salaries, or the managers in charge of security
    Jacques
    CT

  5. #5

    Default

    Surprise surprise - inside jobs are not as uncommon as people would like to believe... it happens at banks, why should it not happen at your phone provider?

    ID Theft etc is more likely to happen at the phone provider IMO - they don't have to toe the line like the banks do. They simply shrug it off and carry on.
    .

  6. #6

    Default

    “Vodacom has implemented additional security measures, to ensure that this type of fraud does not happen again,” said Dot Field
    This might be a little bit OT, but why does she not change her name to something like Slash Park, or Comma Meadow? I'll think even Hyphen Lawn is a better option....

    Anyways - that is on a lighter note. Not all is gloom and doom ya know.
    You can do something for love, you can do something for money, but there is nothing quite so satisfying as doing something out of spite - Jeremy Clarkson, 1991

  7. #7

    Default

    Its not south african enough Roux...
    How about Punt Veld
    .

  8. #8

    Default

    Every day when you log on to your banking site you expose yourself to a man in the middle attack [through SSL]. Sure, it's a lot more difficult to impliment but conceptually it's the same thing [in a way at least].

    It's a risk we're all fairly comfortable to live with, since, not much can be done about it because at the end of the day, someone will still have access to whatever is being protected. The only safe way of dealing with information is not to tell anyone, not to write it down and not to need it. Clearly we need this, so in this instance we'd have to put our faith in Vodacom to minimize the risk of it happening again and to work with the SAPS [and others where needed].

    More importantly I'm happy that the employee has been taken into custody and that he/she is ultimately held responsible for this fraud, to me, it's the positive in this case.

  9. #9

    Default

    No comment from VodacomData?
    Opinions are like A-holes, everyone has one.

  10. #10
    Super Grandmaster
    Join Date
    Apr 2009
    Location
    Tiny cold island soon
    Posts
    6,524

    Default

    Quote Originally Posted by Lazy View Post
    Every day when you log on to your banking site you expose yourself to a man in the middle attack [through SSL]. Sure, it's a lot more difficult to impliment but conceptually it's the same thing [in a way at least].

    It's a risk we're all fairly comfortable to live with, since, not much can be done about it because at the end of the day, someone will still have access to whatever is being protected. The only safe way of dealing with information is not to tell anyone, not to write it down and not to need it. Clearly we need this, so in this instance we'd have to put our faith in Vodacom to minimize the risk of it happening again and to work with the SAPS [and others where needed].

    More importantly I'm happy that the employee has been taken into custody and that he/she is ultimately held responsible for this fraud, to me, it's the positive in this case.
    Actually, a verified and TRUSTED SSL certificate is provided by a company where the employee's are actually physically separated from each other, and the knowledge required to duplicate one certificate would require at least 3 employee's to work together at great risk and with obvious procedural changes.

    The entire layout and flow and process of a TRUSTED company, and the audit processes are something to be admired.
    Perhaps it's time we took a contract out on Murphy.

  11. #11

    Default

    Quote Originally Posted by mbp View Post
    Its not south african enough Roux...
    How about Punt Veld
    Ah - of course yes - that is much better. Komma Parkie is also a good one I think.
    Quote Originally Posted by Snoob View Post
    No comment from VodacomData?
    Wonder why.... Where is he at right now ?
    Hy wou daar kom....
    You can do something for love, you can do something for money, but there is nothing quite so satisfying as doing something out of spite - Jeremy Clarkson, 1991

  12. #12

    Default

    Quote Originally Posted by davemc View Post
    Actually, a verified and TRUSTED SSL certificate is provided by a company where the employee's are actually physically separated from each other, and the knowledge required to duplicate one certificate would require at least 3 employee's to work together at great risk and with obvious procedural changes.

    The entire layout and flow and process of a TRUSTED company, and the audit processes are something to be admired.
    There are various ways of implimenting man in the middle and all of them have very stingent requirements. But lets not get sidetracked with hacking techniques, I'd enjoy it too much and derail the thread completely.

    My point was that even if the company has proper auditing, is to be trusted etc etc, at some point in the process someone will still be involved at a low-enough level to have access to some form of data that can be harmful. It's unavoidable really. The checks and balances need to be in place to detect that as soon as possible, which is not always easy either.

    Which is why I'm happy they have the suspect in custody, because it means that the process is good enough to identify the culprit, which is well above what would probably be minimum requirements to be [fairly] responsible.

  13. #13

    Default

    I have always said that SMS banking is stupid...they are way too easy to hack! I want our banks to get OTP tokens! From a quick google there is even an SA group that is doing this. www.fireid.com.

    I also hate recieving like 5 SMS's when I log into absa banking to do a transaction. then I have to spend like 30 seconds deleting all the messages after I'm done.

  14. #14

    Default

    confused about going to vodacom or staying at mtn, either way you lose money.
    Always be wary of the Software Engineer who carries a screwdriver.

  15. #15
    Super Grandmaster
    Join Date
    Apr 2009
    Location
    Tiny cold island soon
    Posts
    6,524

    Default

    Quote Originally Posted by Lazy View Post
    <snip>Which is why I'm happy they have the suspect in custody, because it means that the process is good enough to identify the culprit, which is well above what would probably be minimum requirements to be [fairly] responsible.
    Yep yep yep!
    But .. I am still wondering if any have managed to slip through the cracks.
    We're not receiving assurances to that song yet.
    Perhaps it's time we took a contract out on Murphy.

Page 1 of 3 1 23 LastLast

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •