neither his bank (FNB) nor the operator (Vodacom) were willing to accept any liability for the loss.
This is getting ridiculous...

The banks need to pull their thumbs out of their ass and find a way to keep their customers money safe (aka do their job)...or if they aren't capable of that refunded the customer's for the damages caused by their inability to do their job.

At the very least they should offer an alternative mechanism. e.g. Google authenticator so that people can at least decide which is the best for them.

Pointing the finger at VC / MTN might be partially true, but I'm not paying VC / MTN to keep my money safe.
 
I am curious to know which OS on the phone was used to perpetrate these criminal deeds ios,Android,Blackberry or Windows Phone. I suspect "open source" OS was used in these deeds.
 
I am curious to know which OS on the phone was used to perpetrate these criminal deeds ios,Android,Blackberry or Windows Phone. I suspect "open source" OS was used in these deeds.

You think it's the OS at fault?
 
well, the flaw in the app is that it doesn't ask for an OTP when registering new accounts. thank you FNB.

furthermore, they now have an IP from a phone and hopefully it's not masked. furthermore, if the criminal is dumb, he's using the phone and it can be tracked :)
 
well, the flaw in the app is that it doesn't ask for an OTP when registering new accounts. thank you FNB.

You shouldn't be able to do login using an devices that you didn't pre-authorise with an OTP to begin with. With a phone it means, it should be your phone, if someone can install an app in their phone and login into your bank account then there is a security hole somewhere.
 
This is getting ridiculous...

The banks need to pull their thumbs out of their ass and find a way to keep their customers money safe (aka do their job)...or if they aren't capable of that refunded the customer's for the damages caused by their inability to do their job.

Could not agree more as this is now becoming so common that its not even funny anymore to hear about another victim of this crap. I wonder what this is really costing the banks. Maybe a topic for a news article i.e. what banking fraud through electronic means is costing SA banks.

Banks in my opinion is contributing to this in a large way as they are not transparent on what's happening and or what happened in these cases. Was it a security flaw or was the client at fault. They should be transparent and tell us what we need to do to prevent it from happening to us. If not a security flaw then tells us what the client did that was wrong so we can learn from that. If they start doing that people will be more aware and we can work together [banks and clients] to stop this s***t.

But currently they are mum on what happened. Most probably to scared to admit there are problems and losing clients.
 
I just added my s5 to my fnb profile. I had to log into the online banking site and put in an Otp. So to register a device you need an in contact phone set up, as well as know the username and password. Seems safe enough to be
 
Cellphone company is at fault for allowing a SIM swop without a proper check on the owner.
 
I never read the news articles, but everyone is going on about FNB and the OP say Standard Bank. Now I'm actually curious...
 
It all boils down to the simple fact that a secure(by industry standards) system is being brought down by the use of an insecure system. If I were to ever be a victim of this sort of crime I'd go after the bank for using a system which is & proven by numerous examples now.. Is insecure. They are at fault! At the end of the day, use of cellular technology to push OTP is only a worthy feature if the transit and recipient of the OTP is secure. CLEARLY there is a problem with securing transit/message end point which means the banks at fault for implementing..

Sure the real issue is that sim swaps and porting happens illegally.. But this is not a banking issue. The banking issue is that these stupid banks continue to use an insecure means of securing logins.
 
Additionally, with smart devices with apps tied to both sim and device, why the hell are they sending OTP in the clear?? Like wtf kind of stupidity is that? To secure simply send an encrypted OTP to device which is decoded by the app.

Granted this does not help non-smart users but it should cut down the big theft.
 
Is it just me or how do you get defrauded 3 times from 3 different institutions?

There is something not right here. I personally think he left his details somewhere or someone (who he knows) is using his details where he possibly wrote them...
 
Is it just me or how do you get defrauded 3 times from 3 different institutions?

There is something not right here. I personally think he left his details somewhere or someone (who he knows) is using his details where he possibly wrote them...

Had the exact same thought. He is either the unlucky victim of a very smart and motivated thief, or he is an idiot.
 
It all boils down to the simple fact that a secure(by industry standards) system is being brought down by the use of an insecure system. If I were to ever be a victim of this sort of crime I'd go after the bank for using a system which is & proven by numerous examples now.. Is insecure. They are at fault! At the end of the day, use of cellular technology to push OTP is only a worthy feature if the transit and recipient of the OTP is secure. CLEARLY there is a problem with securing transit/message end point which means the banks at fault for implementing..

Sure the real issue is that sim swaps and porting happens illegally.. But this is not a banking issue. The banking issue is that these stupid banks continue to use an insecure means of securing logins.

If their systems are so insecure then why have I not been scammed once and this guy has been scammed twice at two different banks? This is a dumb consumer not an insecure system.
 
Is it just me or how do you get defrauded 3 times from 3 different institutions?

There is something not right here. I personally think he left his details somewhere or someone (who he knows) is using his details where he possibly wrote them...

Absolutely agree and I have the same concerns. I think in this case the initial institutions was right. This guy have bigger problems and I think he, as with all of us really, need to start to take accountability and responsibility for our digital security.
 
Top
Sign up to the MyBroadband newsletter