How can this be possible??

M

MKFrost

Expert Member
Joined
Oct 23, 2012
Messages
3,837
Reaction score
6
Location
Cape Town
I just read this about R50,000 being stolen from a persons account within 6 hours.

http://www.fin24.com/MyFin24/Over-R50-000-gone-in-6-hours-20121121

We are always told by our banks, mobile providers and the like that their security is the best and that their systems are 'world-class'. Every now and then we have new legislation like RICA and the like and am told that all the inconvenience and cost will be worth it as it's in our own interest as it will enable the people in charge to fight crime and protect us.

Call me cynical but I no longer buy the bullsh****t these people are peddling. I cannot help but to think that our corporates are sitting ducks and that they are more reactive than proactive when it comes to these security threats. How can their security be breached so easily? It seems like its child's play for those with the required knowledge to get into our banks and mobile operators.

How many cases are there like this that we have not heard of and never will as they are kept tightly under wraps?

I recently had my mobile number 'hi-jacked' and it took me almost two weeks and a couple of hundred Rand to get it back onto my name. At no time during this experience was security and or security issues discussed. They were more concerned that I actually owned the number. Once resolved no or little effort was made to investigate why this was done and especially by whom this was done. Everybody just pulled up their shoulders stating that they were not sure how this happened.....

I recently also had a problem with a call account I had with one of the top 3 banks. A substantial amount was placed on a 32 day call account as I was buying a house cash. Still not sure how it all went down but we eventually picked up on the system that a request was put in for the funds and that it would have been paid out about 5 days later. I never requested the funds and nobody can tell me who authorised the request.... In the end I lost nothing and am not sure whether I would have lost any but still....how did this happen. If you ask you are told that they are not sure but it will be investigated and dealt with.

Don't know about you but my mattress is looking better and better everyday in so far as a safe haven for my money is concerned.
 
I read the article and see it isnt the Wife, but the husband retelling the story. I can only say in my many years in IT, 70% of the time the user caused the problem either via social engineering or lax security.
 
MKFrost said:
I just read this about R50,000 being stolen from a persons account within 6 hours.

http://www.fin24.com/MyFin24/Over-R50-000-gone-in-6-hours-20121121

We are always told by our banks, mobile providers and the like that their security is the best and that their systems are 'world-class'. Every now and then we have new legislation like RICA and the like and am told that all the inconvenience and cost will be worth it as it's in our own interest as it will enable the people in charge to fight crime and protect us.

Call me cynical but I no longer buy the bullsh****t these people are peddling. I cannot help but to think that our corporates are sitting ducks and that they are more reactive than proactive when it comes to these security threats. How can their security be breached so easily? It seems like its child's play for those with the required knowledge to get into our banks and mobile operators.

How many cases are there like this that we have not heard of and never will as they are kept tightly under wraps?

I recently had my mobile number 'hi-jacked' and it took me almost two weeks and a couple of hundred Rand to get it back onto my name. At no time during this experience was security and or security issues discussed. They were more concerned that I actually owned the number. Once resolved no or little effort was made to investigate why this was done and especially by whom this was done. Everybody just pulled up their shoulders stating that they were not sure how this happened.....

I recently also had a problem with a call account I had with one of the top 3 banks. A substantial amount was placed on a 32 day call account as I was buying a house cash. Still not sure how it all went down but we eventually picked up on the system that a request was put in for the funds and that it would have been paid out about 5 days later. I never requested the funds and nobody can tell me who authorised the request.... In the end I lost nothing and am not sure whether I would have lost any but still....how did this happen. If you ask you are told that they are not sure but it will be investigated and dealt with.

Don't know about you but my mattress is looking better and better everyday in so far as a safe haven for my money is concerned.
Click to expand...

One of my staff actually had the same sentiment the other day.

Her friend's sim was swapped and R8000 was stolen from her Capitec account and transfered to another capitec account.Apparently Capitec was not very helpful and basically told her tough luck.When she reported it to the police,Capitec refused to give any info.Now coupled with the other banks high charges and low interest rates she also said that there is no reason for a low income earner to have a bank account.
 
fonoi, okay BUT CELL phone banking is the most insecure way to bank, internet banking from your PC at home, not work definitly not from an internet cafe or from a cell phone is the way to go.
This money being stolen from cell phones is an old story. A friends fiancee had R24000 removed after she took her cell in for repair.
 
JustAsk said:
One of my staff actually had the same sentiment the other day.

Her friend's sim was swapped and R8000 was stolen from her Capitec account and transfered to another capitec account.Apparently Capitec was not very helpful and basically told her tough luck.When she reported it to the police,Capitec refused to give any info.Now coupled with the other banks high charges and low interest rates she also said that there is no reason for a low income earner to have a bank account.
Click to expand...

Capitec doesnt use SIM card based account authentication, you have a physical dongle or a app on your smartphone. SMS is just used for account activity notification, so a SIM swap would do little except that she wont get notifications. So either she left her dongle around or was phised via e-mail or something else similar (and you need to enter a new dongle/app generated security code for each transaction) and then it is a user issue.

Story does not compute, maybe lost something in the retelling.
 
supersunbird said:
...security key dongle attached to my keys...
Click to expand...
Same here from HSBC and I do make use of two step verification where possible i.e. Google, Dropbox etc..

fonoi said:
I read the article and see it isn't the Wife, but the husband retelling the story. I can only say in my many years in IT, 70% of the time the user caused the problem either via social engineering or lax security.
Click to expand...

Agree, there are always two sides to a story and I have to agree that the ignorance of the client plays a role in many of these cases. I am however still concerned about the overall security and the ease with which these perpetrators get into the system.
 
supersunbird said:
Capitec doesnt use SIM card based account authentication, you have a physical dongle or a app on your smartphone. SMS is just used for account activity notification, so a SIM swap would do little except that she wont get notifications. So either she left her dongle around or was phised via e-mail or something else similar (and you need to enter a new dongle/app generated security code for each transaction) and then it is a user issue.

Story does not compute, maybe lost something in the retelling.
Click to expand...

Could be.

Anyway,the problem she have is with the lack of support from the bank and the slow reaction from mobile operators in a sim swap.She feels safer with a mattress now.

I have heard horror stories about Capitec.Inside jobs (some people say they employ questionable staff) ,the ease of opening an account without the relevant documentation ,Nigerians having hundreds of capitec accounts under different names.Some people say they never have any money in their accounts,as soon as they take out a loan,they are targeted.
 
JustAsk said:
...the ease of opening an account without the relevant documentation...
Click to expand...

That's what I meant in regards to all the legislation like FICA, RICA etc.... Seems that they did little to solve any problems and or help in preventing crime. As usual all it did was place an additional burden on law abiding citizens while the criminals run free and do as they please.
 
MKFrost said:
That's what I meant in regards to all the legislation like FICA, RICA etc.... Seems that they did little to solve any problems and or help in preventing crime. As usual all it did was place an additional burden on law abiding citizens while the criminals run free and do as they please.
Click to expand...

I disagree with you there.FICA/RICA is just laws,enforcing it successfully will solve many problems.On it's own they can do nothing.That's like saying because speeding is illegal,that law itself will automatically solve it.

The point i was trying to make is opening non fica'd accounts seems to be easier with capitec.

EDIT:What i would like to see is a security mechanism from all banks where you can lock accounts from ever be used with internet or cellphone banking.
 
Last edited:
JustAsk said:
I disagree with you there.FICA/RICA is just laws...
Click to expand...

Yes I'm with you there and agree that the laws themselves are good, its the enforcement that's lacking. What I tried to say was that our country is starting to get into the habit implementing all these great laws but that we fall far short when it comes to the enforcement of them. If they were properly enforced there would be no way for a fraudulent bank account to be opened and if so it would be possible to trace the culprits. Same goes for the mobile industry.

In my opinion this whole RICA thing is such a mess that it is essentially useless.
 
Sounds like an illegal sim swop was done on her cell number, giving the perpetrator access to her accounts via the cell phone banking application. The only thing a perpetrator would need is her password.
 
pgs said:
fonoi, okay BUT CELL phone banking is the most insecure way to bank, internet banking from your PC at home, not work definitly not from an internet cafe or from a cell phone is the way to go.
This money being stolen from cell phones is an old story. A friends fiancee had R24000 removed after she took her cell in for repair.
Click to expand...

I'm pretty sure they hacked her account and deactivated her cellphone number so she wouldn't know what was happening - happened using a computer.
 
supersunbird said:
Capitec doesnt use SIM card based account authentication, you have a physical dongle or a app on your smartphone. SMS is just used for account activity notification, so a SIM swap would do little except that she wont get notifications. So either she left her dongle around or was phised via e-mail or something else similar (and you need to enter a new dongle/app generated security code for each transaction) and then it is a user issue.

Story does not compute, maybe lost something in the retelling.
Click to expand...

If her sim was swapped and they used the USSD banking which does allow payments to other Capitec accounts then that's probably what happened. They would need to know her mobile banking PIN to do this (which is not necessarily her ATM pin). I'm not sure the bank would be the first person to turn to in this situation; as far as I'd be concerned it's an issue with the cellphone provider first of all - otherwise I can pay someone and then go to Capitec and say "my sim was cloned i want my money back". I would assume, or at least hope, that if the due diligence of taking the mobile network provider to task on this and gaining authority backed proof that the bank would be of some help - but other than that, the bank cannot simply release the account details of someone because of a claim that could just be based on sour grapes.. (taking it from the banks perspective).
 
pgs said:
fonoi, okay BUT CELL phone banking is the most insecure way to bank, internet banking from your PC at home, not work definitly not from an internet cafe or from a cell phone is the way to go.
Click to expand...
I actually rate my work's network security higher than my own so I do bank from work.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X