How to sign up for Absa WhatsApp banking

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
37,285
#2
Nice! Thanks for the follow up. They really should have released info like this with their original press release.

“If a fake WhatsApp, Twitter, or Facebook Messenger user tried to pretend to be Absa, they would not have access to your secure banking information and the service would not be able to work. No transactions could take place as they would not be linked to our system,” said Absa.
I'm not following their logic. I doubt a 'fake Whatsapp, Twitter or Facebook Messenger user' would 'try pretend' to be ABSA for any purpose other than to phish your details... and yes, they would have your details if you are not thinking straight or not tech-savvy and hand out that info, assuming they are the real ABSA... the generation that hasn't grown up in the internet age are always at risk from phishing... IMO don't ever help the elderly or technophobes set this up.



^^ Nice bit of info that, but again, it needs to be communicated frequently to Whatsapp banking users otherwise people will forget to look for it. And while it's yellow on a green background today, that will change if Whatsapp ever changed their color scheme - ABSA has no control over the Whatsapp platform. They might even do away with it (though unlikely), but it's quite possible that they could.

As for "“This message cannot be faked by a scammer as it is generated by WhatsApp,” said Absa." - that's bull. Sending images has been a Whatsapp feature for as long as I can recall. Just read the article - it's been 'faked' in there LOL. Sure it may take a 'special kind of stupid' in most people's opinion to fall for it, but no doubt people will also forget that they even need to check for it. Bottom line is there are plenty of people that most technophiles consider a 'special kind of stupid'. IMO Technophiles are a major part of the problem - we assume too much.

[MENTION=463718]Newsfeed[/MENTION] please follow up on these three questions for us?

1) Can I unsubscribe from Whatsapp banking using the internet banking portal or by visiting the bank should I choose to? e.g. What if I get a new cell number and the old number is recycled (and I've forgotten to send the unsubscribe message on Whatsapp prior)... and as is typical with these banks, they don't update my records properly when I ask them to - will my bank account potentially be accessible from another person's phone?

2) Do I have to acknowledge the SureCheck message every time I access my account with whatsapp? After a timeout period? When switching to a new handset after reinstalling Whatsapp? In other words, can my Whatsapp be hijacked and the 'new user' access my bank account without the SureCheck message?

3) What was the logic behind developing Whatsapp banking given that you have to be a registered mobile banking client to use it - why introduce a new potential attack vector? Is it really that compellingly useful to people that they turn to Whatsapp instead of their mobile app? What is the value proposition here - convenience in that they don't have to enter authentication information to use it?

Poking holes at any system is a part of securing it, so before you flame, that's all I'm trying to do here. No system is secure - security is also based on probabilities... what are the probabilities of someone you work with even wanting to hijack your phone to access your salary details for example? Probably not high in almost all cases, etc.

What I'd like to see is banks being more proactive with phishing education. How about a short 30 minute online tutorial on how to spot a phishing email? One where you go through a short exam to rate yourself - and one that employers can have their employees go through and pass before being allowed to access the company's banking site? Or you could send granny or grandpa to before they start using internet banking. Perhaps some banks already do this for corporates, but why not make it a public thing? Now that would be innovative.
 
Last edited:

Nephew_

Senior Member
Joined
Sep 2, 2009
Messages
591
#5
I quite like it, just tried it out. You might say why you need this if there is an app? Maybe it uses less data and users can buy cheap Whatsapp bundles.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
37,285
#6
Is ABSA still using SureCheck messages (aka USSD messages) which are subject to Sim Swap?
AFAIK the SureCheck message goes to the ABSA banking app - you need it installed and set up to use Whatsapp banking... that said, Whatsapp will not pass the sim-swap check, so once it's set up, who knows if SureCheck is ever used again?
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
2,546
#7
AFAIK the SureCheck message goes to the ABSA banking app - you need it installed and set up to use Whatsapp banking... that said, Whatsapp will not pass the sim-swap check, so once it's set up, who knows if SureCheck is ever used again?
SureCheck used to be the USSD system.
Not sure if they using the SureCheck name for banking app approvals.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
37,285
#8
SureCheck used to be the USSD system.
Not sure if they using the SureCheck name for banking app approvals.
Well signing up for Whatsapp banking requires a visit to the mobile app to confirm - that much I do know.
 

InfidelGastro

Expert Member
Joined
May 21, 2018
Messages
1,274
#9
Yeah, I set it up and took it for a spin around the block. It works and it looks as though it'll come in handy. Convenient.
 

InfidelGastro

Expert Member
Joined
May 21, 2018
Messages
1,274
#11
AFAIK the SureCheck message goes to the ABSA banking app - you need it installed and set up to use Whatsapp banking... that said, Whatsapp will not pass the sim-swap check, so once it's set up, who knows if SureCheck is ever used again?
Once you've set it up, all you have to do is type "hi" into the WhatsApp ABSA contact and you're good to go.
 
Top