How would you solve the problem of internet banking and SIM-swap fraud?

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,673
#82
Who are you to decide that my number must be unavailable for so long?

(not that my SIM is linked to my primary banking at all)
The current low security procedure should have a longer hold time. I did say that the mobile networks should introduce higher security processes for those wanting better turn around times.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
45,649
#86
My solution have always worked well for me. Never have any money to steal. There problem solved.
No, the solution is to not keep your savings with the same bank/institution as your transactional account (unless very secure online, like Capitec, and even then, don't keep the savings in your cards account , rather in a sub account, then nothing much can happen even if they steal/rob/swipe your card and pin).
 

member2204

Senior Member
Joined
Feb 14, 2006
Messages
617
#87
If your SIM is swapped and then used to call in a bomb threat to parilment, to set off a cellphone bomb, or to download child pr0n, or any other illegal activities YOU will be guilty of it.
No, you won't. There will be investigations and legal process where you can prove your innocence.
 

me_

Senior Member
Joined
Oct 11, 2013
Messages
637
#95
I think the problem here is everyone is trying to plug the leaks in the bath after the bomb has gone off. SMS tokens are additional layers of security and shouldn't be seen as the primary. The issue is that the primary authentication method (password) has been compromised.

The real issue is the phishing emails that are being sent and users not realising. This is in part the user's fault, but we also need to look at email as a whole. The problem is that SMTP allows you to make emails look like they are from a legitimate sender even when it's actually be sent by some zombie server connected to the internet. Email authentication (where the sender is verified) has been around for some time now and would prevent the vast majority of phishing attacks and spam, yet most mail servers do not implement it. Some legitimate emails would be flagged as spam due to practices used by companies, but it wouldn't take long to flag this with the senders and have them correct their automatic mailers.

Some details on Email authentication:
https://en.wikipedia.org/wiki/Email_authentication
 
Last edited:

vic777

Expert Member
Joined
May 6, 2015
Messages
1,219
#96
Banks already pair your phone and app with your internet banking service. Why not use the IMEI and IMSI when processing USSD prompts?
Banks who do check IMSI, like ABSA, get the IMSI from the MNO when you respond to the push USSD message. This is functionality that exists on all MNO's, they just don't all pass the IMSI to the bank. AFAIK there is no way using standard USSD or SMS that the MNO would get your IMEI as well
 

HaNsA

Expert Member
Joined
Jul 13, 2006
Messages
1,874
#97
Sorry to revive this thread. But looking at the number of fraud cases this is something of great concern.

Question, I have a yubikey which I use for Gmail. Do any banks in South Africa support yubikey? This should sort the problem out.
 

rietrot

Honorary Master
Joined
Aug 26, 2016
Messages
10,771
#99
Follow the money and jail the guy eventually withdrawing it from a ATM.

If they can't get the money out of the bank this problem will go away.
 
Top