How would you solve the problem of internet banking and SIM-swap fraud?

rietrot

Honorary Master
Joined
Aug 26, 2016
Messages
10,756
Should a cage fall down around the ATM or what?
Do you know how bank accounts work?

1 money goes out of your account, because fraud.
2 money goes into the account of the criminal. The banks have this details, the criminals are FICA'd, you cannot have a bank account without the bank knowing who you are.

It's a little bit complicated if they transfer the money out of SA, but everyone linked in SA can easily be identified and send to jail. With cooperation between police and banks they should easily be able to recover most money.
 

deweyzeph

Executive Member
Joined
Apr 17, 2009
Messages
6,561
Do you know how bank accounts work?

1 money goes out of your account, because fraud.
2 money goes into the account of the criminal. The banks have this details, the criminals are FICA'd, you cannot have a bank account without the bank knowing who you are.

It's a little bit complicated if they transfer the money out of SA, but everyone linked in SA can easily be identified and send to jail. With cooperation between police and banks they should easily be able to recover most money.
I think the process is falling down at the FICA stage. Clearly FICA doesn't work. Like so many laws, it just inconveniences innocent people, and the real criminals use fake IDs and proof of addresses. It seems pretty clear that the authorities are unable to trace the real owners of bank accounts used to siphon the money out of vicitims' accounts.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
45,619
Do you know how bank accounts work?

1 money goes out of your account, because fraud.
2 money goes into the account of the criminal. The banks have this details, the criminals are FICA'd, you cannot have a bank account without the bank knowing who you are.

It's a little bit complicated if they transfer the money out of SA, but everyone linked in SA can easily be identified and send to jail. With cooperation between police and banks they should easily be able to recover most money.
Guess you missed the recent article threads about SIM swap fraud (the R3.1 million headlines) that explains it.

People (called money mules) let other people (the criminals) use their bank accounts (also the "less FICA" accounts for those without an address), so the person withdrawing the money at the ATM is not the account holder.
 

3WA

Expert Member
Joined
Sep 25, 2012
Messages
4,291
People (called money mules) let other people (the criminals) use their bank accounts (also the "less FICA" accounts for those without an address), so the person withdrawing the money at the ATM is not the account holder.
Are the money mules not also criminals?
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
13,603
Capitec have the dongle/app.
FNB is slowly moving everything to the APP.

Absa/Std are so crap it doesn't really matter..
It’s simple.. use a secure channel. SMS is a non-secure 3rd party channel and OTP an unencrypted pin in the clear.. this should make people who designed this cringe.

Reality is you need to either secure the channel or the content. FNB uses intersekt ? (they own the patent, secure channel push for banking) for sending Auth requests which is considered safe as it requires authorized app.. (app auth takes a few days to be trusted not hours). But this assumes you are “online”.

An alternative is sending app link via the SMS which has an encrypted seed to generate the OTP. Ie securing the channel much like http does for https but offline. Hazard here is unsolicited SMS links but again.. there are ways around this and since it is an app link (not website) stupidity of user is the barrier.

The problem as I see it though is
1. User training
2. Smart device requirement (FNB gets around this via device subsidy/lease purchase.. Discovery model)
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
13,603
PS. SMS is preferred over data link as data link is not guaranteed especially considering travel.. SMS works for cheap abroad hence the (ab) use and requires a 2.5G signal is is very prevalent globally and in SA even in the remote parts.
 

eg2505

Honorary Master
Joined
Mar 12, 2008
Messages
13,637
sms's are inherently insecure and vulnerable, also not time guaranteed, as a SMS can take days.

one needs something more secure, like FNB app verification, to prevent sim swap fraud.

or if offline is required, a 2FA solution using authenticator and a shared key, like how google uses its systems.
 

rietrot

Honorary Master
Joined
Aug 26, 2016
Messages
10,756
Guess you missed the recent article threads about SIM swap fraud (the R3.1 million headlines) that explains it.

People (called money mules) let other people (the criminals) use their bank accounts (also the "less FICA" accounts for those without an address), so the person withdrawing the money at the ATM is not the account holder.
Being a money mule is being a criminal. Arrest them to and send them to jail. Get the info of who is borrowing their accounts and close the accounts and blacklist these idiots from having an account. That's what the money laundering legislation is there for.
Also ATMs have cameras.

If the banks really want to stop this fraud tomorrow, they can, but they are taking a middle ground were they don't want to close 1000's of dodgy accounts. Only trying to go after the real syndicate leaders. When it is so much easier just to cut their feet off.

If the banks really wanted to they can freez all the account the money gets send to faster than what someone can withdraw a few thousand at a time from ATMs. The biggest issue is identifying something is wrong.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
45,619
PS. SMS is preferred over data link as data link is not guaranteed especially considering travel.. SMS works for cheap abroad hence the (ab) use and requires a 2.5G signal is is very prevalent globally and in SA even in the remote parts.
A hardware token is even better, no network required.
 

rietrot

Honorary Master
Joined
Aug 26, 2016
Messages
10,756
A hardware token is even better, no network required.
The syndicates will find ways around that and bribe people inside the bank to give them access to accounts. No technical solutions will solve these problems. Sim cards and sms is just as safe if there aren't people involved.

The problem isn't the technology, but people.
 
Top