SIM swap banking scam: what you need to know

why now all of a sudden is Emty-n acting like a concerned body. This guy talsk about fraudulent sim swaps, yet they have no measures in place to control fraudulent sim swaps and also don't accept any responsibility. Too little too late if you ask me
 
MTN has put in place necessary security checks to validate authenticity of SIM-swaps.
Click to expand...

Well clearly MTN's security checks are inadequate, or are not properly implemented, or are not monitored... so much so that they themselves then say:

Unfortunately, fraudsters have exploited this process to commit fraudulent SIM-swaps on customers.
Click to expand...

Come on MTN... get the right guys for the job... make sim swaps a secure back office operation, not performed at insecure branches, with sneaky casual sales staff!
 
Bottom line is they need your pin and if you are dumb enough to let go of that then you my friend are fail.

Also how can the service providers be held accountable for the money loss...
think about it...let's say they send the pin via google mail....
will you claim your loss from google if hacked your account?

I say bring on the secure devices again. digitags....
I'll even pay...
 
Last edited:
Most of these cases of fraud start with the user giving away their personal info to phising emails. It's amazing how many people still click on those email links.

A lot of these syndicates span both the banks and cell phone companies however.
 
Step 1: ignore phishing emails

If failure to comply with Step 1,
Step 2: change your internet banking password / suspend your internet banking the moment your cellphone SIM becomes inactive.
 
Another trick you can do is to lower your daily limit to R1000. (Yes, I know that it's gonna be a schlepp etc). This only applies if you're totally paranoid. :D

Banks should also enforce a limit of R1000 on branch transfers/transfers between other banks, unless advised otherwise by the client.

And increase it for the day only when you need to do shopping for groceries etc.

So if the ne'er-do-wells get their grubby little paws on your details, the least they can do is to withdraw/transfer R1000 daily.

This will do well for Joe Soap to prevent his account from being emptied completely.

SME (and larger) businesses will need to enforce their own policies etc.
 
The_Librarian said:
Another trick you can do is to lower your daily limit to R1000. (Yes, I know that it's gonna be a schlepp etc). This only applies if you're totally paranoid. :D

Banks should also enforce a limit of R1000 on branch transfers/transfers between other banks, unless advised otherwise by the client.

And increase it for the day only when you need to do shopping for groceries etc.

So if the ne'er-do-wells get their grubby little paws on your details, the least they can do is to withdraw/transfer R1000 daily.

This will do well for Joe Soap to prevent his account from being emptied completely.

SME (and larger) businesses will need to enforce their own policies etc.
Click to expand...

Do you really think people dumb enough to click on the phising links will go through all that trouble? On a side note, I've seen a software architect working in the bank lost R30k once because she believed the phising email ......
 
drukkie said:
I say bring on the secure devices again. digitags....
I'll even pay...
Click to expand...
I agree, the Banks know that the SMS system is not that secure, but make the customers fully responsible. Give us secure devices to use.

The_Librarian said:
Another trick you can do is to lower your daily limit to R1000. (Yes, I know that it's gonna be a schlepp etc). This only applies if you're totally paranoid. :D

Banks should also enforce a limit of R1000 on branch transfers/transfers between other banks, unless advised otherwise by the client.

And increase it for the day only when you need to do shopping for groceries etc.

So if the ne'er-do-wells get their grubby little paws on your details, the least they can do is to withdraw/transfer R1000 daily.

This will do well for Joe Soap to prevent his account from being emptied completely.

SME (and larger) businesses will need to enforce their own policies etc.
Click to expand...
Problem is that once the scammers get into your account and have swapped your sim, they can change the limit again and clear you out.
 
The_Librarian said:
Another trick you can do is to lower your daily limit to R1000. (Yes, I know that it's gonna be a schlepp etc). This only applies if you're totally paranoid. :D

Banks should also enforce a limit of R1000 on branch transfers/transfers between other banks, unless advised otherwise by the client.

And increase it for the day only when you need to do shopping for groceries etc.

So if the ne'er-do-wells get their grubby little paws on your details, the least they can do is to withdraw/transfer R1000 daily.

This will do well for Joe Soap to prevent his account from being emptied completely.

SME (and larger) businesses will need to enforce their own policies etc.
Click to expand...

With ABSA you can change the limits online. Requires SMS verification. Oops ...
 
It would be interesting to know exactly how the crime was committed. My guess is that if MTN is the weak-point then you are 90% to a compromised bank account already. Because once their customer system is compromised you might as well get the payment method (with Bank account number), e-mail address, ID number (which includes date of birth) and a bunch of other information from the system. Then you can use that to craft a phishing e-mail that contains a lot of details and the only thing you have to do is to get the user to disclose their password and pin. And because a lot of people use the same PIN for banking that they use for cell phone service PINs you might even have their PINs. I don't know if it still is the case, but back when I was an MTN subscriber the PIN was verbally verified when you called a call center so I would assume that the PIN is visible to the call center agents.

Meanwhile back at ABSA HQ:
Underling: Boss, somebody is stealing from our client's accounts.
Boss: Yes I know.
Underling: Sorry, let me clarify. Somebody OTHER THAN US is stealing from our client's accounts.
Click to expand...
 
biometrics said:
With ABSA you can change the limits online. Requires SMS verification. Oops ...
Click to expand...

Yep, same with FNB. Once you log in it's very easy to go and increase the limits to whatever you fancy, get the OTP SMS and you're sorted.

mybroadband.co.za article said:
However, Eddie Moyce, Chief Customer Experience Officer at MTN SA, has now provided valuable details about SIM swap banking scams.
Click to expand...

Please could someone explain where they provided valuable details about this? Not being funny and maybe I simply missed it but I didn't see anything new in terms of information regarding how the crooks manage to so easily do SIM swaps without the actual owner's permission or involvement. How are MTN's "measures" bypassed so easily and why aren't the guilty parties (stores/employees linked to the SIM swap) investigated or suspended/fired? In the first article MyBB published regarding the lady who had this happen to her it mentioned the store that did the SIM swap (or whose details were used) and that one of the employee's login details were used to do the swap... Has anything been done? Surely if you know where it was done and who's login details were used to access the system to do the swap you have somewhere to begin?

Would love to actually see a story about how MTN and/or ABSA is actually taking proper steps to curb this problem and making headway... fat chance I 'spose. Happy I moved away from ABSA and MTN last year.
 
Is it really impossible for the service provider to trace where the sim swap happened and who did it?
 
cbrunsdonza said:
Warning: Problem exists between Service Provider and Bank, replace Service Provider and Bank then try again :)
Click to expand...
MTN and ABSA are among the most expensive available in their respective industries, so their users are already paying a hefty stupid tax...

On top of this, they're not getting fleeced further.

Why anybody stays with them is beyond me...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter