South African banks have advised against using public Wi-Fi connections for online banking.
This follows a recent statement from ESET Southern Africa CEO Carey van Vlaanderen, who warned that South Africans should be wary when connecting to public hotspots.
“We have a situation where the networks are not authenticated at all, or where you have to authenticate and give your personal information to unknown parties,” she said.
She said cybercriminals often create malicious hotspots in public areas where they steal personal information which you send over the Internet through a man-in-the-middle attack.
These hotspots are not easily identifiable as malicious and often have a very similar network name (SSID) to the official public Wi-Fi hotspot in the area.
A number of South Africans may even use online banking when connected to a public Wi-Fi hotspot, making them a prime target for this type of attack.
We asked South African banks how they secure their networks and whether their customers should use public Wi-Fi for online banking.
FNB said it recommended that customers use its banking app rather than online banking, as it is zero-rated.
“FNB strongly recommends the use of our award-winning banking app for our customer’s day-to-day banking needs as well as for when travelling abroad,” the bank said.
“It is preferable that customers connect to their cellular network.”
“Within South Africa using the FNB banking app does not incur data costs for the customer – the customer just needs an active mobile connection.”
The bank told MyBroadband that its online portals are securely encrypted in line with industry standards, which means that all data sent between customers and the bank cannot be intercepted.
“At FNB we use industry-standard security protocols to ensure that all information between customers and FNB is encrypted,” FNB said.
Absa head of fraud strategy Ulrich Janse van Rensburg told MyBroadband that security measures are implemented to prevent man-in-the-middle attacks on unsecured networks.
“At Absa, we build our systems in line with the highest local and global security standards and apply very strict protocols on both our app and online services to ensure the safety of our customers,” Janse van Rensburg said.
“We apply security measures to protect our customers on any data platform – public Wi-Fi included. Our app and online services are safe to use.”
However, Absa recommends that customers avoid public Wi-Fi due to the potential exposure to malware or spyware.
“We do however discourage our customers from using public Wi-Fi or public devices for the purposes of banking,” Janse van Rensburg said.
“These public platforms (Wi-Fi or devices) may be used to install other malicious software (including malware) to the unsuspecting customer which could be used to source the customer ‘keys to the safe’ (card PIN, card CVV, card One Time PIN (OTP), online banking PIN or online banking password) and be used for malicious vectors such as phishing.”
“In summary, we discourage the practice and recommend that customers download our latest mobile banking app,” he said.
“It is the safest way to bank and customers qualify for a free Digital Warranty if they adopt the latest controls.”
Nedbank said that all communication between its servers and clients is encrypted, but recommended that users avoid public hotspots.
“All electronic communication that happens between our client’s device (whether phone or computer) and Nedbank’s systems happens via a custom encrypted channel so that nobody listening in on the WiFi communication can read that information,” the bank said.
“That being said, it should be remembered that no public Wi-Fi can ever be deemed totally safe, because the client’s device may be compromised in other ways.”
“We therefore recommend that our clients do not make use of public WiFi without a trusted VPN (Virtual Private Network) that encrypts all communication that passes over the WiFi channel,” the bank added.
Nedbank also recommended that clients use the latest antivirus software on relevant devices and also ensure their devices have been patched with the latest system updates.
Standard Bank said that it uses HTTPS to secure its banking sessions, but added that customers should avoid untrusted networks.
“Any network owned by someone you don’t trust can pose a threat,” the bank said. “We use HTTPS/TLS for all internet banking activity to protect users banking sessions from tampering.”
“Customers should be cognizant that there may be other threats to their devices on the open network (and in public spaces generally).”
“Customers should ensure that the public WiFi provider is trusted and reputable – what they should never do is bank from public or shared computers,” the bank added.