The South African Banking Risk Information Centre (Sabric) has published its 2021 crime statistics, showing a significant surge in money stolen through digital fraud, particularly banking apps.

Although the overall number of reported digital fraud incidents dipped by 18%, gross losses jumped 45% — from roughly R310.48 million in 2020 to about R438.24 million in 2021.

Sabric said social engineering techniques, including phishing, fishing, smishing, email hacking and business email compromise, continued to prevail and were the most prominent techniques employed in digital banking fraud.

“These methods were often used in combination or as one segment of a broader scheme,” Sabric stated.

The number of reported fraud incidents on banking applications increased from 10,667 in 2020 to 12,095 in 2021.

“This means that almost 42%, the bulk of digital banking crimes occurred in this segment and, as a result, saw the greatest portion of gross losses at 49%,” Sabric said.

“The average financial loss per incident went from R12,315 in 2020 to R17,775 reported in 2021, which is a rise of 44%.”

SIM swaps play a significant role in app fraud

The centre said the increase was primarily due to the higher number of banking application users, adding that no banking app had experienced a compromise to date.

Sabric said one popular form of vishing used by scammers was to phone a victim, impersonate a bank official or service provider, and use social engineering skills to manipulate the victim into disclosing confidential information.

Attackers then use this information to defraud the victim.

Fraudsters would then use the information provided to access bank accounts through various means — including performing a SIM swap so that they can intercept transactional verification tokens, like one-time pins (OTPs) or random verification numbers (RVNs).

Such fraudulent SIM swaps climbed over 63%, from 2,686 incidents in 2020 to 4,386 in 2021, reported Sabric.

The chart below shows the monthly number of banking application fraud incidents and the resulting gross losses between January 2020 and December 2021.

It also shows how many fraudulent SIM swaps related to banking app fraud occurred over the period.

Fortunately, the picture looked better when looking at the online banking and mobile banking categories as a whole.

Average losses in online banking fraud decreased from R37,308 in 2020 to R33,781 in 2021.

However, this was still the highest average value in losses from the three main categories.

Similar to banking application fraud, phishing and vishing were the most common vectors used in online banking fraud.

SIM swaps also increased in this category, although Sabric did not specify by how much.

The graph below shows the number of online banking fraud incidents, the resulting gross losses, and SIM swaps related to online banking over the past two years.

Mobile banking fraud saw a radical decline in reported incidents — from 21,106 to 10,998.

“Enhanced detection measures implemented by banks have curbed fraud losses in this channel,” Sabric said.

It said SMS-based phishing was the preferred method used by fraudsters to get confidential information via mobile banking channels.

“It is similar to phishing, but instead of emails, text messages are sent to potential victims, requesting them to call a number or click on a link which then tricks them into revealing their confidential banking information,” Sabric explained.

87% (9,571) of mobile banking fraud incidents reported to Sabric in 2021 involved SIM swaps as part of the modus operandi.

Sabric said another commonly reported fraud method used in the mobile banking channel in 2021 was the “known party” or “friendly fraud” practice.

“In this type of scam, an individual, known to the victim, who is physically near the victim and/or their device, accesses the device and conducts transactions on the mobile banking platform without the victim’s knowledge,” Sabric said.

“Losses generally consist of airtime or electricity purchases, as well as other instant cash-sending transactions.”

The graph below shows mobile banking fraud incidents, gross losses and SIM swaps related to these cases between 2020 and 2021.

