Banking fraud where illegal SIM Swaps are involved, has increased substantially over the last six months.
According to Susan Potgieter, general manager at the commercial crime office of the South African Banking Risk Information Centre (Sabric), the number of incidents was under a 100 in 2011, but has jumped to more than a 1000 in 2012.
While this is still probably a minute number compared with all the cases of fraud being perpetrated in a year, the growth rate of 900% is alarming.
“From the banking industry’s perspective we are worried because we know that these SIM swaps are for the purpose of fraud,” Potgieter said on RSG Geldsake with Moneyweb on Monday evening.
She could not give an amount for the fraud cases where SIM swaps were involved.
Adrian Vermooten, head of digital banking at Absa, said on the same radio show that in more than 90% of these fraud cases it was due to the customer inadvertently giving his or her login details for online banking away – most probably through a phishing email.
This means only a few cases would be as a result of login details being stolen by the fraudster using spyware or keyloggers.
There have been lot of high profile cases recently, where hundreds of thousands were lost, all of which were linked to Absa customers. Vermooten however said that he does not believe Absa is being targeted. “Absa is the largest retail bank in South Africa, there are a lot of clients that use our banking services, but in the end it is an industry-wide problem,” he said.
Johan van Graan, Chief Risk Officer at Vodacom, said that the cellphone network operator has safety measures in place to prevent illegal SIM swaps, but that it is often a case of social engineering where the fraudster has falsified documents to prove that they are indeed the person entitled to request the SIM swap.
He said SIM swaps can also be requested through Vodacom’s call centre where security questions are asked and the identity is verified this way. Van Graan said that Vodacom tries to make SIM swaps as safe as possible, without inconveniencing the clients, with only about 0.2% of all swaps being problematic.
Referring to a court case that set a precedent, stating that all three parties (the bank, the client and the cellphone network operator) should carry some of the responsibility, he said, however, that he feels the cellphone network operator is the least responsible for the money that is defrauded in the end.
The case, Nashua Mobile (Pty) Ltd v GC Pale CC 2012 1 SA 615 (GSJ), found that as there was no evidence that the other pieces of the puzzle required to access the plaintiffs internet bank account were provided by the defendant (the cellphone network party) the defendant could not be held liable.
The case was also highlighted by the Ombudsman for Banking Services of South Africa when Moneyweb asked it earlier what can be done when fraud is perpetrated and a cellphone network operator is involved.