Online and mobile banking fraud is a huge problem in South Africa, with an estimated R260 million stolen from 23,466 South Africans last year.
Despite increased security measures from banks, there was a 75.3% increase in online and mobile banking fraud in 2018.
At the root of this crime is SIM-swop fraud and number porting, where criminals try to gain access to a target’s mobile number.
Armed with access to a mobile number, criminals can create new online banking beneficiaries, make payments to these beneficiaries and even change the victim’s online banking credentials.
This raises the question of how you will know you are targeted, and what you should do when it happens to you.
How you will know when you are targeted
For every SIM-swop or number port request, the user will get an SMS which informs them about the request (see the screenshot below).
Should they miss this SMS, the illegal SIM-swop or number port may go through, which will result in them suddenly losing their network connection.
Both these cases should set the alarm bells ringing, and users are advised to take immediate action when this happens.
Here is what the mobile operators advise you do when you have fallen victim to this crime.
Cell C explained that its SMS alert has an option for the user to respond by replying Yes or No to activate or decline the port.
“The user should request the port to be rejected immediately after the request has been sent,” Cell C said.
“Alternatively, the user can contact Customer Care by dialing 061 000 7007 to reject the port.”
The company added that a user has approximately an hour to reject the port. “A successful port is completed between 19h00 – 23:00 on that day,” it said.
There is no way for users to pro-actively block their number from being ported, but Cell C said it is looking at ways to implement a verification system.
Jacqui O’Sullivan, MTN SA’s executive for corporate affairs, told MyBroadband the abuse of number portability to facilitate fraud has seen an increase in the recent past.
This increase in fraud resulted in ICASA drafting new regulations which include requiring a one-time pin to verify the port.
“We believe that this opt-in process is particularly necessary to protect prepaid subscribers whose only verification on porting is a Caller Line Identity validation,” O’Sullivan said.
Regrettably, she said, these regulations are not yet effective, as one of the operators is challenging this through the courts.
“Consequently, donor operators are currently limited in requesting a confirmation from the requesting party but may not reject the port request if no response is forthcoming.”
What to do when you receive a posting SMS
At the moment, customers receive an SMS prompting them to accept or decline the porting of their number. If they decline the port, then the port request is immediately cancelled.
If there is no response, then within the agreed-upon time period, the port is automatically approved and the process continues.
The receiving of the SMS and decline or approval occurs within an agreed service level of one hour.
If the customer is unable to respond to the SMS, they can call the contact centre and request a port cancellation.
A Vodacom spokesperson explained that a client will receive an SMS that there is a port request out on their number.
The SMS will prompt the customer to respond by sending “1” if the request is fraudulent.
If the customer fails to respond within 50 minutes of receiving the port SMS, the default action is that the port is processed.
Vodacom said that while there is currently no way for a client to block their number from being ported, they are working on such a system.
“We are in the process of developing measures that will provide better protection to customers,” Vodacom said.
“As matters stand, we are limited in terms of what we can do so as not to transgress the current regulations.”