The Citizen recently revealed how a Vodacom employee, who was part of an SMS banking fraud syndicate, helped to scam banking clients out of R 2.4 million by diverting SMS notifications.
According to The Citizen all the victims of this scam were Vodacom subscribers whose “security chain between the bank and the phone user has been breached.”
This security breach raises serious questions about the safety of SMS banking. SMSs are used by various financial institutions as a secure method of communication, but this incident highlighted the vulnerability of using an SMS based system.
Security problems inside Vodacom – both in the form of a rogue employee and systems allowing such an employee to freely commit fraud – are a cause of concern amoung current Vodacom clients.
Vodacom said that it is unfortunate that a Vodacom staff member, in conjunction with an online banking syndicate, was able to commit fraud. “Vodacom has implemented additional security measures, to ensure that this type of fraud does not happen again,” said Dot Field, Chief Communications Officer of the Vodacom Group.
Field added that Vodacom is working closely with the SAPS and SABRIC (South African Banking Risk Information Centre), and that the relevant employee is in SAPS custody and a criminal charge has been brought against the employee.
Vodacom however dodged questions about whether SMS banking is safe and did not provide any details about the measures it took to avoid the future occurrence of this type of scam.
Vodacom did warn that “due to the immediacy of online banking, consumers are reminded to keep their online banking details secure from any third party”. This advice is however unlikely to put Vodacom subscribers’ minds at ease when the cellular provider itself was partly to blame for the security breach of their clients’ accounts.
SMS banking scam – give your views