Standard Bank smartphone app security concerns raised
Towards the beginning of 2014, Shandin Thompson’s cellphone number of 15 years and over R5,600 of his savings made their way into the hands of fraudsters through a SIM swap scam.
As has become the sad reality for many victims of such fraud, neither his bank (FNB) nor the operator (Vodacom) were willing to accept any liability for the loss.
It is up to the victim to ensure that their online or cellphone banking credentials are secure, both the banks and mobile operators argue.
On 23 January 2014, around two weeks after the first fraud and while still fighting to get his money and number returned, another of Thompson’s accounts was compromised.
This time it was a credit card account with Standard Bank, and according to Thompson the fraudster appeared to have used the Standard Bank smartphone app to gain unauthorised access to his accounts.
To emphasise: Thompson said that at this stage had a brand new cellphone number with Vodacom, and the fraud was conducted against a different account than before.
Thompson said that based on SMS messages received late at night while he was asleep, the fraudster had registered his Standard Bank credit card account for use with the Standard Bank smartphone app.
The fraudster then used the app to buy airtime, spending over R3,400 on cellular credit in total.
Interestingly, the fraud on his Standard Bank credit card came two days after a scammer’s failed social engineering attempt on the Mr. Price Money call centre regarding Thompson’s account.
A fraudster had previously used services available through Thompson’s Mr. Price Money account to defraud his FNB accounts of over R3,500 in airtime purchases.
Standard Bank was asked for comment on this, but the bank did not respond by the time of publication.
More on online banking fraud and security in South Africa
New online banking fraud scheme in South Africa
Industry insider reveals truth about Internet banking, SIM swap fraud
How scammers hack your bank account