Vumacam’s pole-mounted security cameras are being used by insurance companies to investigate crimes against their clients and to clamp down on fraudulent claims, the company’s CEO has said.
MyBroadband had questioned Vumacam over claims made by a reader that the cameras were being used by insurance companies for “non-criminal investigations”.
Vumacam’s FAQ page states that it will only provide personal information of captured individuals (which could include video footage) to third-party security organisations for security purposes.
However, Vumacam CEO Ricky Croock has clarified to MyBroadband that this meant only private security companies had “direct access” to its feeds.
“Where criminal activity has occurred or is suspected, however, access to footage for the purpose of investigation or the apprehension of criminals via security companies is, of course, accessible through a regulated, audited, controlled process,” Croock said.
“This includes law enforcement agencies that can request footage via relevant security companies when a case number is provided,” he added.
Croock confirmed that an insurance company is currently contracted via one of Vumacam’s private security company clients, allowing it to request footage through the Vumacam monitoring service where they believe that criminal activity has taken place, subject to rigorous processes.
In addition, Vumacam is also currently running a proof of concept (POC) with an insurance company with the view to the company being able to obtain footage of criminal activity against their clients, to curb fraudulent activity, and to provide assistance in the case of an accident or emergency.
The viability of this POC will be assessed and determined based on success factors in curbing criminal activity as well as the company’s ability to ensure rigorous controls, regulatory compliance, and vetting and an opt-in from their clients, Croock said.
Croock said that fraudulent insurance claims are a serious problem in South Africa, costing policyholders an estimated R7 billion a year, according to the Insurance Crime Bureau’s figures.
He explained insurance companies (and any other parties) may currently request footage via security companies which have access to Vumacam’s monitoring service in instances where:
- They believe that criminal activity has taken place that has impacted their clients.
- Fraud has been committed.
- To assist with tracking a stolen vehicle.
- Where a client’s number plate may have been cloned.
Preventing criminal access
South Africans may very well be concerned about developments of this nature, particularly in light of recent reports that cellular location-based services were used to plot the assassination of police officer Lieutenant-Colonel Charl Kinnear, who was murdered outside his home on 18 September.
Vodacom and MTN gave WASPs full access to subscribers’ sensitive location data in “good faith”, with the understanding that they will not abuse this data.
The WASPs signed contracts which required them to get consent before they can track a person, but according to a News24 report they sold this information to individuals and private investigators who would pay to track people without their knowledge.
MyBroadband asked Vumacam how it would prevent similar abuse of its monitoring service to nefariously track locations and activities of South Africans.
Croock said the murder and surrounding information on how the crime was committed were of great concern to Vumacam.
“This despicable act has highlighted the importance of increasingly using technology against criminals in South Africa while also ensuring that our systems may not be used for any unlawful reason and may not be used in any manner that counters our crime-fighting purpose,” Croock said.
He explained that Vumacam systems do not process personal data to the extent that it can be used to link an individual to a name or address on its system, as might be the case with cellphone tracking.
Nevertheless, he maintained that Vumacam deploys “every level of security” on its systems to ensure they are not vulnerable.
“Our live feed operates on black-screen technology and operators only have a view when and if an alert is received due to unusual or suspected criminal activity. It would thus be of little use to anyone wanting to use Vumacam feeds to stalk or burgle someone,” Croock said.
“The system only has the ability to track the movement of a vehicle past our cameras when and if its license plate has been inputted due to criminal or suspected criminal activity.”
“This would seriously impede any attempt to constantly track any individual, especially without just reason to do so,” Croock stated.
Extra measures taken
For investigating past incidents or crimes, Vumacam’s search functionality has to be engaged, Croock explained.
“Due to the nature of what Vumacam does, we have high levels of data security, privacy, vetting, training, log-ins with VPN for traceability, and systems in place to ‘watch the watcher’,” he said.
Despite these checks and balances, Vumacam believed improved technology always allows for enhancements to systems and processes and the Charl Kinnear case has prompted a wide-scale look at its systems and processes.
In light of this, Vumacam had taken a number of additional measures to ensure non-susceptibility as far as possible, including:
- Multi-factor authentication (2FA) for the limited and vetted users who have access to its search capability.
- Increased regularity and stringency of search function audits which over and above security company review will also be audited by the Vumacam CIO for any irregular activity.
- Limited and vetted users of our search function may not engage the system for lengthy periods of time and would have to log in to separate search sessions should they require to do so for any investigation. This would be flagged if suspicious.
In addition, the search functionality would be audited and require a valid reason and case number/court order for limited operators to conduct a long-term search.
When access is allowed
Croock noted that footage sought for legitimate reasons may only be requested by external parties through a vetted process.
“We go to notable efforts to ensure our system is secure and safe and we conduct regular penetration testing,” he said.
“Further to this, we ensure all security companies with access to the system are PSIRA-registered and security company employees all undergo criminal screening,” Croock noted.
“While the ability for criminals to unlawfully manipulate any system to their advantage will always exist, we believe that our stringent processes and world-class technology prevent this as far as possible and Vumacam will always seek new, innovative ways to protect against unlawful activity.”