{"id":77224,"date":"2013-06-17T14:16:26","date_gmt":"2013-06-17T12:16:26","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=77224"},"modified":"2013-06-17T14:17:56","modified_gmt":"2013-06-17T12:17:56","slug":"internet-banking-fraud-should-we-keep-using-sms","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/77224-internet-banking-fraud-should-we-keep-using-sms.html","title":{"rendered":"Internet banking fraud: should we keep using SMS?"},"content":{"rendered":"<p>South African mobile network operators <a title=\"Telkom Mobile\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/515780-Telkom-Mobile\">Telkom Mobile<\/a>, <a title=\"Cell C\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/213919-Cell-C\">Cell C<\/a>, and <a title=\"Vodacom\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/227063-Vodacom\">Vodacom<\/a> all have systems in place that let banks flag potentially fraudulent transactions based on whether a subscriber\u2019s SIM has been recently swapped.<\/p>\n<p>\u201cSMS remains a secure method of authentication,\u201d Telkom Mobile said when asked whether they are taking steps to ensure that the short message service remains a secure second factor of authentication for online banking.<\/p>\n<p>\u201cIt is the theft of SIM card details that enables the fraudulent activity,\u201d <a title=\"Telkom\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/227037-Telkom\">Telkom<\/a> said.<\/p>\n<p>According to Telkom, they have an interface that can be queried to find out if a SIM has been swapped which banks can use to minimise fraudulent activity.<\/p>\n<p>Cell C has a similar system, a spokesperson for the network recently told MyBroadband, explaining that the information is made available to banks in real time.<\/p>\n<p>\u201cAt the moment, only <a title=\"FNB\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/307757-FNB-First-National-Bank\">FNB<\/a> (directly) and <a title=\"Nedbank\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/313855-Nedbank-Group\">Nedbank<\/a> (through Intersect) are using the capability with Cell C,\u201d the spokesperson said. \u201cHowever, we are in discussions with the other banks.\u201d<\/p>\n<h3 class=\"my-4\">Other ways to prevent SIM swap fraud<\/h3>\n<p>Vodacom said that they too have a database that banks can use to see recent SIM swaps and handset changes, but noted that the starting point of Internet banking fraud is the ability of criminals to get hold of customers\u2019 banking details.<\/p>\n<p>\u201cIf this information is secured, the SIM swap part of the fraud process becomes irrelevant,\u201d Vodacom said.<\/p>\n<p>That said, Vodacom added that they have implemented a number of features to help protect subscribers against unauthorised SIM swaps:<\/p>\n<ul>\n<li>A warning SMS is sent to customers before a SIM swap is completed. If it is unauthorised, customers should immediately call Vodacom.<\/li>\n<li>A service where participating customers can elect to have all interaction with Customer Care subject to PIN authentication rather than answering security questions.<\/li>\n<\/ul>\n<p>Vodacom pointed out that subscribers who have registered for the call centre PIN authentication service should ensure that their PIN is not compromised to help protect them from fraud.<\/p>\n<p>One has to wonder whether it\u2019s worth all this effort, for both the operators and banks, to try and keep SMS as a second factor of authentication for online banking.<\/p>\n<p>Would a key fob or authenticator app keyed to your smartphone such as those used by <a title=\"Capitec\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/370968-Capitec\">Capitec<\/a> be such a great inconvenience compared to SMS?<\/p>\n<p>Perhaps there is a financial incentive for the operators to keep using SMS?<\/p>\n<h3 class=\"my-4\">Banks already exploring alternatives to SMS<\/h3>\n<p>According to Cell C and Vodacom, the financial impact on them if banks decide to move away from SMS as an authentication mechanism would be minimal.<\/p>\n<p>\u201cCurrently, the bulk of SMS volumes from banks are related to credit card swipes and notifications of payments in or out of accounts,\u201d Cell C said.<\/p>\n<p>The spokesperson for Cell C went on to say that banks are already exploring other notification systems to protect secure information, such as USSD messages.<\/p>\n<div id=\"attachment_75811\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-75811\" class=\"size-full wp-image-75811\" alt=\"Adrian Vermooten\" src=\"http:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/04\/Adrian-Vermooten.jpg\" width=\"600\" height=\"400\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/04\/Adrian-Vermooten.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/04\/Adrian-Vermooten-250x166.jpg 250w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-75811\" class=\"wp-caption-text\">Adrian Vermooten<\/p><\/div>\n<h3 class=\"my-4\">Absa plugged into operator SIM swap databases<\/h3>\n<p><a title=\"MTN\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/226943-MTN\">MTN<\/a> did not respond to requests for comment on this issue, but feedback from the head of Absa\u2019s digital division, <a title=\"Adrian Vermooten\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/308085-Adrian-Vermooten\">Adrian Vermooten<\/a>, suggested that MTN does have an interface banks can use to look up recent SIM swaps.<\/p>\n<p>According to Vermooten, they currently use the SIM swap database interfaces provided by Vodacom and MTN.<\/p>\n<p>He said that they don\u2019t use Cell C\u2019s interface yet because it is brand new, but confirmed that they are in discussions with the operator to link into it.<\/p>\n<p>Vermooten went on to explain that a SIM swap in itself is not a flag for fraud, but that it\u2019s just one of the factors considered when evaluating whether activity on an account might be fraudulent.<\/p>\n<h3 id=\"related\">More infosec and online banking fraud news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/77196-sa-first-in-africa-for-malware.html\"><strong>SA first in Africa\u2026 for malware<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/77110-government-spyware-servers-in-south-africa-telkom-govt-mum.html\"><strong>Government spyware servers in South Africa: Telkom, Govt mum<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/77022-aarto-website-hack-are-you-at-risk.html\"><strong>AARTO website hack: are you at risk?<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/76938-internet-banking-fraud-what-can-be-done.html\"><strong>Internet banking fraud: what can be done?<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/76904-shocking-reality-about-sim-swap-fraud-and-money-lost.html\"><strong>Shocking reality about SIM swap fraud and money lost<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/banking\/70572-beware-sa-bank-card-limits-dont-apply-overseas.html\"><strong>Beware: SA bank card limits don\u2019t apply overseas<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile operators comment on how secure SMS is and how it would affect them if banks switch to another authentication method<\/p>\n","protected":false},"author":15,"featured_media":76540,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[2186,7265,355,35,42,109,689,41],"class_list":["post-77224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-absa","tag-adrian-vermooten","tag-cell-c","tag-headline","tag-mtn","tag-telkom","tag-telkom-mobile","tag-vodacom"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/77224"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=77224"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/77224\/revisions"}],"predecessor-version":[{"id":77310,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/77224\/revisions\/77310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/76540"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=77224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=77224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=77224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}