A spate of online banking fraud, using key-logger software, has got the commercial banks scratching their heads about how to engage Internet caf'es to help improve security, the banks say.
During the past month, several members of various syndicates have been arrested and tried on fraud charges in Gauteng, KwaZulu-Natal and the Western Cape for installing spyware or software that logs keystrokes, and then using people`s passwords to clean out their accounts.
"Security is a partnership between a bank and its customers. The real risk comes around when using third-party hardware and something probably needs to be done to raise awareness at places such as Internet caf'es," says Christo Vrey, GM of digital channels, Absa.
Vrey says a lot depends on how these parties manage their physical infrastructure, as this could often be the weak link in the security chain.
"We have identified several `security chokepoints` in the online banking system. For instance, the ability to create new beneficiaries for an account; in such a case one needs an eight-digit code and only then will that beneficiary be paid," he says.
Herman Singh, Standard Bank`s director for technology engineering, says the banks are constantly looking at new ways to review the security settings for their online offerings.
"The on-screen pop-up pads - a keypad that constantly moves around the screen - could be compromised by new generations of key-logger software, although we have not come across any cases of that yet. However, there are other security settings that come into play, such as `mynotification`, which is an SMS that alerts one to any transaction taking place," he says.
Victim`s tale
ITWeb spoke to one online banking fraud victim in Cape Town, who said her account was compromised earlier this month through key-logging software at a PostNet branch.
According to the victim, she popped in to top up her credit card account and then went to see a film.
"Because I had turned off my cellphone, I did not get the SMS alert that my account had been accessed and about R3 000 was taken out without my authorisation. It all happened in a matter of minutes," she says.
According to the victim, her bank refunded her the full amount within three days and issued her with a `digitag` - a device that provides randomly generated numbers to use as authorisation codes.
Chris Kotze, CEO of FNB Online, says fraudsters are using a number of devises to get key-logger software onto third-party hardware.
"Sometimes they install a little pipe gadget that plugs between the keyboard and the PC, and other times they just walk into an Internet caf'e and download spyware without the owners knowing," he says.
Low awareness
A senior official at one of the major commercial banks says the financial institutions are wondering how to engage Internet caf'es and other public PC providers.
"Something has to be done, especially in the high tourist areas such as Cape Town where Internet banking is really an important tool for travellers," he says.
ITWeb found that security awareness was quite low at several central Cape Town Internet caf'es.
At one caf'e, a waiter said: "Online banking security is the bank`s problem not ours."
Another caf'e owner said he just told his clients not to do any Internet banking from his premises.
"I really don`t know who comes in and out, so I cannot vouch for anyone`s privacy and what people are doing," he said.
Related stories:
Scorpions arrest Internet banking scammer
Scorpions probe banking syndicate
Share