With SIM swopping becoming one of the latest means criminals use to defraud banking customers, it has again become essential for online banking users to strictly apply recommended security precautions to ensure they do not fall victims to online criminals who are continuing to launch "phishing" attacks via the Internet.
SIM swopping involves fraudsters exchanging existing SIM numbers or cards for replacement ones, enabling them to receive one-time passwords that banks send to online clients to carry out online banking transactions. SIM swopping, which is only meant to occur when a SIM card or phone gets lost, stolen or damaged, should not ideally be possible by fraudsters as it requires the presentation of identification.
Importantly, for a one-time password to be of any use to a fraudster, criminals will not only need access to SIM cards and cellphone numbers, they will also need access to the banking details of online banking customers including card numbers and passwords.
It is my experience that customers who carefully follow online security precautions and procedures do not fall victim to this type of crime. Those who do not adhere to these precautions and procedures definitely put themselves at financial risk.
Provided customers have not previously divulged their personal details, including their cellphone numbers, and have followed all six security steps, their online banking will be safe - otherwise customers can fall victim to SIM swops and the delivery of the one-time password will therefore be compromised.
In addition, due to the proliferation of banking channels - such as Internet caf'es - it is in the best interests of banking customers to restrict themselves to using ATMs, cellphone banking and their own PCs and laptops for electronic and Internet banking. Incidents over the past few years have shown that the risks to customers are far greater when they do their banking outside of these channels or neglect safety procedures.
With the rapid growth of Internet banking, banking groups and banking customers throughout SA and in other parts of the world have experienced ongoing waves of phishing attacks employing constantly evolving methods. However, crime levels have been kept to a minimum through regular campaigns advising customers how to protect themselves and giving them clear guidelines about what not to do.
Cyber-criminals are constantly trying to access the banking details of people in various parts of the world in an attempt to clean out their bank accounts.
J"org Fischer is CIO of group IT at Standard Bank.
Phishing is essentially online fraud through which criminals try to gain access to banking details and PIN numbers so they can transact illegally on other people's accounts.
Cyber-criminals, who often take the form of syndicates operating out of Eastern Europe, are constantly trying to access the banking details of people in various parts of the world in an attempt to clean out their bank accounts.
Apart from issuing one-time passwords for online banking transactions, which add an extra layer of security to Internet banking transactions, the security process for online banking can and should include measures such as:
* An SMS alert system that notifies customers of all transactions done on Internet banking.
* Anti-virus - keep anti-virus software up to date as this will guard against new viruses.
* Personal firewall - install a personal firewall which will prevent unauthorised access to computers.
* Microsoft patch management - keep operating systems and browser patches up to date as these often include important security enhancements.
* Card and PIN details - never share your login credentials with anybody.
* Always type in your bank's Web site before logging on to Internet banking. Bank customers should never access Internet banking through a bookmark or saved page.
Customers should immediately contact their service provider if they suspect their service has been terminated without their consent. Customers should also contact their service provider if their service is disrupted.
All banks have service centres that can be contacted in cases of emergency or if customers suspect their cellphone details have been compromised. Customers should verify that no unauthorised payments have been made from their account.
* J"org Fischer is CIO of group IT at Standard Bank.
Share