MTN says it will release an outline of the progress of its investigation into a fraudulent SIM swap that was partially responsible for a charity loosing R90 000 at the end of last year.
The telecommunications provider, in conjunction with the National Prosecuting Authority (NPA), initiated the inquiry after Cape Town non-profit organisation, the Novalis Ubuntu Institute, lost R90 460 as a result of various identity theft tactics.
MTN spokesman Ntombizodwa Mhangwani says progress of the investigation into the SIM swap will be released later this week. "This matter is still being investigated by our fraud department, together with the NPA. We view this to be a serious offence and are taking all steps necessary to ensure it never happens again."
In mid-November, after criminals had stolen the identity of the Novalis Ubuntu Institute's CFO, Anne-Lise Bure-Shepherd, they cancelled her SIM card and had MTN issue a replacement card. This allowed the criminals to receive a one-time password (OTP) to access the account and transfer its funds to other accounts.
The company says it is not solely to blame for the incident. "The perception exists that all this fraud is as a result of MTN's processes failing when, in fact, the victim is partially to blame for not protecting sensitive information such as bank account numbers and passwords."
Mhangwani says the fraudsters already had enough information on the victim to defraud her, such as spy software on her machine and bank account details: "Essentially information that could not have been obtained from MTN."
Donation not compensation
Meanwhile, the institute's account holder, Standard Bank, confirmed that it donated R40 000 to the Novalis Ubuntu Institute. However, it says the amount was not in compensation for the cash stolen from the account.
At the time of the theft, Standard Bank director of self-service banking Itumeleng Monale said Bure-Shepherd appeared to have been a victim of a phishing attack. "The institute confirmed receiving a phishing e-mail. Although the client is not confirming that they responded to the phishing mail, all the evidence suggested their details were compromised and the modus operandi of the fraudsters is consistent with a phishing compromise."
Despite the client compromising their details, the fraudulent transaction would not have been authorised, nor would the fraudster have been able to transact without an OTP, Monale said. "[An] OTP is a unique and secure code sent to a customer every time certain transactions take place."
According to Monale, the criminals would not have been able to gain access to the password if the SIM swap had not occurred. "The breakdown in the security procedure lies with the mobile operator. The customer's cellphone SIM card gets falsely declared stolen by the fraudster at the service provider. A replacement SIM card is issued, rendering the customer's original SIM card void."
Standard Bank says there are no further developments from its side, as the matter is being investigated by the police.
Stricter SIM security
MTN has acknowledged the rise of fraudulent activities using SIM swaps and says it is in the process of creating stricter controls over SIM changes.
Says Mhangwani: "This process needs to change and we are implementing an auto SMS function to inform the subscriber that a SIM swap has been requested on his/her account prior to proceeding with the SIM swap transaction, to allow the subscriber time to contact MTN in the event that they did not request one."
When ITWeb questioned the validity of the new system, in light of a situation when a phone is, for example, stolen, redirecting a SIM swap message back to the criminal instead of the victim, MTN chose not to provide an explanation on the matter. However, Mhangwani says: "MTN will continue to investigate such activities and ensure that MTN systems protect customers from such fraudulent activities."
Related stories:
Cops intensify e-crime fight
Standard, MTN point fingers in fraud case
Share