The Postbank's cyber challenges have spilled onto the services it offers to South African Social Security Agency (SASSA) grant beneficiaries.
The bank says withdrawal of funds at ATMs has been suspended for the month of December. It advises SASSA grant beneficiaries – using the Postbank-issued gold cards – to withdraw their monies from any retail outlets nationwide that provide the cashback functionality.
In addition to this development, attempts to access Postbank’s website via the Google Chrome browser bring up a privacy error message that reads: “Your connection is not private. Attackers might be trying to steal your information from www.postbank.co.za; for example, passwords, messages, or credit cards.”
This comes on the back of news reports that the financial solutions provider is losing millions due to cyber crime incidents, many of which it attributes to the social grants system.
According to Postbank, the suspension of its ATM service comes after it uncovered a series of network attacks by criminal elements on its system.
It reveals it has been experiencing a number of technical glitches in recent months, which have disrupted the smooth withdrawal of social assistance benefits.
The bank notes criminal elements have been determined to commit systematic ATM card fraud-related crimes on Postbank payments, using a sophisticated modus operandi, which requires further investigation.
“As a mitigating exercise, and in consultation with our partners following the resurgence of these criminal activities at the inception of the December payments, it has become necessary that Postbank suspends SASSA grant withdrawals at ATMs for those clients using the PostBank-issued SASSA gold cards.”
It reveals that a team of professionals, assisted by experienced external experts, as well as law enforcement agencies, have been assigned to deal with this challenge, adding that “great progress” has been made to close down all avenues used by these criminals.
“Postbank is aware of the impact this change in payment channels will have on the social grant beneficiaries and other stakeholders, and we apologise for the inconvenience.
“Social grant beneficiaries are also assured the Postbank-issued SASSA gold cards are still valid and have not expired. Therefore, beneficiaries should not be misled into changing the cards unless they wish to do so on their own accord.”
It further advises it will notify social grant beneficiaries when ATM transactions via the SASSA gold cards are available again.
For now, social grant beneficiaries can make their withdrawals from retail merchants, such as Shoprite, Checkers, Usave, Pick n Pay and Boxer.
Postbank adds that grant recipients can use the SASSA gold cards to make purchases at any place that accepts bank card transactions, as they function fully within the national payments system, similarly to any other bank card.
Postbank CEO Lucas Ndala last week lifted the lid on the extent cyber crime is having on the organisation’s business.
Ndala told Parliament’s Portfolio Committee on Communications that, while still subject to a forensic audit, Postbank has experienced quite a number of cyber incidents from last year to date, indicating these are in relation to the social grants beneficiary system.
“This has resulted in us undertaking a number of interventions to reduce the number of incidents on the system; we’re doing quite a lot of work to ensure we can mitigate some of the control weaknesses that have been identified.
“In line with this, we’ve received approval and are busy with our IT modernisation project that will allow us to move from the post office environment and create our standalone IT environment – this will be an IT environment that is tier three compliant.”
Providing a breakdown of the recent cyber incidents, he said the first took place around October 2021, amounting to a total loss of R89 million. “This is part of the bigger forensic investigating that’s currently under way, to identify the incidents and potentially help us with the remedial action.”
Another cyber fraud incident recorded in August resulted in losses of R5.8 million, while in September, losses reached R3.9 million. Ndala revealed that in October, there was a fraud incident on the UBS – the Postbank’s banking system – that amounted to R9 million.
He indicated that some of the action taken was to review and revoke access to the system, to improve controls so there is better management.
Detailing some of the intervention measures, Ndala stated: “Privileged access has been better controlled to ensure we are in control, including removing third-party access for some of our support vendors and ensuring that accessing is only granted on a needs basis.
“We are also ensuring we deploy fraud detection tools, which has helped us to mitigate some of these incidents.
“We are also looking at auditing of databases to ensure any changes are tracked and interventions are made timeously. We believe the IT modernisation will help us refresh the infrastructure and ensure we are fine.”
Share