Subscribe
About

Sabric lifts lid on digital banking crime stats

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 18 Oct 2022

The digital banking fraud space saw an 18% decline in reported incidents from 2020 to 2021, driven by a reduction in mobile banking fraud incidents.

This is according to the latest Annual Crime Statistics, released yesterday by the South African Banking Risk Information Centre (Sabric), on behalf of the banking industry.

Despite the decline in incidents, there was an increase of 45% in total gross losses in digital banking from R310 million in 2020, to R438 million in 2021, according to Sabric.

Furthermore, the bulk (42%) of digital banking crimes occurred on banking apps, resulting in the greatest portion of gross losses at 49%.

There was a 13% rise in reported fraud incidents on banking apps, which increased from 10 667 cases in 2020, to 12 095 in 2021, it states.

“Banking application fraud and its resulting losses were due to an increase in the number of banking application users, as more people embraced digital technology to transact,” states the report.

“The average financial loss per incident went from R12 315 in 2020, to R17 775 reported in 2021, which is a rise of 44%.”

Sabric CEO Nischal Mewalall adds: “Digital banking products are far safer than in-person banking and enable people to transact from anywhere safely. But criminals have adjusted their social engineering tactics to leverage your data from social media and data leaks, making their efforts to manipulate customers difficult to spot.”

Sabric reveals that phishing and one-time PIN (OTP) vishing scams, to obtain customer bank details, remain the most prominent fraud methods in the digital banking fraud space.

These methods were often used in combination, or as one segment of a broader scheme, it states.

“Although fraudsters obtained their victims’ private information through social engineering techniques, they also exploited vulnerabilities in the management of critical data, and sourced usernames and passwords saved on various devices or multiple applications.

“A popular form of vishing used by scammers is to phone a victim, impersonate a bank official or service provider and use social engineering skills to manipulate the victim into disclosing confidential information, which is then used to defraud them.”

Sabric also notes that no compromise of banking apps have been confirmed, to date.

“A tactical part of these modi operandi (MO) was the interception of transactional verification tokens, like OTPs and random verification numbers. This was achieved through SIM swaps via the unsuspecting bank client’s mobile service provider.”

The number of incidents involving SIM swaps increased from 2 686 incidents in 2020, to 4 386 reported in 2021, according to the report.

Mobile banking fraud

According to Sabric, fraud incidents reported in the mobile banking channel decreased by 47% between 2020 and 2021, with a total of 21 106 incidents reported in 2020, compared to 10 998 incidents in 2021.

“Mobile banking fraud makes up the second-largest portion of digital banking crimes, comprising of 38% of reported incidents. Despite this, mobile banking fraud has the lowest gross losses at 4%.

“Enhanced detection measures implemented by banks have curbed fraud losses in this channel. Smishing (SMS phishing) is the preferred method used by fraudsters to get confidential information via mobile banking channels.

“It is similar to phishing, but instead of e-mails, text messages are sent to potential victims, requesting them to call a number or click on a link, which then tricks them into revealing their confidential banking information.”

As with banking apps and online banking fraud, Sabric indicates those committing mobile banking fraud may also require a SIM swap via the victim’s mobile service provider.

“In 87% (9 571) of mobile banking fraud incidents reported to Sabric in 2020, SIM swaps were part of the MO. These increased to 93% (19 730) in 2021.

“Another commonly reported MO used in the mobile banking channel in 2021 was the ‘known party’ or ‘friendly fraud’ practice.

“Losses generally consist of airtime or electricity purchases, as well as other instant cash-sending transactions.”

Mewalall further warns that online shopping can be unsafe because fake websites are being used to defraud consumers of their money, or to harvest their credit card data.

In certain instances, scammers have even delivered inferior products to create the impression that the website was legitimate, he notes.

“We are making inroads in combating banking and financial crime in South Africa. We have trained more than 900 SAPS and NPA personnel on banking products and related evidence.

“Working closely with the DPCI, we have also established task teams across provinces to aggressively address prioritised banking crime threats.”

The outbreak of COVID-19 lit a fire under South African consumers’ online shopping habits, with many purchasing an array of goods and services online, including fast-food, groceries, liquor, clothing, electronics and certain types of medication.

A World Wide Worx study revealed SA’s e-commerce sales reached a tipping point in 2020, growing by 66% from 2018.

Similarly, First National Bank’s Merchant Services forecast explosive growth in the local e-commerce market, saying it will reach more than R400 billion by 2025.

Share