The ease brought about by modern technology in accessing one’s finances has without doubt been a welcome development. However, with this convenience comes a potentially big headache. As simple as it is for you to get hold of your money, it’s become that much easier for wily criminals to do the same – and without you even knowing.
The terms phishing, spoofing and skimming have become commonplace amongst headlines. Warnings to look out for the invisible people who steal personal information and ultimately your hard-earned money are now more than ever doing the rounds -- and not unwarrantedly, as South Africa faces bank fraud of epidemic proportions. March 2010 statistics show a staggering increase in this disturbing practice, with figures a reported five times more than just a year ago.
First National Bank (FNB) says in March 2007, the fraud amount for industry counterfeited cards was almost R8.5 million, and this nearly doubled the following year to R15.63 million. Fraud figures for March 2009 stood at R17.82 million. The shocker came this March, where figures shot through the roof at R89.68 million.
The South African Police Service (SAPS) says phishing alone cost the economy at least R55 million in 2009 -- a clear indication that in spite efforts from banks to curb fraud, something is still going horribly wrong.
Modus operandi
The three terms -- phishing, spoofing and skimming -- are some times interchanged. Although the basic premise of identity and personal information theft is the same through the three practices, the crimes some times happen in different contexts, which means consumers have a barrage of things to look out for.
In a phishing scam, the identity thieves pose as major banks. They send out many emails, requesting the email recipients to upload their personal banking information (such as their PIN) onto the website, so the bank may update their records. Once the scammers get a hold of the needed personal information, they access the victims’ bank account.
Spoofing, on the other hand, is where the email header of a legitimate company will appear on a message so that the person receiving it believes it originated from somewhere other than the actual source. This type of email is often sent out by spammers to get the receiver to open or even respond to what the spammers are trying to sell. Spoofing is also used by phishers when trying to obtain individuals’ personal information.
The South African Revenue Services (SARS) has also been attacked by criminals where the SARS brand was being used to lure victims. SARS released a statement saying:
"members of the public are randomly emailed with false 'spoofed' emails made to look as if these emails were sent from SARS, but are in fact fraudulent emails aimed at enticing unsuspecting tax payers to part with personal information, such as bank account details."
Examples include emails which appear to be from returns@sars.co.za, or refunds@sars.co.za, indicating that tax payers are eligible to receive TAX refunds. These emails contain links to false forms and websites made to look real. Their sole objective is to get people to enter personal information, such as bank account details, which the criminals take and use fraudulently.
The third type of crime is skimming, where an electronic method of capturing a victim's personal information is used by identity thieves. The skimmer is a small device that scans a credit or debit card and stores the information contained in the magnetic strip. Skimming can take place during a legitimate transaction at a business. It’s some times been reported at restaurants, where patrons give their credit cards to waiters to settle their bills – only to have their card details sent remotely to a network of unseen criminals.
As far back as 2004, ABSA warned ATM users against a new variation of skimming at ATMs. Fraudsters pose as bank employees at ATMs and tell clients that the latest bank procedure to verify their details is for them to swipe their card through a card reader. The skimming device is either attached to the ATM or held by hand. Having entered the card into the reader, the fraudster would then request the client to verify his or her personal identification number [PIN] and other card details. This would take place even before the client has a chance to withdraw money from the ATM.
Once provided with all the above information, the fraudster is then able to produce a fake card and use it to withdraw money from an ATM.
You've been scammed!
The little thought put into slotting a card into swiping devices at convenience stores, ATMs and retailers can sometimes have unintended consequences. This is exactly what happened to Zikho, who had money stolen out of her account by scammers. When she reported this to her bank, the mysterious debit orders were investigated by the bank's fraud division.
Over a period of three months, Zikho was being debited without her knowledge. She says she didn't notice the first two months because the amounts were not very significant.
"It turns out I was being debited from two different places -- both selling airtime. The one company was based in Durban, and the other in Jo'burg. They took R180 in the first month (R90 each), and R260 in the second month. I noticed in the third month because they cleaned me out,” says Zikho.
Luckily for Zikho, the last two debit orders were done within 30 days of each other and the bank was able to refund her the money the unscrupulous companies had stolen.
"They (bank) put a stop order on my account, but the rest that was debited prior to that time was gone for good," she says.
Beyond this, her bank – one of South Africa's major ones – couldn't prove a conclusive correlation between the two companies.
Security
The banking industry has spent millions of rands to prevent crime at cash machines across the country. The worrying fact is that the trend of identity theft keeps growing. The South African Banking Risk Information Centre (SABRIC) and Department of Home Affairs (DHA) have joined hands to help slow down the scourge.
In March this year, SABRIC signed an agreement to give banks in South Africa access to the Home Affairs National Identification System (HANIS), which will allow them to conduct online fingerprint verification of bank clients. It is envisaged that this will reduce the number of ID thieves.
"The project is still in its pilot phase and as a result, its impact in the prevention of ID theft and other related crimes in the banking industry will only be known once it has been fully implemented," says SABRIC CEO Kalyani Pillay.
Prevention measures
Catching cyber criminals is a frustrating business for the authorities. Deputy Director of the National Public Prosecutions, Paul Louw, says that only 5% of cyber criminals are caught and prosecuted globally.
"While issues relating to arrests and prosecution of criminals are in the domain of the SAPS and the [National Prosecuting Authority] respectively, we are aware that the anonymity of the cyber world is often one of the major barriers in the investigation of crimes such as phishing," says Pillay.
In the meantime, consumers have to do their utmost to protect their identities and personal information. Pillay advises the following:
*Written and compiled by Matona Fatman **Sources: NewsNet; Sapa
