Banking app fraud warning
Digital fraud is rising at alarming rates, with fraudsters targeting banking apps more than ever before.
This was explained by Nazia Karrim, Head of Product Development: the Southern African Fraud Prevention Service (SAFPS) and Nischal Mewalall, CEO of SABRIC, on SABC News.
Recently, the South African Banking Risk Information Centre (SABRIC) released its Annual Crime Statistics Report for 2023, which revealed that South Africans lost almost R3.3 billion in 2023 due to financial crimes across more than 1.59 million reported incidents.
This amount is the value of the actual losses, and it includes the immediate monetary amount that was stolen or the value of transactions that were executed fraudulently, including unauthorised transfers.
Put differently, this is the out-of-pocket amount that customers lost.
The total or potential losses, which refers to the estimated financial impact that occurred due to fraud and represents what criminals attempted to steal, is much higher, at more than R23 billion.
Cybercrime has seen the most alarming increase, with digital banking fraud surging by 45% and related financial losses rising by 47%.
Fraud on the banking app has become the dominant threat, accounting for 60% of all digital banking crimes, with a staggering 89% year-on-year increase.
Banking apps have become the go-to, with many South Africans now using their phones for all of their transactions.
However, with this added convenience, there are also added risks.
According to Mewalall, a big reason for the jump in digital and banking app fraud is that when people lose their phones, they do not take the correct steps to notify their bank and their cell phone providers.
“Device theft, which is something quite hot at the moment,” Karrim said. According to the South African Police Service (SAPS), an average of 189 cell phones are stolen daily in South Africa.
When someone snatches a phone while you are using it – for example, while the victim is walking while talking on their phone – that phone is still unlocked, which makes it easier for criminals to commit fraud.
Once these fraudsters have stolen a phone, they can access the passwords that many people store on their devices or even add their own fingerprints.
This gives them access to any of the applications that use biometrics on that device, Karrim said.
Alternatively, fraudsters can activate a password reset.
“Through the process of having the device and activating a password reset, they begin to engage with the codes that allow you to reset your application,” Mewalall said.
“There are other techniques as well, but these are the two most common ones that we’ve observed.”
For banks, stopping this fraudulent activity is not always straightforward.
“Each bank has their own systems on the backend that allows them to analyse their own customers’ behaviour,” Mewalall said.
While some banks pay attention to the entire customer profile, others pay attention to specific types of transactions.
In general, all banks have the ability to perform this type of monitoring, but the key issue is that not all banks have the permissions they need to stop fraudulent transactions.
“The key issue here is not really the bank’s ability to monitor, but rather it’s the permissions that are given to the bank in order to respond when certain types of activity are detected.”
For example, when a customer is put under duress, it’s highly unlikely that a bank would stop that transaction because their life is more important than the financial loss.
For example, Ulrich Janse van Rensburg, Chief Fraud Strategy & Analytics Officer at Absa Everyday Banking, has warned that the bank has seen a rise in kidnappings.
Though not common, some individuals have been targeted and forced to transfer funds.
In cases like this where a customer is in danger and declines a transaction, the bank may choose not to intervene to avoid escalating the situation, Janse van Rensburg said.
“If we’re on a call with a customer, we don’t want the customer at that point in time to alert us that they’ve been hijacked because that’s going to put them in danger.”
Additionally, it would be very difficult for an employee to decide on someone’s financial well-being versus their life.
“So in those instances, we try not to intervene,” Janse van Rensburg said.
So banks often find themselves in a difficult, risky position when deciding whether to block a transaction, Mewalall said.
Comments