The South African Banking Risk Information Centre (SABRIC), on behalf of the banking industry, is cautioning the public about bank crimes that could be prevalent this Festive Season.
“Criminals are always looking for opportunities to defraud their victims, particularly at this time of year when they know that people are winding down for the holidays, and spending their bonuses” says SABRIC CEO; Kalyani Pillay.
SABRIC therefore urges bank customers to be aware of the latest crime trends so that they do not become victims. Lost and stolen card fraud is still on the increase, and bank customers are urged not to accept any assistance while transacting at ATMs. By interrupting or interfering with a bank customer while transacting, cards are swopped, stolen or trapped in the ATM, only to be used later by the fraudster. PIN numbers are easily acquired by shoulder surfing, enabling the fraudster to utilise the card immediately. The public is therefore urged to prioritise the setting of daily withdrawal and transaction limits, according to their needs.
Not only should customers be cautious when transacting at ATMs, but when online as well. Digital banking platforms have made transacting much more convenient, but have also created opportunities for criminals to defraud people.
“Customers must be extremely vigilant when it comes to giving out personal and confidential information” says Pillay.
Criminals can use this information to assume a person’s identity, creating opportunities for them to be impersonated. Although this information does not guarantee them access to banking profiles or accounts, there is the risk that it could be used to commit fraud. Examples of personal information include identity documents, driver’s licenses, passports, addresses and contact details, whereas confidential information includes usernames, passwords and PIN numbers.
In order to minimize the risk of having personal information stolen, bank customers are advised to take note of the following tips:
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
- Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email.
- Don't use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN).
- Keep PIN numbers and passwords confidential.
- Don’t carry unnecessary personal information in your wallet or purse.
- When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag).Always assume that any Wi-Fi network you are using, especially those in public areas, may be compromised.
- Always assume that any Wi-Fi network you are using, especially those in public areas, may be compromised.
- Check to see if your router has any pending firmware updates by logging into the admin page and install any waiting updates.
- Don’t use internet cafes or unsecure terminals (hotels, conference centers etc.) to do your banking.
- Change your password regularly and never share these with anyone else.
- Store personal and financial documentation safely. Always lock these away.
- To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at www.safps.org.za.
- Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer.
- Ensure that apps you are using have end-to-end encryption.
- When using Wi-Fi, even if password protected, best to only connect to websites that use HTTPS encryption. Ensure that you are connected via HTTPS - your browser must show a little lock in the address bar which says "secure“.
- Make use of a VPN (Virtual Private Network) connection, but ensure you get this from a reliable supplier.
To further protect yourself this Festive Season, please go to www.sabric.co.za, follow us on Facebook or on Twitter. And remember to watch out for #Skelm!
***Additional tips to empower bank clients***
- Tips to use ATMs safely
- If you think the ATM is faulty cancel the transaction IMMEDIATELY, report the fault to your Bank and transact at another ATM.
- Avoid ATMs that are dimly lit or surrounded by loiterers, and never allow your children to draw money using your card, since they're the most vulnerable to perpetrators.
- Have your card ready in your hand before you approach the ATM to avoid opening your purse, bag or wallet while in the queue.
- Be cautious of strangers offering to help as they could be trying to distract you in order to get your card or PIN.
- Follow the instructions on the ATM screen carefully.
- ONLY punch in your PIN once prompted by the ATM.
- Report suspicious items or people around ATMs to the Bank.
- Choose familiar and well-lit ATMs where you are visible and safe.
- Report any concerns regarding the ATM to the Bank. Toll free numbers are displayed on all ATMs.
- Be alert to your surroundings. Do not use the ATM if there are loiterers or suspicious people in the vicinity. Also take note that fraudsters are often well dressed, well-spoken and respectable looking individuals.
- If you are disturbed or interfered with, whilst transacting at the ATM, your card may be skimmed, by being removed and replaced back into the ATM without your knowledge. Cancel the transaction immediately and report the incident using your Bank's Stop Card Toll free number which is displayed on all ATMs, as well as on the back of your Bank card.
- Should you have been disturbed whilst transacting, immediately change your PIN or stop the card, to protect yourself from any illegal transactions occurring on your account.
- Know what your ATM looks like so that you are able to identify any foreign objects attached to it.
- Do not ask anyone to assist you at the ATM, not even the security guarding the ATM or a Bank official. Rather go inside the Bank for help.
- Never force your card into the slot as it might have been tampered with.
- Do not insert your card if the screen layout is not familiar to you and looks like the machine has been tampered with.
- Don’t use ATMs where the card slot, keypad or screen has been tampered with. It could be an attempt to get hold of your card.
- Your PIN is your personal key to secure banking and it is crucial to keep it confidential.
- Memorise your PIN, never write it down or share it with anyone, not even with your family member or a Bank official.
- Choose a PIN that will not be easily guessed. Do not use your date of birth as a PIN.
- Cover your PIN when punching the numbers even when alone at the ATM as some criminals may place secret cameras to observe your PIN.
- Don't let anyone stand too close to you in order to keep both your card and PIN safe.
- Some fraudsters wait until you’ve drawn your cash to take advantage. Be wary of people loitering around the ATM and ensure that you are not followed.
- Take your time to complete your transaction and secure your card and your cash in your wallet, handbag or pocket before leaving the ATM.
- Set a daily withdrawal limit that suits your needs (the default amount is set at R1000.00), to protect yourself in an event that your card and PIN are compromised.
- Check your balance regularly and report discrepancies to your Bank IMMEDIATELY.
- Avoid withdrawing cash to pay for goods/services as your Debit Card can be used for these transactions. You are able to use your Debit Card wherever the Maestro/Visa Electron logo is displayed.
- After you have completed your transaction successfully, leave the ATM area immediately. Be cautious of strangers requesting you to return to the ATM to finalise/close the transaction because they are unable to transact. Skimming may occur during this request.
- Prioritise the setting of daily withdrawal and transaction limits.
- Set a daily ATM withdrawal limit that suits your needs.
- Transaction limits should also be in line with daily spending.
- Set limits on international transaction expenditure.
- Inter account transfer limits should also be managed wisely.
- Tips for card holders:
- Review your account statements on a regular and timely basis; query disputed transactions with your Bank immediately.
- When shopping online, only place orders with your card on a secure websites.
- Do not send e-mails that quote your card number and expiry date.
- Ensure that you get your own card back after every purchase.
- Never write down your PIN or disclose it to anyone.
- Report lost and stolen cards immediately.
- Destroy your credit card receipts before discarding them.
- Never let your card out of your sight when making payments.
- Sign your card on the back signature panel as soon as you receive it to stop anyone else from taking ownership or trying to use it.
- Don’t allow anyone to use your card, your credit / debit card is not transferable. Only the person to whom the card was issued is only person authorised to use it.
- If you have a debit, cheque and credit card, don’t choose the same PIN for all of them, so that if your PIN is compromised on one card, the others will still be safe.
- Protect your cards as if they were cash. Never let them out of your sight and ensure that you get them back after every purchase.
- Always check transaction slips for correct purchase amounts before you sign them.
- Keep your transaction slips and check them against your statement to spot any suspicious transactions and query them immediately.
- Make a list of all your cards and their numbers and store it in a safe place.
- While transacting always keep an eye on the ATM Card slot to ensure that your card is not taken out, skimmed and replaced without your knowledge.
- Should an ATM retain your card, contact your Bank and block your card before you leave the ATM.
- Subscribe to your Bank's SMS notification services; this will inform you of any transactional activity on your account.
- Hold the card until the transaction is completed. Ensure that all card security features are present.
- Compare the cardholder’s signature on the card to that on the sales voucher.
- Phone for authorisation if requested to do so by the point of sale device. Make an imprint of the card in the case of a manual transaction.
- Tips to prevent Phishing and Vishing
- Do not click on links or icons in unsolicited e-mails.
- Do not reply to these e-mails. Delete them immediately.
- Do not believe the content of unsolicited e-mails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
- Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.
- Check that you are on the real site before using any personal information.
- If you think that you might have been compromised, contact your bank immediately.
- Create complicated passwords that are not easy to decipher and change them often.
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
- Tips to do internet banking safely
- Ensure that the device you use for internet or mobile device banking has the latest version of antivirus and antispyware software installed from reputable vendors. Robust solutions should identify malware and prompt you to delete it.
- Do not do your banking on a public or unfamiliar computers found at libraries, cyber- or internet cafes and hotels.
- Avoid using Wi-Fi hotspots, and ensure your own wireless network is encrypted before performing any banking transactions on your private computer. Prevent illegal software from being downloaded on your computer by creating administrative rights.
- Be suspicious if you receive lots of spam email or SMS messages. It could indicate that your computer or cellphone has been infected.
- Beware of fake anti-virus software that is offered at no charge, as it could contain malware.
- Do not use unknown devices, such as USB flash drives, on your system, as they may transfer malware unknowingly.
- Avoid downloading pirated software, as it may contain malware.
- Memorise your PIN and passwords, never write them down or share them, not even with a bank official.
- Make sure your PIN and passwords cannot be seen when you enter them.
- If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.
- Choose an unusual PIN and password that are hard to guess and change them often.
- For your security you only have three attempts to enter your PIN and password correctly before you are denied access to your services.
- Register for your Bank’s cellphone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.
- If reception on your cellphone is lost, immediately check what the problem could be, as you could have been a victim of an illegal Sim swap on your number. If confirmed, notify your bank immediately.
- Inform your Bank should your cellphone number changes so that your cellphone notification contact number is updated on the banking system.
- Regularly verify whether the details received from cellphone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately make contact with your Bank and report all log-on notification that are unknown to you.
- Ensure that you are on your Bank’s secure website and not on a ‘spoof’ site that looks like the real website.
- Log onto your Bank’s website by typing in the web address yourself instead of accessing via Google search as it might lead you to a spoofed site.
- Do not use web links that are saved under your favourites and never access your Bank’s website from a link in an email or SMS.
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to see that the URL begins with https rather than http.
- Remember to log off immediately when you have finished banking.
- Never do Internet Banking in public areas such as Internet Cafés, as you never know what software is loaded that may compromise your transactions, PINs and passwords.
- Make sure that no one has unauthorised access to your PC.
- Be especially aware that there are no security cameras trained on your PC and keyboard.
- Make sure that the software loaded onto your PC is correctly licensed.
- Update your operating system and browser with the latest patches.
- Never open suspicious or unfamiliar e-mails or attachments as these often contain harmful programs.
- Never click on links or attachments within suspicious e-mails as harmful viruses, spyware & Trojans may infect your PC.
- Ensure that you have the latest anti-virus applications loaded on your PC. Most Banks provide this free of charge to their customers.
- Install a personal firewall on your PC.
- Being aware of using storage devices (such as memory sticks and portable hard drives), if you make use of them ensure that they are password protected.
- Do not send e-mails that contain personal information such as your card number and expiry date.
- Protect your computer by installing and regularly updating quality antivirus software.
- Install a spam blocker on your system. This will ensure that fraudsters find it difficult to send you phishing e-mails.
- Do not click on links in unsolicited emails and delete them immediately.
- Type in the URL for your bank in the internet browser if you need to access your bank’s webpage.
- Never click on a link to take you to your bank’s website.
- Keep your operating system and browser patches, anti-virus and anti-spy software up to date on your personal computer/laptop or cellphone as they include important security enhancements to help detect phishing sites and malware.
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to ensure that the URL begins with https rather than http. If you think that you might have compromised yourself, report it to your bank immediately.
- Should you realize that you have responded to a phishing mail, change your internet banking credentials immediately and advise your bank.
- Register for SMS notifications so that you can be alerted to any money moving from your bank account, real time.
- Tips to prevent Classified/Holiday Scams
- Do not trust websites you do not know.
- Ensure that you are on a secure website and not a ‘spoof’ site by clicking on the security icon on your browser tool bar to see that the URL begins with https rather than http.
- Don’t fall for offers that are available at a very cheap price. If it seems to be too good to be true, they usually are.
- Register for 3D Secure to secure your card details.
- Do not send emails that quote your card number and expiry date.
- Never click on a link when requested to confirm your banking or personal details.
- Tips to prevent Deposit and Refund Scams
- No ‘refund’ should be made without first verifying with the Bank that the deposit that has been made into your account is indeed valid.
- In addition, you should wait for all cheque deposits to first be cleared before handing the goods over to a depositor.
- Take great care to protect personal information and that of your company; it is through access to this information that perpetrators gain access to you and your organisation.
- Staff dealing with finance in your organisation should be educated about such scams.
- Tips for Carrying Cash Safely
Tips for Individuals
- Carry as little cash as possible.
- Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options).
- Consider making use of cell phone banking or internet transfers or ATMs to do your banking.
- Never make your bank visits public, even to people close to you.
Tips for Businesses
- Vary the days and times on which you deposit cash.
- Never make your bank visits public, even to people close to you.
- Do not openly display the money you are depositing while you are standing in the bank queue.
- Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book.
- It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected.
- If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company.
- Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank.
- Consider arranging for electronic transfers of wages to contract or casual labourers’ personal bank accounts.
Tips for Stokvel Groupings
- Refrain from making cash deposits of club members’ contributions on high-risk days (e.g. Monday after month end).
- Ensure persons depositing club cash contributions or making withdrawals are accompanied by another club member.
- A stokvel savings club or burial society can arrange for members to deposit cash directly into the club’s account instead of collecting cash contributions.
- Arrange for the club’s pay out to be electronically transferred into each club member’s personal account or accounts of their choice.
- Take another person with when going to deposit club cash contributions.
For more information go to www.sabric.co.za
To arrange for interviews with SABRIC CEO, Kalyani Pillay, contact:
Media and Communications Manager
Tel: +27 11 847 3134
Cell: 082 070 5349
Notes to Editors:
SABRIC is a NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principle business is to detect, prevent and reduce organised crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organised bank related financial crime, violent crime and cybercrime, and acts as a nodal point between the banking industry and others, in respect of issues relating to these crimes. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit www.sabric.co.za