The Banking Association South Africa
  • About us
  • Member login
  • About us
  • Member login

Bank Crime

  • Board Members
  • Member Banks
  • Committees
  • Associations
  • Annual Reports
  • Memorandum of Incorporation
  • Banking Sector POPIA Code of Conduct

BANK CRIME

Our member banks are continually upgrading their systems to ensure their clients safety when transacting either locally or internationally. Crime affects everyone and as such bank clients should consistently be vigilant to potential threats to the security of their bank accounts which can be compromised in the various methods (online or physically) they choose to transact.

The onus is on bank clients to ensure that they appropriately protect themselves. This section highlights the, but not limited to the list, scams which may affect bank clients such as; ATM Fraud, Card Fraud, Card Skimming theft, Cash theft, Change of banking account details scams, Cheque fraud scams, Identity an personal information fraud, phishing scams, point of sale theft and vehicle account rescue scams.

ATM FRAUD
The Automated Teller Machine (ATM) offers bank customers a simple and convenient way to transact nationally 24 hours a day without going into the bank. The first two ATMs in South Africa launched in 1977 changed the way South Africans bank. Today, banks and independent ATM service providers continue to roll-out ATMs throughout the country to increase access to basic banking services for all citizens.

However, the large number and increased usage of ATM’s have made it possible for criminals to devise various scams such as card skimming, card swopping, ATM shoulder surfing and card trapping in ATM’s (using the ‘Lebanese’ loop).
TIPS TO AVOID BECOMING A VICTIM OF ATM FRAUD

  • Use ATM’s where you feel the most comfortable.
  • Be vigilant and avoid using the ATM where suspicious-looking individuals are loitering.
  • Have your card ready in your hand before you approach the ATM.
  • Do not use the ATM if it appears to be tampered with or damaged.
  • Do not accept help from strangers at an ATM, especially when you experience difficulty with the transaction and do not allow anyone to distract you.
  • Shield the ATM keypad with your hand to prevent people seeing when you enter your PIN.
  • Never disclose your PIN to anybody, not even to the bank or police.
  • Press the Cancel key, withdraw your card and proceed to an alternative ATM if you feel the ATM is not functioning correctly.
  • Use the help line and/or nearest phone to contact your bank and/or police if your card gets jammed, retained or lost, or if someone interferes with you at an ATM.
  • Take your time when transacting and ensure your cash and card are carefully secured in your wallet, handbag or pocket before leaving the ATM.

CARD FRAUD

Perpetrators use a variety of Card Fraud methods and keep changing their approach to trick their victims. The most common Card Fraud types in South Africa at present include Counterfeit Card Fraud, Lost and Stolen Card Fraud, False Application Fraud and Card Not Present Fraud. Card Fraud is difficult for the banking industry because perpetrators prey on the vulnerabilities of bank customers and do not target banking systems.
COUNTERFEIT CARD FRAUD
Counterfeit Card Fraud involves illegally manufactured cards that use personal information stolen from the magnetic strip of a genuinely issued card. In other cases, lost and stolen cards or old cards are encoded with the new information that was stolen from a genuine card for purposes of committing Counterfeit Card Fraud. Perpetrators usually use card skimming devices to steal the information needed for Counterfeit Card Fraud.
CARD NOT PRESENT FRAUD
Card Not Present (CNP) Fraud refers to a fraudulent transaction where neither the card nor the card holder is present at the point of sale. CNP transactions can be conducted when orders for goods, travel or accommodation are placed telephonically, by internet, mail order or fax.
LOST CARD FRAUD
Lost Card Fraud refers to fraudulent transactions conducted on a valid issued debit or credit card after the card holder has lost his or her card.
STOLEN CARDS FRAUD
Stolen Card Fraud refers to fraudulent transactions performed on a validly issued debit or credit card that was stolen from a legitimate owner.
FALSE APPLICATION FRAUD
False application Fraud occurs when fraudulent transactions are conducted on an account where the card was acquired by falsifying a card application. Since the introduction of legislation such as FICA and the NCA, banks have become more rigorous in application verification procedures and False Application Fraud has declined by over 90% from the 2007/2008 high.
ACCOUNT TAKE OVER FRAUD
Account Takeover Fraud occurs when a perpetrator poses as the legitimate account holder and takes over someone’s account and then uses the account for their own benefit. Access to personal information is used by perpetrators to pose as their victims for both Account Takeover Fraud and False Application Fraud.
NOT RECEIVED ISSUED CARD FRAUD
Not Received Issued Cards Fraud relates to validly issued credit and debit cards that are intercepted before they reach the authentic customers and used for fraudulent transactions.
TIPS TO AVOID BECOMING A VICTIM OF CARD FRAUD

  • Always follow your card and never let the card out of your sight when making payments.
  • Report any suspicious behaviour by the person to whom you have handed your card when making payments immediately to your Bank.
  • Never accept help from anyone at an ATM, even people who appear to be bank staff or security.
  • Be familiar with your ATM construction, this way you will notice any foreign objects attached to it.
  • Never use an ATM that is tampered with or visibly damaged. This could be a trick to get you to use another ATM in close proximity where a device is mounted.
  • Suspicious foreign objects or people loitering around ATMs should be reported to your bank immediately.

TIPS TO AVOID BECOMING A VICTIM OF CARD NOT PRESENT FRAUD

  • Always check your bank statements for suspicious transactions.
  • Shred or burn bank statements, receipts and financial information when disposing of them.
  • Never let another person use your card and do not leave your card or your card details lying around.
  • Never divulge your PIN to anyone.
  • Make use of the card security products offered when transacting with online merchants.
  • Ensure you only place orders with your card on a reputable and secure website when shopping online.
  • Do not send e-mails that include card details such as your card number, expiry date or other details.
  • Report any irregular transactions on your bank statements to your bank immediately.

CARD SKIMMING THEFT

Card Skimming or card cloning uses a Card Skimming device to fraudulently copy bank customer details stored on the magnetic strip (brown/black strip at the back) on a debit or credit card. Whenever you present your card for payment you run the risk of being skimmed. However, the majority of skimming incidents in South Africa are recorded around ATMs and, to a lesser extent, at retail merchants when bank cards are presented for payments. The customer and card information stolen with skimming devices is often used to manufacture counterfeit (duplicate) cards which criminals use to make fraudulent transactions on a victim’s account.
CARD SKIMMING AROUND ATMS
Card fraud perpetrators use various scams and social engineering tactics to trick naïve ATM users and skim their bank cards. These are some of the most widespread scams:
SKIMMING OF CARD AND SHOULDER SURFING CUSTOMER PINS
The perpetrators approach unsuspecting ATM users prior to or after concluding a transaction and claim to work for the bank. The target is advised to ‘re-activate’ their cards by swiping the card through a ‘card reactivating device’. The ‘card reactivating device’ is actually a hand held skimming device. This type of skimming requires accomplices to loiter around the ATM shoulder surfing for the customer PINs. The perpetrators use the stolen card information to manufacture a counterfeit card and match the customer PIN to the new card to make fraudulent transactions.
ATMS THAT ARE TAMPERED WITH OR DAMAGED
Customers should never use ATMs that seem damaged or tampered with because this creates opportunity for card fraudsters to take advantage:

When a customer is confronted with an ATM that is damaged or tampered with, the perpetrator will approach the customer and use social engineering tactics to take the customer’s ATM card. The customer is often escorted to another ATM in order to assist the customer to make a withdrawal.

The card is then secretively skimmed on the way to the second ATM with a hand held skimming device. The victim is handed back their card without noticing that it has been skimmed. The interaction between the perpetrator and the customer creates trust and the perpetrator often stands next to the customer while the transaction is conducted. The perpetrator will memorise the customer’s PIN when it is keyed in.

The unsuspecting customer will only realise they have fallen victim to a scam when money is withdrawn from their account.
CARD SKIMMING AT RETAIL MERCHANT POINT OF SALES
Criminals often collude with staff working at retail outlets such as waiters or cashiers. The card fraud perpetrators provide business staff with hand held skimming devices and reward them for skimming customers’ cards.
TIPS TO AVOID BECOMING A VICTIM OF CARD SKIMMING THEFT:
ATM SAFETY TIPS:

  • Never give your card to someone at an ATM for any reason.
  • Never let anyone assist you at an ATM, even if they appear to be a bank official or security personnel.
  • Beware of people standing close to you when you are concluding transactions at an ATM.
  • Ensure you hide your pin when keying it into an ATM.
  • Never use an ATM that looks tampered with or damaged.
  • Always use an ATM in a well-lit area.
  • If possible, use an ATM that is monitored by a CCTV camera.

SHOPPING SAFETY TIPS:

  • Ensure your card never leaves your sight. Most restaurants and shops have portable card swipe machines so there should be no reason for your card to leave your presence. If the person needs to use a different machine always accompany that person.
  • Ensure that your card is not swapped for another card after paying.
  • Use cash instead of your card if you have any suspicions.
  • Monitor you bank statements for any unusual transactions.
  • If married, reconcile your account transactions with your spouse on a regular basis.

CASH THEFT

Criminals are always alert to the opportunity to take advantage of people who carry cash on their person. Carrying cash has several benefits but also raises legitimate safety and security concerns. Robberies can occur when you are on your way to deposit money or after you have made large cash withdrawals.
WHEN DO YOU RISK CASH THEFT?

  • Regularly carrying cash to make deposits at a particular bank branch.
  • Drawing cash to pay employees.
  • Making cash deposits for a stokvel or burial society.
  • Drawing cash to pay retail accounts.

TIPS TO AVOID BECOMING A VICTIM OF CASH THEFT?

  • Avoid transacting with large sums of cash, try to use alternative payment methods such as your card, cheques or electronic facilities.
  • Always be observant when carrying large sums of cash. If you suspect you are being followed, report to the police immediately.
  • When carrying large sums of cash do not allow anyone to distract you and avoid conversations with strangers.
  • Avoid informing people, even close associates, when you are going to draw or deposit money at a bank.
  • Keep the amount of money you carry a secret, boasting about it may put you at risk.
  • Do not carry cash in bank bags or other means which may imply you are moving cash.

CHANGE OF BANK ACCOUNT SCAMS

Criminals are always on the lookout for fresh new ways to make easy money. However, the majority of fraud is just old ideas that catch new people. Businesses must be aware of business-to-business Identity Theft scams that involve the fraudulent diverting of payments into accounts not belonging to suppliers.

Perpetrators of this scam usually assume the identity of a supplier. The fraudsters may call the targeted business to introduce themselves as the new account manager at a supplier that holds a contract with the business. An email or a letter using fraudulent letterheads is sent to inform the targeted business of changes in banking account details. The perpetrators will request all future payments be paid into the new account. The new bank details belong to an account under the control of the fraudsters.

This is an old scam, but the perpetrator’s attention to detail makes these communications seem authentic, which can turn unsuspecting businesses into easy targets. These perpetrators ensure that correspondence from the targeted business to verify the notification is diverted to a member of their group who will confirm the instruction to be legitimate. Businesses should take their time to verify the notifications for change in banking details from their suppliers even when under pressure to do so at the end of the month, unless of course the legitimacy of the notice is certain. Businesses should always ensure that they are satisfied with the validity of supplier communications.

Having rapport with individuals in the supplier’s office is the easiest way to confirm these types of requests telephonically with a trusted source. Where feasible, businesses should train staff in proper supplier relationship management procedures and how to be alert to slight tweaks in e-mail addresses and other details of communications.
TIPS TO AVOID BECOMING A VICTIM OF CHANGE OF BANKING ACCOUNT DETAILS SCAMS:

  • Verify all notices of changes in bank account details.
  • Beware of false confirmation e-mails from almost identical e-mail addresses, such as .com instead of co.za, or slight variations from genuine addresses that can be easily missed.
  • It is essential that identity of the person your business is dealing with is confirmed at all times.
  • Ensure you always shred and never throw away your business (and suppliers) invoices or any communication material that contains letterheads.
  • Verify any request for or changes to information with the supplier over the telephone, ideally with someone you know and have known for some time.
  • Use your database contact details to confirm notifications for any changes of banking details via official correspondence with your suppliers (such as a letter), preferably before processing the next payment.
  • Do not publish your bank account details on the internet. This private information can be used fraudulently to trick genuine customers into making payments to alternative accounts.
  • Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be suitably verified.

These simple precautions can ensure that your business does not fall victim to bank account detail scams.

CHEQUE FRAUD SCAMS

A Cheque is a signed, written instruction you give to your bank to pay money out of your account. Cheques are a handy way to make payments without having to use cash. Savvy money management skills require that you should be aware of the security measures to take when handling Cheques. Despite the decline in Cheque usage, Cheque Fraud remains one of the largest challenges facing business and financial institutions. The victims include financial institutions, businesses or customers that accept and issue Cheques.

Generally, Cheque Fraud looks like a legitimate business transaction. The perpetrator will approach the targeted business entity with an urgent order for goods or services and a promise for immediate payment. The promise is often supported by proof of cash deposit or electronic payment. However, the payment is made with a bogus or fraudulent Cheque. This Cheque is not honoured by the bank and leaves the business or customer out of pocket. Anyone who receives payment must verify that the payment was made in cash and if it is a Cheque payment wait until the Cheque clears before releasing the goods.

Advanced computer technology has allowed significant amounts of Cheque Fraud through counterfeiting to copy or create duplicates and chemical alteration to manipulate information. The majority of Cheque Fraud is stopped before any losses occur, still Cheque Fraud costs millions of Rands each year. In some cases, banks receive business Cheques removed from legitimate Cheque books for large amounts of cash. It is not uncommon for perpetrators to collude with business or domestic staff to steal and forge signatures of owners with signing power. Banks have preventative measures to verify the validity before payment such as telephonic confirmation. Sometimes, the perpetrators will circumvent these measures by hijacking communication attempts by pretending to be the client. To avoid the financial losses associated with Cheque Fraud, customers need to be vigilant about suspicious Cheque deposits. Here are some practical tips to help avoid becoming a victim:
TIPS TO AVOID BECOMING A VICTIM OF CHEQUE FRAUD:

  • Always keep your Cheque book in a safe place.
  • Advise your bank as soon as you suspect fraud on your account or have lost your Chequebook.
  • Keep the returned Cheques locked away in a safe place.
  • Report lost stolen or missing Cheques immediately.
  • Ensure you complete the payee details tab in full and include the amount in figures as closely as possible.
  • Include your account number in the payee line when making account payments.
  • Use crossings appropriately.
  • Always mark crossed Cheques “not transferable” to help prevent fraud.
  • Reconcile bank statements regularly.
  • Use alternative payment methods such as cash, electronic, card or cell phone banking.
  • Do not use Cheques made out to cash if possible.
  • Shred old outdated Chequebooks.
  • Do not carry Chequebooks unnecessarily on your person or in bags, briefcases or vehicles.
  • Ensure to stop payments if a Chequebook is misplaced or stolen or misplaced to prevent fraudulent use of the Cheques. Cheques are a valuable commodity to criminals irrespective if the signature is present or not.
  • Never sign blank Cheques because fraudsters can simply complete the details to suit themselves.
  • Always write out payee details in full and do not use abbreviations.
  • Do not post Cheques.
  • Do not release goods even if a bank Cheque is presented, without checking with your bank.
  • Do not advertise your banking details.
  • Wait until the Cheque has cleared before drawing money.

IDENTITY/PERSONAL INFORMATION FRAUD

The theft of Personal Information, otherwise known as Identity Theft, is one of the leading contributors to a successful fraud. Identity Theft is a type of fraud which involves stealing money or gaining other benefits by acquiring Personal Information and pretending to be someone else.

Perpetrators target victims indiscriphminately and Identity Theft can take place when the victim is deceased or alive. The consequences of your Identity being compromised can be emotionally devastating and can have a direct impact on your personal finance. This can make it difficult to obtain loans, credit cards or a mortgage until the matter is resolved.
WHAT IS PERSONAL INFORMATION?
PERSONAL INFORMATION INCLUDES ALL INFORMATION THAT IS UNIQUE TO YOU, SUCH AS:

  • Your ID document or driver’s license.
  • Passport.
  • Payslips.
  • Credit card information.
  • Municipality statements.
  • Cheque books and bank cards.
  • Banking details.
  • Telephone records.
  • Card PIN numbers and Internet banking passwords.

WHAT CAN CRIMINALS DO WITH YOUR PERSONAL INFORMATION?
Criminals can use Personal Information to assume your Identity and acquire retail or bank accounts, or even defraud your insurance, medical aid and UIF.  In some instances, perpetrators go to your bank and make transactions on your accounts while impersonating you.
TIPS TO AVOID BECOMING A VICTIM OF PERSONAL INFORMATION OR IDENTITY THEFT

  • Do not disclose Personal Information over the internet or telephonically, without knowing exactly who you are disclosing the information to and what it will be used for.
  • Be careful when you enter competitions or answer surveys because sometimes these are scams to source your information. ‘Getting to know you’ emails are another trick perpetrators use to acquire Personal Information.
  • Carefully consider the information you disclose electronically. This includes personal profile information on your business website, social networks, chat rooms and other online media.
  • Do not carry all your identification documentation with you, unless absolutely necessary. Generally, only one document is necessary to conduct daily transactions, the rest should be locked away securely.
  • Ensure your filing is always secure. Documents can be stolen or copied if left in your car or office.
  • Always shred documents that contain Personal Information instead of throwing them away. Your rubbish bin is a great source of information so ensure your documents are unreadable before you dispose of them.
  • Delete all Personal Information and format the hard drive of any electronic devices such as cell phones, PDAs or computers before you release the item.
  • Ensure your Personal Information is subject to a confidentiality clause and cannot be sold or used for anything other than the specified purpose before you disclose it.

As a consumer you have the right to obtain one free credit report each year from each credit bureau. Use the report from Compuscan, Experian, Transunion ITC and Xpert Decision System to check if institutions have made enquiries about you. This could indicate that your details have been used without your authorisation.
WHAT TO DO IF YOU ARE A VICTIM OF PERSONAL INFORMATION THEFT

  • Report the crime to the police immediately.
  • Notify your bank, insurance company and other entities where you currently are a client.
  • Notify the party that issues the stolen document(s) such as the Department of Home Affairs for passports and ID books and the Traffic and Licensing Department for driver’s licenses.
  • If you suspect that your mail may have been stolen, diverted or tampered with contact the post office.
  • Contact the South African Fraud Prevention Services (SAFPS) for assistance if you are a victim of ID theft (SAFPS Help-Line number is 0860 101 248).

Perpetrators use a number of techniques to gather Personal Information for Identity Theft purposes. Two of the most prominent methods are Phishing and Shoulder Surfing and Card Skimming.

PHISHING SCAMS

Phishing is a method of deceitfully obtaining personal information such as passwords, identity numbers, credit card details and sometimes, indirectly, money. Perpetrators might call you or send e-mails that appear to be from trusted sources such as banks, other financial institutions or legitimate companies.

Typically, Phishing emails request that users obtain, verify or update contact details or other sensitive financial information by clicking on a link in the email that directs users to a spoofed website (a website designed by criminals to fool users into thinking that it is legitimate).

Spoofed websites look almost identical to the legitimate website of a well-known financial institution or business. Phishing emails, which are a form of spam, are sent by the thousands to consumer email accounts. The perpetrators use forms on these fake websites to trick recipients into disclosing their personal information.
TIPS TO AVOID BECOMING A VICTIM OF PHISHING SCAMS

  • Never respond to emails from your bank that requests your personal details. No bank will ever ask you to confirm or update your account details via email.
  • Never use a link in an email to access your bank’s website. Instead, always use the web address you were given when you signed up for internet banking. Type the web address in your browser and ensure the site is secure by looking for the “lock” icon on your browser before logging on.
  • Do not open emails from unknown sources. Even if the title and sender details appear to be related to your bank delete them immediately.
  • Keep your online ID, password or PIN private. Never write these details down or share them with anyone, not even with a bank official.
  • Do not save your Internet Banking password on your desktop, laptop, cell phone, PDA or other electronic device.
  • Create longer passwords that combine letters (lowercase and capitals) and numbers that cannot be attributed to you. Avoid passwords that are too personal, too simple such as 1234 and don’t duplicate one password for multiple accounts.
  • Never leave your computer unattended after you have entered your Internet Banking password.
  • Always log off or sign out at the end of a session.
  • Avoid using computers for Internet Banking in public areas such as Internet cafés or other places where multiple unknown people have access.
  • Change your PIN and passwords frequently.
  • Remember to place sensible transaction limits on your accounts.
  • Ensure that you have up-to-date anti-virus software applications on devices you use to access Internet Banking. You should also frequently update security patches for your operating system.
  • Only provide your credit card details to reputable companies.

POINT OF SALE THEFT

Point-of-sale systems use mainstream software to accept payments, connect to banks and other financial institutions, transfer funds, store personal information, manage sales inventory and much more. Hackers are continuously looking for opportunities to breach established security protocols using a technique known as port scanning. Hackers do this either for self-gratification or as part of a crime syndicate.

In today’s data driven society, personal information has become a commodity and hackers use malware infections on POS systems and backdoors with remote access to hijack information. All types and sizes of business establishments are vulnerable to Cyber-attacks. Preventative measures and detection techniques can help reduce the frequency and size of losses.
TIPS TO AVOID BECOMING A VICTIM OF POINT OF SALE THEFT:

  • Change factory default administrative passwords on all POS systems because hackers are always scanning the internet for easy passwords to crack.
  • Implement a firewall or access control list on remote access/administration services, and only use secure proven technology for remote access.

HACKERS CANNOT STEAL FROM POINT-OF-SALE SYSTEMS THEY ARE UNABLE TO REACH. IN ADDITION TO PREVENTING HACKERS FROM REACHING YOUR POS SYSTEM, CONSIDER:

  • Avoid using POS systems to browse the web or perform any tasks on the Internet for that matter.
  • Ensure your POS is a PCI DSS compliant application.
  • If a third-party vendor manages your POS system, it is recommended that you ask for confirmation on the above. If possible, obtain documentation from the vendor as proof of completed tasks.

Following these simple practices will save money, time and other troubles for your business and your customers.

VEHICLE ACCOUNT RESCUE SCAMS

Vehicle account rescue scams target vehicle owners who are experiencing financial difficulties and who are trapped by vehicle instalment or lease agreements. The perpetrator will pose as a ‘broker’ or bogus company and advertise deals in newspaper classifieds or trade magazines with the promise to ‘take over’ lease or vehicle instalments from vehicle owners. Some advertisements even promise vehicle owners a cash settlement that they can use towards a deposit on another vehicle.

The vehicle owner then makes contact with the ‘broker’ or bogus company and enters into a deal to transfer the vehicle. The transaction proceeds as promised, documents are signed and the vehicle is handed over to the ‘broker’ or bogus company. However, the vehicle lease or finance agreement with the bank is not transferred nor settled, which leaves the vehicle owner liable to the bank for the outstanding debt.

The majority of offers to remove the difficulties vehicle owners experience with vehicle finance or lease repayments made by third parties are fraudulent. Vehicle account rescue scams cause unsuspecting vehicle owners to lose their vehicles but they still remain liable for the debt.

Remember, if the vehicle is still under finance, it is illegal to enter into any third party transaction without the knowledge of your bank. To avoid becoming a victim of vehicle account rescue scams, Consumers experiencing financial difficulties are advised to approach their banks directly for assistance rather than responding to these advertisements.
TIPS TO AVOID BECOMING A VICTIM OF A VEHICLE ACCOUNT RESCUE SCAM:

  • Always contact your bank for advice if you want to sell a vehicle that is still under finance to any third party.
  • Never hand over your vehicle to a third party until your vehicle finance debt has been fully settled.
  • Contact your bank immediately if you experience difficulties paying your vehicle instalments or lease payments. All banks offer advice and alternative remedies to clients that experience difficulty honouring their payments.
  • First consider selling your vehicle if you are unable to honour your debt or get debt counselling to restructure your payment plan.
  • Always get your financial institution involved when you intend to purchase a vehicle in a ‘private sale’ deal.
  • Avoid ‘private sales’ if possible and rather purchase a vehicle from a reputable dealership.
  • Regard any promise of a ‘quick way out’ of a long term contract suspiciously because these solutions may put you in an even worst position.
  • Remember you are contractually obligated, where a vehicle is still under finance, to provide the name and address of the person to whom you transfer possession of the vehicle.
Address
  • 3rd Floor Building D
    Sunnyside Office Park
    32 Princess of Wales Terrace
    Parktown
    Johannesburg
    2193
    Gauteng
Number
  • Tel: +27 11 645 6700
Mail
  • PO Box 61674
    Marshaltown
    Johannesburg
    2107
    South Africa
Quick Links

© THE BANKING ASSOCIATION SOUTH AFRICA 2021 | Privacy Policy | Terms Of Service