Our member banks are continually upgrading their systems to ensure their clients safety when transacting either locally or internationally. Crime affects everyone and as such bank clients should consistently be vigilant to potential threats to the security of their bank accounts which can be compromised in the various methods (online or physically) they choose to transact.
The onus is on bank clients to ensure that they appropriately protect themselves. This section highlights the, but not limited to the list, scams which may affect bank clients such as; ATM Fraud, Card Fraud, Card Skimming theft, Cash theft, Change of banking account details scams, Cheque fraud scams, Identity an personal information fraud, phishing scams, point of sale theft and vehicle account rescue scams.
ATM FRAUD
The Automated Teller Machine (ATM) offers bank customers a simple and convenient way to transact nationally 24 hours a day without going into the bank. The first two ATMs in South Africa launched in 1977 changed the way South Africans bank. Today, banks and independent ATM service providers continue to roll-out ATMs throughout the country to increase access to basic banking services for all citizens.
However, the large number and increased usage of ATM’s have made it possible for criminals to devise various scams such as card skimming, card swopping, ATM shoulder surfing and card trapping in ATM’s (using the ‘Lebanese’ loop).
TIPS TO AVOID BECOMING A VICTIM OF ATM FRAUD
Perpetrators use a variety of Card Fraud methods and keep changing their approach to trick their victims. The most common Card Fraud types in South Africa at present include Counterfeit Card Fraud, Lost and Stolen Card Fraud, False Application Fraud and Card Not Present Fraud. Card Fraud is difficult for the banking industry because perpetrators prey on the vulnerabilities of bank customers and do not target banking systems.
COUNTERFEIT CARD FRAUD
Counterfeit Card Fraud involves illegally manufactured cards that use personal information stolen from the magnetic strip of a genuinely issued card. In other cases, lost and stolen cards or old cards are encoded with the new information that was stolen from a genuine card for purposes of committing Counterfeit Card Fraud. Perpetrators usually use card skimming devices to steal the information needed for Counterfeit Card Fraud.
CARD NOT PRESENT FRAUD
Card Not Present (CNP) Fraud refers to a fraudulent transaction where neither the card nor the card holder is present at the point of sale. CNP transactions can be conducted when orders for goods, travel or accommodation are placed telephonically, by internet, mail order or fax.
LOST CARD FRAUD
Lost Card Fraud refers to fraudulent transactions conducted on a valid issued debit or credit card after the card holder has lost his or her card.
STOLEN CARDS FRAUD
Stolen Card Fraud refers to fraudulent transactions performed on a validly issued debit or credit card that was stolen from a legitimate owner.
FALSE APPLICATION FRAUD
False application Fraud occurs when fraudulent transactions are conducted on an account where the card was acquired by falsifying a card application. Since the introduction of legislation such as FICA and the NCA, banks have become more rigorous in application verification procedures and False Application Fraud has declined by over 90% from the 2007/2008 high.
ACCOUNT TAKE OVER FRAUD
Account Takeover Fraud occurs when a perpetrator poses as the legitimate account holder and takes over someone’s account and then uses the account for their own benefit. Access to personal information is used by perpetrators to pose as their victims for both Account Takeover Fraud and False Application Fraud.
NOT RECEIVED ISSUED CARD FRAUD
Not Received Issued Cards Fraud relates to validly issued credit and debit cards that are intercepted before they reach the authentic customers and used for fraudulent transactions.
TIPS TO AVOID BECOMING A VICTIM OF CARD FRAUD
TIPS TO AVOID BECOMING A VICTIM OF CARD NOT PRESENT FRAUD
Card Skimming or card cloning uses a Card Skimming device to fraudulently copy bank customer details stored on the magnetic strip (brown/black strip at the back) on a debit or credit card. Whenever you present your card for payment you run the risk of being skimmed. However, the majority of skimming incidents in South Africa are recorded around ATMs and, to a lesser extent, at retail merchants when bank cards are presented for payments. The customer and card information stolen with skimming devices is often used to manufacture counterfeit (duplicate) cards which criminals use to make fraudulent transactions on a victim’s account.
CARD SKIMMING AROUND ATMS
Card fraud perpetrators use various scams and social engineering tactics to trick naïve ATM users and skim their bank cards. These are some of the most widespread scams:
SKIMMING OF CARD AND SHOULDER SURFING CUSTOMER PINS
The perpetrators approach unsuspecting ATM users prior to or after concluding a transaction and claim to work for the bank. The target is advised to ‘re-activate’ their cards by swiping the card through a ‘card reactivating device’. The ‘card reactivating device’ is actually a hand held skimming device. This type of skimming requires accomplices to loiter around the ATM shoulder surfing for the customer PINs. The perpetrators use the stolen card information to manufacture a counterfeit card and match the customer PIN to the new card to make fraudulent transactions.
ATMS THAT ARE TAMPERED WITH OR DAMAGED
Customers should never use ATMs that seem damaged or tampered with because this creates opportunity for card fraudsters to take advantage:
When a customer is confronted with an ATM that is damaged or tampered with, the perpetrator will approach the customer and use social engineering tactics to take the customer’s ATM card. The customer is often escorted to another ATM in order to assist the customer to make a withdrawal.
The card is then secretively skimmed on the way to the second ATM with a hand held skimming device. The victim is handed back their card without noticing that it has been skimmed. The interaction between the perpetrator and the customer creates trust and the perpetrator often stands next to the customer while the transaction is conducted. The perpetrator will memorise the customer’s PIN when it is keyed in.
The unsuspecting customer will only realise they have fallen victim to a scam when money is withdrawn from their account.
CARD SKIMMING AT RETAIL MERCHANT POINT OF SALES
Criminals often collude with staff working at retail outlets such as waiters or cashiers. The card fraud perpetrators provide business staff with hand held skimming devices and reward them for skimming customers’ cards.
TIPS TO AVOID BECOMING A VICTIM OF CARD SKIMMING THEFT:
ATM SAFETY TIPS:
SHOPPING SAFETY TIPS:
Criminals are always alert to the opportunity to take advantage of people who carry cash on their person. Carrying cash has several benefits but also raises legitimate safety and security concerns. Robberies can occur when you are on your way to deposit money or after you have made large cash withdrawals.
WHEN DO YOU RISK CASH THEFT?
TIPS TO AVOID BECOMING A VICTIM OF CASH THEFT?
Criminals are always on the lookout for fresh new ways to make easy money. However, the majority of fraud is just old ideas that catch new people. Businesses must be aware of business-to-business Identity Theft scams that involve the fraudulent diverting of payments into accounts not belonging to suppliers.
Perpetrators of this scam usually assume the identity of a supplier. The fraudsters may call the targeted business to introduce themselves as the new account manager at a supplier that holds a contract with the business. An email or a letter using fraudulent letterheads is sent to inform the targeted business of changes in banking account details. The perpetrators will request all future payments be paid into the new account. The new bank details belong to an account under the control of the fraudsters.
This is an old scam, but the perpetrator’s attention to detail makes these communications seem authentic, which can turn unsuspecting businesses into easy targets. These perpetrators ensure that correspondence from the targeted business to verify the notification is diverted to a member of their group who will confirm the instruction to be legitimate. Businesses should take their time to verify the notifications for change in banking details from their suppliers even when under pressure to do so at the end of the month, unless of course the legitimacy of the notice is certain. Businesses should always ensure that they are satisfied with the validity of supplier communications.
Having rapport with individuals in the supplier’s office is the easiest way to confirm these types of requests telephonically with a trusted source. Where feasible, businesses should train staff in proper supplier relationship management procedures and how to be alert to slight tweaks in e-mail addresses and other details of communications.
TIPS TO AVOID BECOMING A VICTIM OF CHANGE OF BANKING ACCOUNT DETAILS SCAMS:
These simple precautions can ensure that your business does not fall victim to bank account detail scams.
A Cheque is a signed, written instruction you give to your bank to pay money out of your account. Cheques are a handy way to make payments without having to use cash. Savvy money management skills require that you should be aware of the security measures to take when handling Cheques. Despite the decline in Cheque usage, Cheque Fraud remains one of the largest challenges facing business and financial institutions. The victims include financial institutions, businesses or customers that accept and issue Cheques.
Generally, Cheque Fraud looks like a legitimate business transaction. The perpetrator will approach the targeted business entity with an urgent order for goods or services and a promise for immediate payment. The promise is often supported by proof of cash deposit or electronic payment. However, the payment is made with a bogus or fraudulent Cheque. This Cheque is not honoured by the bank and leaves the business or customer out of pocket. Anyone who receives payment must verify that the payment was made in cash and if it is a Cheque payment wait until the Cheque clears before releasing the goods.
Advanced computer technology has allowed significant amounts of Cheque Fraud through counterfeiting to copy or create duplicates and chemical alteration to manipulate information. The majority of Cheque Fraud is stopped before any losses occur, still Cheque Fraud costs millions of Rands each year. In some cases, banks receive business Cheques removed from legitimate Cheque books for large amounts of cash. It is not uncommon for perpetrators to collude with business or domestic staff to steal and forge signatures of owners with signing power. Banks have preventative measures to verify the validity before payment such as telephonic confirmation. Sometimes, the perpetrators will circumvent these measures by hijacking communication attempts by pretending to be the client. To avoid the financial losses associated with Cheque Fraud, customers need to be vigilant about suspicious Cheque deposits. Here are some practical tips to help avoid becoming a victim:
TIPS TO AVOID BECOMING A VICTIM OF CHEQUE FRAUD:
The theft of Personal Information, otherwise known as Identity Theft, is one of the leading contributors to a successful fraud. Identity Theft is a type of fraud which involves stealing money or gaining other benefits by acquiring Personal Information and pretending to be someone else.
Perpetrators target victims indiscriphminately and Identity Theft can take place when the victim is deceased or alive. The consequences of your Identity being compromised can be emotionally devastating and can have a direct impact on your personal finance. This can make it difficult to obtain loans, credit cards or a mortgage until the matter is resolved.
WHAT IS PERSONAL INFORMATION?
PERSONAL INFORMATION INCLUDES ALL INFORMATION THAT IS UNIQUE TO YOU, SUCH AS:
WHAT CAN CRIMINALS DO WITH YOUR PERSONAL INFORMATION?
Criminals can use Personal Information to assume your Identity and acquire retail or bank accounts, or even defraud your insurance, medical aid and UIF. In some instances, perpetrators go to your bank and make transactions on your accounts while impersonating you.
TIPS TO AVOID BECOMING A VICTIM OF PERSONAL INFORMATION OR IDENTITY THEFT
As a consumer you have the right to obtain one free credit report each year from each credit bureau. Use the report from Compuscan, Experian, Transunion ITC and Xpert Decision System to check if institutions have made enquiries about you. This could indicate that your details have been used without your authorisation.
WHAT TO DO IF YOU ARE A VICTIM OF PERSONAL INFORMATION THEFT
Perpetrators use a number of techniques to gather Personal Information for Identity Theft purposes. Two of the most prominent methods are Phishing and Shoulder Surfing and Card Skimming.
Phishing is a method of deceitfully obtaining personal information such as passwords, identity numbers, credit card details and sometimes, indirectly, money. Perpetrators might call you or send e-mails that appear to be from trusted sources such as banks, other financial institutions or legitimate companies.
Typically, Phishing emails request that users obtain, verify or update contact details or other sensitive financial information by clicking on a link in the email that directs users to a spoofed website (a website designed by criminals to fool users into thinking that it is legitimate).
Spoofed websites look almost identical to the legitimate website of a well-known financial institution or business. Phishing emails, which are a form of spam, are sent by the thousands to consumer email accounts. The perpetrators use forms on these fake websites to trick recipients into disclosing their personal information.
TIPS TO AVOID BECOMING A VICTIM OF PHISHING SCAMS
Point-of-sale systems use mainstream software to accept payments, connect to banks and other financial institutions, transfer funds, store personal information, manage sales inventory and much more. Hackers are continuously looking for opportunities to breach established security protocols using a technique known as port scanning. Hackers do this either for self-gratification or as part of a crime syndicate.
In today’s data driven society, personal information has become a commodity and hackers use malware infections on POS systems and backdoors with remote access to hijack information. All types and sizes of business establishments are vulnerable to Cyber-attacks. Preventative measures and detection techniques can help reduce the frequency and size of losses.
TIPS TO AVOID BECOMING A VICTIM OF POINT OF SALE THEFT:
HACKERS CANNOT STEAL FROM POINT-OF-SALE SYSTEMS THEY ARE UNABLE TO REACH. IN ADDITION TO PREVENTING HACKERS FROM REACHING YOUR POS SYSTEM, CONSIDER:
Following these simple practices will save money, time and other troubles for your business and your customers.
Vehicle account rescue scams target vehicle owners who are experiencing financial difficulties and who are trapped by vehicle instalment or lease agreements. The perpetrator will pose as a ‘broker’ or bogus company and advertise deals in newspaper classifieds or trade magazines with the promise to ‘take over’ lease or vehicle instalments from vehicle owners. Some advertisements even promise vehicle owners a cash settlement that they can use towards a deposit on another vehicle.
The vehicle owner then makes contact with the ‘broker’ or bogus company and enters into a deal to transfer the vehicle. The transaction proceeds as promised, documents are signed and the vehicle is handed over to the ‘broker’ or bogus company. However, the vehicle lease or finance agreement with the bank is not transferred nor settled, which leaves the vehicle owner liable to the bank for the outstanding debt.
The majority of offers to remove the difficulties vehicle owners experience with vehicle finance or lease repayments made by third parties are fraudulent. Vehicle account rescue scams cause unsuspecting vehicle owners to lose their vehicles but they still remain liable for the debt.
Remember, if the vehicle is still under finance, it is illegal to enter into any third party transaction without the knowledge of your bank. To avoid becoming a victim of vehicle account rescue scams, Consumers experiencing financial difficulties are advised to approach their banks directly for assistance rather than responding to these advertisements.
TIPS TO AVOID BECOMING A VICTIM OF A VEHICLE ACCOUNT RESCUE SCAM: