Johannesburg – David Makgatho, 61, is the latest victim of the CNP (card-not-present) scam when an amount of R8,500 was fraudulently withdrawn from his account while he had the card with him.
According to a 2020 Accenture report, there has been a 100% increase in fraud in mobile banking applications and a 79.5% increase in card not present (CNP) fraud on credit cards issued in South Africa, making this scam the main contributor to the gross fraud losses in the country.
The report states that R2.2 billion a year is lost to cybercrime in South Africa – ranked third among countries with the highest number of cybercrime victims in the world – due to low investment in cybersecurity and inadequate cybercrime legislation.
Makgatho should know because he believes his card was cloned to access his standard bank accounts, transferring money from one account to another using the CNP scam, before withdrawing the funds.
He said that the same day after withdrawing money from a Standard Bank ATM at Goodman Crossing in Johannesburg, an amount of Rand 24,000 was first transferred from his emergency savings account to his Access account, and from there four transactions – three amounting to R2. 500 and one worth 1000 R1 – were made from a Checkers outlet in Glenvista, according to records from Standard Bank’s anti-fraud department.
According to Makgatho, he blocked his cards the next day and reported the matter to the bank, but his claim was dismissed on the condition that: “Standard Bank was not the beneficiary of the proceeds of unauthorized transactions.” Therefore, Standard Bank would not reimburse him.
Makgatho said he felt intimidated by the bank because it was distancing itself from the whole affair.
“I’ve been a Standard Bank customer for many years and this is how they treat their customers? How many people are faced with this? ” he said. “We are told that our money is safer with the banks, instead we are vulnerable. We are victims of fraudulent activities like these. I can’t afford to lose the R8 500 like this. All I want is for them to reimburse me. I am looking to get my money back and am looking for other steps to take from now on. “
In its response letter, the bank said the only help it could offer was “to cooperate with the SAPS, as long as a criminal case (is) open”.
The letter further reads: “SBSA has concluded our investigation and could not find any wrongdoing on the part of the bank, the transactions were made by you, someone or persons unknown to you or the bank.”
Makgatho then wrote another letter begging the bank.
“I am 60 years old and I am constantly told that cybercrime is prevalent among people our age. I am very careful and educated enough not to be in the crosshairs. How much more does Standard Bank expect from me when I play my role?
“Isn’t the bank supposed to meet me halfway through making sure its security measures are constantly tightened?” Protea North’s frustrated father of two asked.
“The bank’s response suggests I’m at fault and yet I trusted them with my money.”
However, spokesperson Ross Linstrom, when approached, confirmed that SBSA is committed to fully investigating all matters brought to their attention.
“Although I would have liked to give you an answer earlier, our teams are still investigating this matter. I apologize to our client but can assure you that our investigation will be thorough. As soon as we resolve this complaint, we will be in contact with the customer, ”he said.
In another case, Thabo Ngwenya lost his FNB bank card and although he says he blocked it, it continued to be used at various N1 toll gates en route to Limpopo.
Ngwenya, 45, then canceled his card on the app as soon as these transactions started, but the card was used continuously even afterwards.
After three months of trying to get help, they finally paid him back his money, he said, “but only after I threatened them. As a customer, why isn’t the security of our money taken seriously? Why do we have to fight for banks to strengthen their security? ” He asked.
Ngwenya has since changed banks.
Ryan Mer, managing director of Eftsure Africa, which provides online payment and verification services, said cybercrime was lucrative and could be carried out from anywhere in the world with targets anywhere.
Mer said that due to the “behind-the-screen” nature of the crime, it was difficult to catch and prosecute these criminals, which made it attractive.
In addition, the growing use of online interactions and their growing dependence on a global scale means that the ‘total addressable market’ for these criminals continues to grow and they are prompted to innovate, become more sophisticated and more complex in their attacks.
“Digital transformation has taken place at a rapid pace with rapid adoption, which is great, but people across the spectrum are ignoring some of the risks associated with it – both the general public and businesses (which, well sure, are always run by and usually depend on people).
“This means that a lot of the risk could be addressed through people’s behaviors. This requires educating people and making them constantly aware of the risks as they evolve through different channels such as banks, media, businesses / employers. “
According to Mer, cybercrime attacks against South African businesses or the public don’t have to be perpetrated by South African criminals. In fact, many of the unions responsible for these attacks are not based in South Africa.
“This is precisely what makes this problem so much more frightening and difficult to solve. Regarding the fraudulent activity that has been perpetrated by people within companies, for example, the recently reported fraud case of a CFO who allegedly defrauded his employer of R17million by directing funds to suppliers to his bank account, these people are simply endowed with resources. knowledge of the gaps in the environment for manual controls within companies and the ease with which they can be operated, ”he said.
According to Ryan Mer, managing director of Eftsure Africa, which provides an online payment and verification service, it is predicted that there will be 7.5 billion internet users by 2030 and that more than 111 billions of lines of new software code will each be produced. year.
“While the growth is exciting, these statistics also describe the number of vulnerabilities open to exploitation. With around 96 zettabytes of digital content currently being produced, that very volume will lead to an increase in cyber attacks and security events, which will be virtually impossible for humans to contain.
“Cyber security is more than a technological issue – it’s also a business issue. A worrying number of South African businesses are unprepared for the inevitability of a cyberattack, despite the significant financial and reputational risks. Cybercrime costs the South African economy millions every year and is increasing at an alarming rate. “
It provides guidance specifically applicable to organizations
1. Understand the risks. This means testing your current processes and systems to identify vulnerabilities, perhaps with the help of more experienced external experts.
2. Strengthen your basic security. Consider restricting user access to certain systems and applications and ensure that those leaving the company no longer have access. Check if there are any vulnerabilities in the way your company provides remote access. Make sure that approval authorities are integrated into processes and workflows.
3. Reinforce the security of your payments. Once you understand the threats, take a close look at your payment processes and identify potential weaknesses. Independent third-party platforms can help manage vendor data and automate payment control and vendor verification, saving time on manual processes and reducing human errors.
4. Train your staff, create awareness. Since employees are typically the targets of cybercrime, especially those in finance and accounts payable, equip them with the skills and tools to detect threats and respond effectively. Also ask them how to identify and report any suspicious online activity.
5. Make cybersecurity part of your DNA. Constantly reminding staff at all levels of the risks of cybercrime will, over time, help build a strong culture of security throughout your business.
6. Make sure you have systems in place that allow full oversight and have an audit trail and accountability
Ultimately, however, businesses need to be able to operate, at high speed, without being so bogged down by paranoia and manual control processes, so they should consider where technology can play a role in that perspective, such as she did it from a completely different perspective.
the Independent Sunday