The South African Banking Risk Information Centre (SABRIC), on behalf of the banking industry, has launched a Safe Banking Campaign to empower bank clients with information to ensure that they bank safely over the Festive Season. As the year comes to a close, fraudsters take advantage of the fact that consumers receive bonuses, spend more money and are generally more relaxed because they are in holiday mode. SABRIC wants ensure that bank clients are empowered with information in order to protect themselves.
The Festive Season typically sees an increase in the use of online banking and card transactions and SABRIC urges bank clients to take note of the latest crime trends so that they do not become victims. Although the advent of digital technology has seen an increase in electronic banking crimes, SABRIC still urges consumers to remain aware of other modus operandi at play, such lost & stolen card fraud as well as Vishing, both of which are on the increase.
Lost & Stolen Card Fraud
Once in possession of an original card and PIN number, fraudsters are able to use the card as if they were the actual card holder. By interrupting or interfering with a bank client whilst he or she is transacting, cards are stolen, swopped, or trapped in the ATM to be retrieved later by the fraudster. PIN numbers are easily acquired by shoulder surfing, which enables a stolen card to be utilised immediately by the fraudster. Fraudsters aim to maximise the reward before the victim even realises what has transpired and can report the card as stolen. “By covering the PIN when punching the numbers, bank clients will be able to mitigate their risk even if they are the unfortunate victims of card theft” says Kalyani Pillay, CEO of SABRIC.
“Bank clients are urged not to accept any assistance or allow anybody to interrupt or interfere with them at ATM’s while transacting”, says Pillay.
Although fraudsters still make use of Phishing, there has been an increase in what is known as Vishing which is the telephone equivalent. Here, a fraudster phones their victim posing as a bank official or service provider and uses social engineering skills to manipulate them into disclosing confidential information, while at the same time leading them to believe that they are speaking to the bank or service provider. This information is then used to defraud the victim.
Protect yourself from Vishing by adhering to the following:
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
***Tips to empower bank clients***
- Tips to do safe mobile banking:
- Protect your phone content and personal information you saved by using a PIN or Password to access your phone. Do not leave your phone unlocked.
- Memorise your PIN, never write it down or share it with anyone and make sure no one can see you entering your PIN.
- Choose an unusual PIN that is hard to guess and change it often.
- If you think your PIN has been compromised, change it immediately.
- Do not respond to competition SMS’s or MMS’s.
- If you receive a phone call requesting personal information do not respond and end the call.
- If you use a Smartphone, install an up-to-date anti-virus application to your cellphone. Most banks provide this free of charge to their customers.
- Never access your bank site through a link in an SMS.
- Never access your banking site on a public Wi-Fi network – it’s not secure and your credentials could be hacked. Rather disable Wi-Fi and switch to a cellular network option.
- Make use of the mobile banking apps provided by your bank, they go to great lengths to ensure that these are secure.
- Tips to do internet banking safely:
- Ensure that the device you use for internet or mobile device banking has the latest version of antivirus and antispyware software installed from reputable vendors. Robust solutions should identify malware and prompt you to delete it.
- Do not do your banking on a public or unfamiliar computers found at libraries, cyber- or internet cafes and hotels.
- Avoid using Wi-Fi hotspots, and ensure your own wireless network is encrypted before performing any banking transactions on your private computer. Prevent illegal software from being downloaded on your computer by creating administrative rights.
- Be suspicious if you receive lots of spam email or SMS messages. It could indicate that your computer or cellphone has been infected.
- Beware of fake anti-virus software that is offered at no charge, as it could contain malware.
- Do not use unknown devices, such as USB flash drives, on your system, as they may transfer malware unknowingly.
- Avoid downloading pirated software, as it may contain malware.
- Memorise your PIN and passwords, never write them down or share them, not even with a bank official.
- Make sure your PIN and passwords cannot be seen when you enter them.
- If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.
- Choose an unusual PIN and password that are hard to guess and change them often.
- For your security you only have three attempts to enter your PIN and password correctly before you are denied access to your services.
- Register for your Bank’s cellphone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.
- If reception on your cellphone is lost, immediately check what the problem could be, as you could have been a victim of an illegal Sim swap on your number. If confirmed, notify your bank immediately.
- Inform your Bank should your cellphone number changes so that your cellphone notification contact number is updated on the banking system.
- Regularly verify whether the details received from cellphone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately make contact with your Bank and report all log-on notification that are unknown to you.
- Ensure that you are on your Bank’s secure website and not on a ‘spoof’ site that looks like the real website.
- Log onto your Bank’s website by typing in the web address yourself instead of accessing via Google search as it might lead you to a spoofed site.
- Do not use web links that are saved under your favourites and never access your Bank’s website from a link in an email or SMS.
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to see that the URL begins with https rather than http.
- Remember to log off immediately when you have finished banking.
- Never do Internet Banking in public areas such as Internet Cafés, as you never know what software is loaded that may compromise your transactions, PINs and passwords.
- Make sure that no one has unauthorised access to your PC.
- Be especially aware that there are no security cameras trained on your PC and keyboard.
- Make sure that the software loaded onto your PC is correctly licensed.
- Update your operating system and browser with the latest patches.
- Never open suspicious or unfamiliar e-mails or attachments as these often contain harmful programs.
- Never click on links or attachments within suspicious e-mails as harmful viruses, spyware & Trojans may infect your PC.
- Ensure that you have the latest anti-virus applications loaded on your PC. Most Banks provide this free of charge to their customers.
- Install a personal firewall on your PC.
- Being aware of using storage devices (such as memory sticks and portable hard drives), if you make use of them ensure that they are password protected.
- Do not send e-mails that contain personal information such as your card number and expiry date.
- Protect your computer by installing and regularly updating quality antivirus software.
- Install a spam blocker on your system. This will ensure that fraudsters find it difficult to send you phishing e-mails.
- Do not click on links in unsolicited emails and delete them immediately.
- Type in the URL for your bank in the internet browser if you need to access your bank’s webpage.
- Never click on a link to take you to your bank’s website.
- Keep your operating system and browser patches, anti-virus and anti-spy software up to date on your personal computer/laptop or cellphone as they include important security enhancements to help detect phishing sites and malware.
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to ensure that the URL begins with https rather than http. If you think that you might have compromised yourself, report it to your bank immediately.
- Should you realize that you have responded to a phishing mail, change your internet banking credentials immediately and advise your bank.
- Register for SMS notifications so that you can be alerted to any money moving from your bank account, real time.
- Tips to use cheques safely:
- Check the payee, amount in words and figures carefully for alterations.
- Be on the lookout for stamps that are placed over areas that could conceal alterations.
- Cheques issued in black Koki pens should raise suspicion.
- Spelling mistakes on the printed areas of the cheques such as the drawer’s details and the Bank Branch name.
- Tampering on the MICR Code line – black shaded areas.
- Be suspicious if the cheque appears faded, as chemicals could have been used to remove information.
- Shaky signatures could indicate that the signature was traced.
- Write your cheque in such a way that it is difficult to alter by drawing lines through unused spaces.
- Write clearly and neatly using a non-erasable ballpoint pen. The type of pen you use makes a difference. Most ballpoint and marker inks are dye based, meaning that the pigments are dissolved in the ink. But, based on ink security studies, gel pens, like the Uniball 207 uses gel ink that contains tiny particles of colour that are trapped into the paper, making cheque washing a lot more difficult.
- Write the full names of the payee and spell them correctly. Avoid the use of abbreviations.
- Do not make any corrections to the cheque as alterations in any form will not be allowed on the cheque except for where the words “bearer/order” has been ruled through. It is best to cancel it and write out another one.
- Don’t leave large spaces between words and draw a line through any unused space to ensure that nothing can be added to the cheque.
- Write the amount of the cheque in the space immediately after ‘The sum of’. According to the Bill of Exchange Act the amount in words will be considered the correct amount if there is a difference between the amount in words and figures.
- Write the amount in figures as close to the ‘R’ as possible.
- Fill in the correct date.
- Remember to sign your cheque.
- Keep your chequebook, cancelled cheques and statements safe.
- Never sign a blank cheque.
- Report lost or stolen cheques immediately.
- Provide your Bank with up-to-date signatures of everyone who is entitled to sign cheques on your account.
- Check your statements every month and do reconciliation.
- It is safest to collect your new chequebook yourself.
- A ‘cash’ cheque is as good as money so it is not your safest option.
- Cheques where the words ‘Or Bearer’ are not crossed out are as good as cash and can be cashed by anyone who presents it (even if it was made out to a person or company). If you do not want the cheque to be negotiated between various parties you can restrict negotiation by adding the words “Not Transferable”. This in effect means that the cheque may only be negotiated by the person/company whose name appears on the beneficiary field.
- When a cheque is made out to a person or company and ‘Or Bearer’ is crossed out, it is safer. However, the original payee can still sign the back of the cheque and make it over to a third party.
- Two lines with or without the words ‘non-negotiable’ or ‘non-transferable’ written between them means the cheque cannot be cashed but has to be deposited into a bank account.
- A crossing cannot be cancelled.
- ‘Non-transferable’ means it must be paid into the account of the person or company whose name appears on the cheque.
- ‘Non-negotiable’ means it must be paid into a bank account but the person to whom the cheque was originally made out to may transfer it to a third party.
- According to the Bill of Exchange Act section 81(3) the words “Not Negotiable” give the drawer/issuer more protection with regard to obtaining information relating to the deposit of such cheque.
- It is not advisable posting a cheque.
- If you must send it via post make sure cheques are crossed, marked non-transferable’ and made payable to a specific person or company.
- Send cheques by registered mail and in good time to allow for delivery delays.
- Staples or paperclips attaching a cheque to a letter are all tell-tale signs for criminals.
- Avoid envelopes that are transparent or easy to open.
When accepting a cheque make sure that:
- It has not been altered.
- It isn’t post-dated.
- It is signed.
- There are no dirty marks on it.
- The same pen has been used throughout.
- The handwriting is the same on all parts of the cheque.
Be cautious when you notice the following on a cheque:
- Several stamps that are placed over areas that could conceal alterations.
- Black Koki used to complete the cheque.
- Spelling mistakes on the printed areas such as the drawer’s details and the bank branch name.
- Tampering on the MICR Code line – black shaded areas.
- Faded areas, as chemicals could have been used to remove information.
- Shaky signatures, which could indicate that the signature was traced.
- Typed or pre-issued cheques.
- Tips for card holders:
- Review your account statements on a regular and timely basis; query disputed transactions with your Bank immediately.
- When shopping online, only place orders with your card on a secure websites.
- Do not send e-mails that quote your card number and expiry date.
- Ensure that you get your own card back after every purchase.
- Never write down your PIN or disclose it to anyone.
- Report lost and stolen cards immediately.
- Destroy your credit card receipts before discarding them.
- Never let your card out of your sight when making payments.
- Sign your card on the back signature panel as soon as you receive it to stop anyone else from taking ownership or trying to use it.
- Don’t allow anyone to use your card, your credit / debit card is not transferable. Only the person to whom the card was issued is only person authorised to use it.
- If you have a debit, cheque and credit card, don’t choose the same PIN for all of them, so that if your PIN is compromised on one card, the others will still be safe.
- Protect your cards as if they were cash. Never let them out of your sight and ensure that you get them back after every purchase.
- Always check transaction slips for correct purchase amounts before you sign them.
- Keep your transaction slips and check them against your statement to spot any suspicious transactions and query them immediately.
- Make a list of all your cards and their numbers and store it in a safe place.
- While transacting always keep an eye on the ATM Card slot to ensure that your card is not taken out, skimmed and replaced without your knowledge.
- Should an ATM retain your card, contact your Bank and block your card before you leave the ATM.
- Subscribe to your Bank's SMS notification services; this will inform you of any transactional activity on your account.
- Hold the card until the transaction is completed. Ensure that all card security features are present.
- Compare the cardholder’s signature on the card to that on the sales voucher.
- Phone for authorisation if requested to do so by the point of sale device. Make an imprint of the card in the case of a manual transaction.
- Tips to use ATMs safely:
- If you think the ATM is faulty cancel the transaction IMMEDIATELY, report the fault to your Bank and transact at another ATM.
- Avoid ATMs that are dimly lit or surrounded by loiterers, and never allow your children to draw money using your card, since they're the most vulnerable to perpetrators.
- Have your card ready in your hand before you approach the ATM to avoid opening your purse, bag or wallet while in the queue.
- Be cautious of strangers offering to help as they could be trying to distract you in order to get your card or PIN.
- Follow the instructions on the ATM screen carefully.
- ONLY punch in your PIN once prompted by the ATM.
- Report suspicious items or people around ATMs to the Bank.
- Choose familiar and well-lit ATMs where you are visible and safe.
- Report any concerns regarding the ATM to the Bank. Toll free numbers are displayed on all ATMs.
- Be alert to your surroundings. Do not use the ATM if there are loiterers or suspicious people in the vicinity. Also take note that fraudsters are often well dressed, well-spoken and respectable looking individuals.
- If you are disturbed or interfered with, whilst transacting at the ATM, your card may be skimmed, by being removed and replaced back into the ATM without your knowledge. Cancel the transaction immediately and report the incident using your Bank's Stop Card Toll free number which is displayed on all ATMs, as well as on the back of your Bank card.
- Should you have been disturbed whilst transacting, immediately change your PIN or stop the card, to protect yourself from any illegal transactions occurring on your account.
- Know what your ATM looks like so that you are able to identify any foreign objects attached to it.
- Do not ask anyone to assist you at the ATM, not even the security guarding the ATM or a Bank official. Rather go inside the Bank for help.
- Never force your card into the slot as it might have been tampered with.
- Do not insert your card if the screen layout is not familiar to you and looks like the machine has been tampered with.
- Don’t use ATMs where the card slot, keypad or screen has been tampered with. It could be an attempt to get hold of your card.
- Your PIN is your personal key to secure banking and it is crucial to keep it confidential.
- Memorise your PIN, never write it down or share it with anyone, not even with your family member or a Bank official.
- Choose a PIN that will not be easily guessed. Do not use your date of birth as a PIN.
- Memorise your PIN, never write it down or share it, and key it in personally in such a way that no one else can see it e.g. cover your PIN when punching the numbers even when alone at the ATM as some criminals may place secret cameras to observe your PIN.
- Don't let anyone stand too close to you in order to keep both your card and PIN safe.
- Some fraudsters wait until you’ve drawn your cash to take advantage. Be wary of people loitering around the ATM and ensure that you are not followed.
- Take your time to complete your transaction and secure your card and your cash in your wallet, handbag or pocket before leaving the ATM.
- Set a daily withdrawal limit that suits your needs (the default amount is set at R1000.00), to protect yourself in an event that your card and PIN are compromised.
- Check your balance regularly and report discrepancies to your Bank IMMEDIATELY.
- Avoid withdrawing cash to pay for goods/services as your Debit Card can be used for these transactions. You are able to use your Debit Card wherever the Maestro/Visa Electron logo is displayed.
- After you have completed your transaction successfully, leave the ATM area immediately. Be cautious of strangers requesting you to return to the ATM to finalise/close the transaction because they are unable to transact. Skimming may occur during this request.
For more information go to www.sabric.co.za
To arrange for interviews with SABRIC CEO, Kalyani Pillay, contact:
Media and communications Manager
Tel: +27 11 847 3134
Cell: 082 070 5349
Notes to Editors:
SABRIC is a NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principle business is to detect, prevent and reduce organised crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organised bank related financial and violent crime and acts as a nodal point between the banking industry and others, in respect of issues relating to crime. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit www.sabric.co.za