April 4, 2009
By Neesa Moodley-isaacs
It's up to you to ensure you transact safely on the internet, because your bank doesn't consider itself liable for your losses if you are a victim of online fraud.
Banking online may make your life easier but it also exposes you to new risks that could cost you tens of thousands of rands.
And most people who lose money as a result of internet and cellphone banking fraud do so because they fall prey to scam artists.
If you are defrauded because you gave out your personal details - no matter how innocently - the banks will not come to your rescue.
Clive Pillay, the Ombudsman for Banking Services, says in his latest annual report, released this week, that the threat of fraud is increasingly becoming a problem when you bank online.
And as banking systems become more sophisticated, so do the criminals' methods.
Fraud accounted for eight percent of the cases closed by Pillay last year and of these two percent concerned internet fraud.
The number of complaints related to internet banking received by the ombudsman's office jumped from just seven in 2005 to 68 last year.
"The ingenuity of fraudsters revealed itself in many cases we handled during the year. In spite of repeated warnings from the banks, consumers still fall prey to internet scams," Pillay says.
He recommends that you need to keep your banking details confidential and to act immediately on any day-to-day transactions that appear to be even remotely suspicious.
The report shows that seven internet banking fraud complaints (all against Standard Bank) were escalated to a final recommendation because the complainants or the bank were not happy with the ombudman's provisional recommendation. A final recommendation is the last mediation step before the ombudsman issues a determination (a ruling that is binding on the bank). Two determinations were made in the past year.
Tumi Monale, the director of self-service banking at Standard Bank, says all seven cases involved phishing (see "Types of internet fraud" below).
"Standard Bank accepts its responsibility to ensure that clients' information remains safe and secure when conducting any financial transaction, either via the internet or a mobile device," she says.
"Internet banking security is a partnership between customers and the bank. We remind customers that they too are responsible for their own personal or company banking activities, and to take precautions to safeguard their personal information, bank account details, log-on and PIN codes, and their money," Monale says.
As part of their terms and conditions for internet banking, the major banks make it quite clear that they do not accept any liability if you compromise your access code by revealing it to anyone.
For example, First National Bank (FNB) says on its website: "You are responsible for maintaining the confidentiality and secrecy of your access codes. If you believe your access codes have been compromised, you must immediately contact FNB Online Banking and request that they deactivate your access codes, or you can reset your access codes on the website ...
"Until you notify us to deactivate your access codes, we will not be responsible or liable for any transactions that are performed without your knowledge or consent, and you hereby indemnify us from any loss and damages you suffer as a result."
Case studies from the report
The following cases that came before the ombudsman illustrate how you can lose money if you are not careful when you bank online:
An Absa client who was taken in by a spoofing scam lost about R25 000 when criminals raided her credit card account.
The client received an email - purportedly from Absa - that asked her to click on a link to verify her banking details. When she clicked on the link, she was directed to a fraudulent website that looked similar to the Absa website.
She entered her log-on details and password on the bogus site, and the criminals used her details to log into her account on the genuine Absa website. They immediately sent the woman a second email that asked her to confirm that Absa had SMSed a verification number to her. She replied and provided the criminals with the verification number, which gave them complete access to her bank accounts.
A woman made an internet payment of R27 000 to a company only to realise that she had typed an incorrect digit when entering the account number. The money went to the wrong account. The woman's bank could not recall the funds before they were transferred.
The bank was also unable to recall the R27 000 from the bank account to which it had been transferred because the bank had already deducted the bank charges and the amount in the account was now less than R27 000.
The bank agreed to reverse its charges so that it could try to recall the money once more. However, in order for the money to be recalled, the bank to which the R27 000 had been transferred would have to obtain permission from the accountholder. But the accountholder had already withdrawn the full amount.
The woman's bank acknowledged that there had been an unnecessary delay in attempting to recover the money and offered to pay her R1 000 for distress and inconvenience.
The bank to which the money had been transferred admitted that it should have requested permission from the accountholder to remove the funds sooner and offered to pay the woman R2 000 in compensation.
Clive Pillay, the Ombudsman for Banking Services, recommended that the complainant accept both offers of compensation, because, if she wanted to recover the full amount, she would have to pursue a criminal case against the person who withdrew the R27 000.
Pillay says when you are making an online payment, you need to double- and even triple-check the account numbers you enter.
If you enter the incorrect account number, the bank cannot simply recall the money but will need permission from the person into whose account you have made the deposit. If that person is unco-operative, the bank cannot recall your money. You will have to take legal action, at your own expense, against the accountholder to recover your money.
Types of internet fraud
Phishing is the most common type of online fraud. Criminals send you an email that appears to have been sent from your bank. In the email, they ask you to confirm your personal details, such as your identity number and your personal identification number, often on the pretext that the information is required to prevent online fraud.
An email of this nature should immediately put you on the alert, because none of the banks will ask you to confirm your details by email or telephone. Do not respond to the email. Contact your bank and ask for an email address to which you can forward the hoax email.
Key-logging software is installed on computers at internet cafés or it can be sent to you as an email attachment. You should never open emails from someone you do not know, because the attached key-logging software will install itself on your computer and record which keys you press when you bank or transact on the internet. Criminals can then use this information to access your account.
Spoofing is where criminals create a website that looks like your bank's website. They then send you an email that directs you to the fraudulent website. Once you enter your details on that website, the criminals can record your personal information and use it to access your bank account.
Pharming is similar to spoofing in that you are redirected from a legitimate website to a bogus website without your knowledge. Criminals change the numerical strings to redirect you to their website, even though you may have entered the correct website address. One way to avoid pharming is to ensure that you transact only on websites with security certificates. This is usually indicated by a small padlock icon at the bottom of the browser window.
Cover for your identity
None of the big four banks - Absa, First National Bank, Nedbank or Standard Bank - offers you insurance against phishing or internet fraud.
When you sign up for internet banking and every time you log on to bank online, a disclaimer will appear on your screen telling you that the bank accepts no liability for funds lost if you (wittingly or unwittingly) provide a third party with your security details, such as your password and/or personal identification number.
AIG South Africa recently launched an insurance policy against identity theft, which is the unauthorised and illegal use of your personal information to obtain a loan or credit.
Compensation for losses incurred from phishing is a secondary benefit of the policy.
For the maximum premium of R7.50 a month, the policy will cover you for R30 000 in legal expenses, R2 500 for your actual losses, R750 a day for a maximum of three days for income lost as a result of identity theft and R2 500 for any miscellaneous expenses.
How to protect your account
Most of the major banks offer their internet banking clients free anti-virus software to limit their exposure to fraud. Make use of this service if it is available to you.
Don't save your password to your computer desktop or ask your computer to "remember this password" because this will enable anyone who uses your computer to access your account.
When you create an online password, make sure that it consists of random numbers and letters. Don't choose a password that someone could guess, such as your birth date.
Always log off after you have finished banking online; closing your browser window is insufficient.
Make sure that the security software on your computer is licensed and up-to-date.
  
 
|
© 1999 - 2010 Personal Finance & Independent Online (Pty) Ltd. All rights reserved.