Local News

MOBILE BANKING FRAUD

AS the Banking sector continues to scale-up interventions aimed at combating fraud in the financial service space, and safeguard customer’s monies, fraudsters on the other hand have also upped their game.

In what is seemingly one of their latest tactics, fraudsters have gone a step further to directly call customers with mobile bank accounts, purporting to be calling from the customer’s bank. They attempt to engage the unsuspecting customer in a telephone conversation, whose duration is sufficient to carry out unauthorised transactions on the customer’s account, without the knowledge of the account owner.

From the second quarter of this year the intrusion design has changed. The banks are experiencing intrusions that do not mirror the typical SIM replacement activity. The scenarios of concern are listed below;

Intrusions that start with calls to customers where callers purport to be calling from Banks. The usual front is that given banks were changing the number of digits on PINs from Four to Six and require the customer to either provide their PIN or if they are uncomfortable enter the PIN on their Phone. Customers succumbing to these requests immediately receive messages of funds transfers either while still on the line with the caller or immediately after the call.

In the second scenario, the customer is asked to enter a code, requiring him to enter the PIN either spaced out in single digits in the code or the full PIN at some point in the code. Customers feel the persons on the call with them will not be able to see the PINs and feel secure to oblige. Again, during the call or immediately after the call transfers are done and SMS alerts remitted to the customer.

In the third scenario, customers are asked to enter a code to facilitate some maintenance requirement. From the Mobile Money experience these codes are in fact valid instructions for funds transfers and include a destination number for the transfer. On the Mobile Banking side such codes allow for USSD account take over, where after the caller is able to transact on the customer account while the two are still on the line.

Fraud Managers across the banks agree that Mobile Banking fraud is now Syndicate driven. This is derived from observations that USSD channels are being monitored and the movement from SIM swaps to more technically complex operations requiring specialised expertise. What is expected, if not remedied, is an escalation in losses and disruption of digital channels.

Cellphone MOBIL/ Banking

The mobility of your mobile phone/cellphone allows you to bank at any time from practically anywhere. It is a safe way of doing your banking as it relies on encrypted SMS messages or Wireless Application Protocol (WAP) secure connections. WAP uses similar security as that used by Internet Banking. It is therefore important to make sure that your cellphone is always locked, and that the latest software is downloaded to ensure your safety.

IMPORTANT NOTES:

Memorise your PIN never write it down or share it with anyone.

Make sure no one can see you entering your PIN.

Choose an unusual PIN that is hard to guess and change it often.

Remember, for your own security you are required to re-enter your PIN before each transaction.

If you think your PIN has been compromised change it immediately if there is an option. If there is no option to change call customer care or visit your nearest branch so that you can change it immediately.

Protect your phone content and personal information you saved by using a PIN or Password to access your phone. Do not leave your phone unlocked.

Do not respond to competition SMS’s or MMS’s.

If you receive a phone call requesting personal information do not respond and end the call.

If you use a Smartphone, install an up-to-date anti-virus application to your cellphone. Most banks provide this free of charge to its customers.

TIPS

Do not rely on call line identification (CID) alone to authenticate a caller. Criminals spoof CID numbers. They may appear to be calling from a legitimate company or a local number, even when they are not in the same country as you.

Never provide your password, credit card or other financial information to someone who calls and claims to be from tech support.

Never respond to emails appearing to be from your bank that request your personal details. No bank will ever ask you to confirm or update your account details via email

Do not click on links or icons on unsolicited email.

Never provide your online ID, password, or PIN to anyone.

Change your PIN and passwords frequently.

Place sensible transaction limits on your accounts.

As always, your feedback is highly valuable, and this platform offers an opportunity for further engagement with members of the public on matters relating to Commercial Banking. Please share your feedback with us via E-mail: Mirriam.Zimba@baz.co.zm

Author

Related Articles

Back to top button