There has been quite a stir in the media this week with the arrest of a Vodacom employee who, with a group of outsiders, allegedly abused his position at the company to bypass banking security measures to steal from bank accounts.
This has raised questions about how safe technology is when it comes to our money. If you take out the fact that it involved SMSes and internet banking, it really comes down to two simple facts about human behaviour that have been with us since Adam and Eve ate the apple — people are essentially trusting and gullible and there are always other people who take advantage of that to enrich themselves illegally.
It all started with phishing, through which the alleged fraudsters managed to obtain the personal information of bank customers. This is most commonly done through emails or SMSes where the crook pretends to be a trustworthy institution, such as your bank or the receiver of revenue.
The fraudster convinces the victim to provide banking passwords, PINs and cellphone details. This is in line with most banking crime, but this time the fraudsters allegedly were able to take it one step further by joining forces with a Vodacom employee.
The Vodacom staff member allegedly created temporary dual SIM cards for the victims’ cellphone. When the fraudsters logged into the customers’ internet bank account they received the one-time password (which is SMSed to the customer from the bank as a security measure) on the dual SIM, which allowed them to create beneficiaries and transfer the money.
After the fraudulent transaction took place, the dual SIM card was deleted. The money was transferred to a bank account that had been set up by the fraudsters, who then withdrew the cash and threw the ATM card away.
Vodacom discovered the alleged fraud and the employee was identified and arrested and the information provided to the SA Banking Risk Information Centre (Sabric). According to Vodacom’s forensic division, it is working with Sabric and the police on the case.
One of the alleged ringleaders in the syndicate was also arrested. Both suspects appeared in court on July 13. Bail was not granted and they are in custody.
With cyber crooks of this sort on the loose, as both a cellphone and internet banking customer, is my money safe? The short answer is yes. If I don’t provide anyone with my personal details, he or she can’t access my account. I don’t believe that technology has increased the risks for my personal banking.
Fraudulent insiders have always been a risk for any financial institution — now technology companies need to screen their employees as rigorously. I think technology has reduced our awareness.
If someone phoned and asked for my personal banking details I might be more suspicious, but for some reason my guard is down when it comes to emails and SMSes.
Perhaps in this instant technological world we react faster than our brains’ warning signals. I also know that, these days, it’s safer to bank from my computer than to walk into a branch.