Cybercrime blame game isn’t as cut and dry as its SIMs

With the number of SIM card fraud cases in South Africa rising sharply last year, the banks and cellphone service providers are locked in a blame game, with each party arguing that the other could do more to combat the virtual scourge.

An increasing number of South Africans are falling prey to this cybercrime du jour.

According to the South African Banking Risk Information Centre (Sabric), the number of SIM swap incidents was less than 100 in 2011.

In 2012, that number rose to over 1 000, more than 10 times what it was the previous year.

The sharp spike signalled concern from cyber security experts, banks and cellphone service providers alike.


One of the distinguishing aspects of this form of fraud is that it implicates both the banks and mobile service providers in its execution. Vodacom’s chief risk officer, Johan van Graan, explained.

“The fraudster gets the victim’s login and password details for a victim’s internet bank account, usually through phishing [soliciting personal details through emails]. That’s where the fraud starts,” he said.

The fraudster may then approach someone who has very little in his or her bank account, ask if the account can be used to receive money and pay the account holder a few hundred rands in return.

Now that the fraudster has a bank account from which to siphon money and a bank account to receive it, he or she needs to secure a SIM card linked to the victim’s bank account in order to complete the transaction.

Once this takes place, the fraudster receives the one-time PIN numbers or other additional cellphone-linked security devices intended to act as a last line of defence before a person can complete an online banking transaction.

It is from this final necessary step that the practice has gleaned the nickname of “SIM swapping”, which Van Graan said is a misnomer.

“SIM swapping is actually just another name for online banking fraud.

“When the banking fraud takes place — this is what makes me angry — the staff at the banks’ call centres say, ‘if the cellphone service providers hadn’t authorised a SIM swap, you wouldn’t have lost your money.’”

Van Graan said, by doing that, the banks are denying their own accountability in the process. But the law backs the view that banks are largely liable for losses incurred through SIM fraud, he said.

He cited a 2012 SIM swap fraud case, which “sets legal precedent” — Nashua Mobile (Pty) Ltd vs GC Pale CC, which found that the cellphone provider could not be held liable for losses incurred through SIM-swapping online fraud.

Instead of blaming service providers, he said, the banks could do more to mitigate risk by increasing security measures involving the adding of new beneficiaries.

“The banks could hold payments to new beneficiaries for more than 48 hours,” he said.

This would allow time for fraud detection systems to pick up false payments and freeze them before they are transferred.

Banks could also work more closely with cellphone service providers to red-flag possible incidences, Van Graan said.

Cellphone service providers can flag phones with newly activated SIM cards that have not made any phone calls but have authorised a number of payments in a short amount of time, he said.

Vodacom has already started collaborating with FNB on this front with good success.

In spite of cellphone providers arguing that banks could do more, the banking sector is “seen to be the leading industry when it comes to establishing public-private partnerships for the prevention and combating of cybercrime”, according to the 2012-2013 South African Cyber Threat Barometer, which solicits the views of opinion leaders in the industry.

The same report from last year estimated that the telecommunications sector, not the banking sector, was losing the largest amount of money to cybercrime — an estimated R1-billion during the year, although a large portion of it was recovered following subsequent investigations.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Thalia Holmes
Thalia Holmes

Thalia is a freelance business reporter for the Mail & Guardian. She grew up in Swaziland and lived in the US before returning to South Africa.

She got a cum laude degree in marketing and followed it with another in English literature and psychology before further confusing things by becoming a black economic empowerment (B-BBEE) consultant.

After spending five years hearing the surprised exclamation, "But you're white!", she decided to pursue her latent passion for journalism, and joined the M&G in 2012. 

The next year, she won the Brandhouse Journalist of the Year Award, the Brandhouse Best Online Award and was chosen as one of five finalists from Africa for the German Media Development Award. In 2014, she and a colleague won the Standard Bank Sivukile Multimedia Award. 

She now writes and edits for various publications, but her heart still belongs to the M&G.     

Related stories

Women are South Africa’s changemakers and they deserve more

The truth is the economy still largely revolves around men, especially white men like me, writes Alef Meulenberg.

Covid-19 is taking its toll on people’s state of mind

The future is uncertain, and the number of people suffering from anxiety and depression is rising

Covid concerns have call centres closing doors — and opening new ones

The sector employs 60 000 people in the Western Cape alone. Whereas some centres have cut staff, others are reskilling and preparing for a different future

Beware, the cybervirus criminals want you

During times of crisis, people turn to trusted sources for accurate information. This leaves them vulnerable to cybercriminals

More funding, less fashion weeks

Nigeria’s industry needs more support, particularly for new entrants in the business

The changing role of marketing

Marketing is an exciting discipline, offering the perfect fit for individuals who are equally interested in business, human dynamics and strategic thinking. But the...
Advertising

New education policy on gender violence released

Universities and other higher education institutions have to develop ways of preventing or dealing with rape and other damaging behaviour

Cambridge Food Jozini: Pandemic or not, the price-gouging continues

The Competition Commission has fined Cambridge Food Jozini for hiking the price of its maize meal during April

Sekhukhune’s five-year battle for water back in court

The residents of five villages are calling for the district municipal manager to be arrested

Vaccine trial results due in December

If successful, it will then have to be manufactured and distributed
Advertising

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday