Durban - The majority of internet banking and credit card fraud cases reported to the office of the Banking Ombudsman were related to vishing fraud and resulted in consumers losing more than R260million across all platforms.
Vishing refers to fraudsters posing as bank officials or service providers in phone calls, and manipulating bank customers into disclosing their confidential information such as their card details and one-time passwords (OTPs).
Banking Ombudsman Reana Steyn said voice phishing, known as vishing, was not new, however some customers might be new to the scam.
In its 2019 report, the South African Banking Risk Information Centre (Sabric) said the number of fraud cases across all platforms had increased by 75% in 2018 and cost consumers just under R263m.
Sabric acting chief executive Susan Potgieter said vishing was rife.
“Criminals are exploiting human vulnerability and using social engineering to defraud people,” said Potgieter.
Steyn said she wanted to warn customers about this type of fraud, particularly in the current tough economic climate as consumers were more vulnerable.
“The caller may seem so believable or genuine because they already have the customer’s phone number and often other personal details such as card number, ID number or address,” said Steyn.
She said being in possession of this information did not prove that people were who they claimed to be.
“This information could have been stolen, found in a dustbin or willingly handed over to another service provider at some point in the past during another transaction,” said Steyn.
She said what was important for bank customers to note was that fraudsters did not need to be in physical possession of the bank customer’s card to make online purchases.
“If the fraudsters have your personal information, card number and CVV number, they will be able to perform card-not-present transactions, such as online and telephonic purchases,” she said.
While the banking industry has introduced OTPs, the ombudsman continued to receive cases where the fraudsters were able to find a way around this through vishing and sim swops. “When it comes to vishing scams, customers are in the best position to avoid falling victim by not providing their confidential information to the fraudsters,” said Steyn.
The ombudsman said banks would never ask their customers to disclose their confidential card details or OTPs.
Steyn advised that where it could be proven that a bank customer provided fraudsters with their card details and/or OTPs, banks could deny liability: “Unless the ombudsman’s investigation established maladministration on the part of the bank, which resulted in a financial loss to the customer.”
Konstantin Ignatev, the head of content analysis and research at multinational cybercrime company Kaspersky, said banking and credit card fraud was widespread across the world, since the primary goal of most cybercriminals was to get money as easily as possible.
“With digitisation and the growth of data leaks, vishing made a comeback as cybercriminals acquired additional personal data that helps them fool victims in a targeted way,” said Ignatev.
Ignatev advised users to never give out their credit card and banking data over the phone to avoid becoming victims of fraud schemes.