In light of the recent massive data breach, and October being National Cyber Security Awareness Month, Capitec Bank has outlined thirty tips to keep consumers from becoming targets.
As the world increasingly finds itself at the mercy of clever card crooks – one in three people polled in an ACI Worldwide survey had fallen victim to card crime over the past five years – South Africans are earning themselves the dubious title of being one of the nations where risky behaviour is most prevalent.
According to the report, South Africans are some of the world’s worst offenders when it comes to leaving their phones unlocked when they’re not using them (28% of South Africans surveyed), throwing documents with account numbers in the bin (26%) and using a public computer without security software for banking online (18%).
Francois Viviers, Executive of Marketing and Communications at Capitec Bank, says that while financial institutions have teams dedicated to protecting their clients against fraud, criminals move quickly and frequently invent new ways to defraud clients and corporates. “The banking industry is very proactive in trying to put in place measures to help clients. However, clients are advised to do all they can to protect themselves against crime. Getting to know the types of crime they are at risk of and learning what risky behaviours to avoid, are good starting points.”
To help keep your money safe avoid becoming a victim, Capitec outlines the main types of crime and offers tips for consumers to protect themselves.
1. ‘Card not present’ tips
CNP means neither you nor your card need to be present for fraudulent activity to occur, either online or telephonically. If a criminal has your stolen card or even just your card details (for a successful CNP transaction the card number, expiry date and CVV number are required), then they can make unauthorised purchases using your account.
Top tips to avoid CNP and other types of card theft:
1. Keep your card in sight when you are paying for items
2. Memorise your PIN – don’t share it with anyone or write it down and carry it around with you
3. Choose an unusual PIN – not 1111 or your birthday
4. Lock your phone
5. Don’t respond to competition SMSs or MMSs
6. Check the URL of every site you visit – never visit an e-commerce or banking site via a link. Rather type in the URL yourself
7. Avoid doing Internet banking in public areas like Internet Cafés
8. Ask your bank to set up your cellphone notification service
9. Change your passwords regularly. Don’t have the same password for everything. Password managers are often used to help manage multiple passwords
10. Don’t throw away papers or documents with your account numbers on them. Store them in a safe place or dispose of them in such a way that they are unreadable
11. Get familiar with your bank’s online banking service and app. If anything looks different or the URL looks suspicious, do not log in and report it to the bank immediately
12. Reduce your card limits via the app to the absolute minimum required value. You can always increase your temporary limit via the app for larger transactions
How it happens: The ACI report showed that 5% of South Africans responded to calls or emails asking for banking details in 2016. We’ve all received emails like this: Dear client, we have logged 2 or more login attempts for your account and have reason to suspect fraudulent activity. You must click through to this link and follow the steps to ensure your account is secure. While some phishing emails are obvious, the more subtle, official-looking ones make most of us hesitate and consider clicking through.
Top tips to avoid being phished:
1. Don’t open emails from senders you don’t recognise
2. Be wary of emails that are not personalised, have spelling errors and a sense of urgency
3. Don’t confirm any personal or financial information over the Internet
4. Hover your mouse over any link to see where it is going to take you
5. Never visit an e-commerce or banking site via a link in an email – rather type in the URL yourself
6. Get reputable antivirus software and check your bank statements regularly for signs of fraud
7. Report phishing attempts to your bank. Most banks provide an email address for their clients e.g. email@example.com
Vishing or telephonic phishing
How it happens: In July 2017, South Africans were warned against a vishing scam involving fake ‘employees’ from cellphone companies calling clients to confirm their details in order to block suspicious SIM swap requests. Of course, the caller already had most of the client’s information via a phishing email, and was vishing to try and get the last confidential info necessary to make a SIM swap.
Top tips to avoid being vished:
1. Never give out confidential information like your PIN or CVV code over the phone
2. Be suspicious of unknown callers
3. ID spoofing is becoming increasingly easy, so don’t automatically trust caller ID
4. Google the phone number – legitimate numbers are usually linked to credible businesses
5. If the caller claims to work for your bank, hang up and try calling back using the number provided on your bank’s website
How it happens: This is how a card fraud criminal (who made over R15k a day before being caught) describes his process: He goes to an ATM, pretends to draw cash, puts the machine into cardless mode and leaves his slip behind as he walks away. His victim goes to the same ATM and puts in her PIN, which he watches and remembers. She struggles to get her card to work because the ATMin cardless mode. The thief asks to reclaim his receipt, walks up to her and offers to help ‘fix’ the ATM. He cancels cardless mode, asks the victim for her card and pretends to insert it. While her eyes are on the screen, he steals the card and conceals it with his wallet.
Top tips to avoid being an ATM scam victim:
1. Be alert at all times – criminals choose people who look distracted
2. Look out for anyone standing close to you
3. Never accept assistance at an ATM unless it’s from someone who works there
4. Don’t insert your card if the screen looks strange or unfamiliar
5. If the ATM looks like it has been tampered with, stop what you’re doing and ask a staff member for assistance
6. If your transaction is disturbed in any way, cancel it and report the incident immediately. Change your PIN or cancel the card. If you card is lost or stolen, cancel it immediately
How to rob a bank in the 21st century
In the early 1980s, South Africans were gripped by tales of the most infamous bank robbery gangs the country had ever known: The Stander Gang. The gang would boldly walk into banks, brandishing weapons, demand cash and simply disappear. These days, a criminal doesn’t even have to be in the same country as the bank he or she intends to rob. Cyber criminals are quite capable of emptying bank accounts without even stepping out of their own homes.
As we become more and more aware of cybersecurity and the breaches that can occur, we’ve become more vigilant. Criminals, however, are still going to follow the money and even though security may be beefed up in many organisations, hackers are going to go for the weakest links. This makes it quintessential for consumers and enterprises to stay one step ahead of the game.
“Not only do these cyber bank criminals get away with the cash, they also end up damaging an organisation’s reputation and the integrity of its infrastructure,” says Indi Siriniwasa, Vice President of Trend Micro, Sub-Saharan Africa. “And sometimes, these breaches mean they get away with more than just cash – they can make off with data and personal information as well.”
Because the cyber criminals operate outside bricks and mortar, going for the cash register or robbing the customers is not where their misdeeds end. Bank employees – from the tellers to the CEO – are all fair game.
But how do they do it? Taking money out of an account is not the only way to steal money. Cyber criminals can zero in on the bank’s infrastructure, or hack into payment systems and even payment documents. Part of a successful operation for them may also include hacking into telecommunications to gain access to one-time pins or mobile networks.
“It’s not just about hacking,” says Siriniwasa.. “It’s also about the hackers trying to get an ‘inside man’ in the bank who could help them or even using a person’s personal details to get a new SIM so that they can have access to OTPs. Of course, they also use the tried and tested method of phishing which continues to be exceptionally effective – despite the education in the market to thwart it.”
The amounts of malware and available attacks to gain access to bank funds is strikingly vast and varies from using web injection script, social engineering and even targeting internal networks as well as points of sale systems. If there is an internet connection and a system you can be assured that there is a cybercriminal trying to crack it. The impact on the bank itself is also massive, with reputations left in tatters and customers moving their business elsewhere.
“We see that cyber criminals use multi-faceted attacks,” says Siriniwasa. “This means that we need to come at security from multiple angles as well. Every single layer of an organisation’s online perimeter need to be secured. Threat isolation is exceptionally important and having security with intrusion protection is vital. Again, vigilance on the part of staff and customers also goes a long way to preventing attacks. These criminals might not carry guns like Andre Stander and his gang, but they are just as dangerous – in fact – probably more so.”
Beaten by big data? AI is the answer
by ZAKES SOCIKWA, cloud big data and analytics lead at Oracle
In 2019, it’sestimated we’ll generate more data than we did in the previous 5,000 years. Data is fast becoming the most valuable asset of any modern organisation, and while most have access to their internal data, they continue to experience challenges in deriving maximum value through being able to effectively monetise the information that they hold.
The foundation of any analytics or Business Intelligence (BI) reporting capability is an efficient data collection system that ensures events/transactions are properly recorded, captured, processed and stored. Some of this information on its own might not provide any valuable insights, but if it is analysed together with other sources might yield interesting patterns.
Big data opens up possibilities of enhancing internal sources with unstructured data and information from Internet of Things (IoT) devices. Furthermore, as we move to a digital age, more businesses are implementing customer experience solutions and there is a growing need for them to improve their service and personalise customer engagements.
The digital behaviour of customers, such as social media postings and the networks or platforms they engage with, further provides valuable information for data collection. Information gathering methods are being expanded to accommodate all types and formats of data, including images, videos, and more.
In the past, BI and Data Mining were left to highly technical and analytical individuals, but the introduction of data visualisation tools is democratising the analytics world. However, business users and report consumers often do not have a clear understanding of what they need or what is possible.
AI now embedded into day to day applications
To this end, artificial intelligence (AI) is finishing what business intelligence started. By gathering, contextualising, understanding, and acting on huge quantities of data, AI has given rise to a new breed of applications – one that’s continuously improving and adapting to the conditions around it. The more data that is available for the analysis, the better is the quality of the outcomes or predictions.
In addition, AI changes the productivity equation for many jobs by automating activities and adapting current jobs to solve more complex and time-consuming problems, from recruiters being able to source better candidates faster to financial analysts eliminating manual error-prone reporting.
This type of automation will not replace all jobs but will invent new ones. This enables businesses to reduce the time to complete tasks and the costs of maintenance, and will lead to the creation of higher-value jobs and new engagement models. Oracle predicts that by 2025, the productivity gains delivered by AI, emerging technologies, and augmented experiences could double compared to today’s operations.
According to the IDC, worldwide revenues for big data and business analytics (BDA) solutions was expected to total $166 billion in 2018, and forecast to reach $260 billion in 2022, with a compound annual growth rate of 11.9% over the 2017-2022 forecast period. It adds that two of the fastest growing BDA technology categories will be Cognitive/AI Software Platforms (36.5% CAGR) and Non-relational Analytic Data Stores (30.3% CAGR)¹.
Informed decisions, now and in the future
As new layers of technology are introduced and more complex data sources are added to the ecosystem, the need for a tightly integrated technology stack becomes a challenge. It is advisable to choose your technology components very carefully and always have the end state in mind.
More development on emerging technologies such as blockchain, AI, IoT, virtual reality and others will probably be available on cloud first before coming on premise. For those organisations that are adopting public cloud, there are opportunities to consume the benefits of public cloud and drive down costs of doing business.
While the introduction of public cloud is posing a challenge on data sovereignty and other regulations, technology providers such as Oracle have developed a ‘Cloud at Customer’ model that provides the full benefits of public cloud – but located on premise, within an organisation’s own data centre.
The best organisations will innovate and optimise faster than the rest. Best decisions must be made around choice of technology, business processes, integration and architectures that are fit for business. In the information marketplace, speed and informed decision making will be key differentiators amongst competitors.
¹ IDC Press Release, Revenues for Big Data and Business Analytics Solutions Forecast to Reach $260 Billion in 2022, Led by the Banking and Manufacturing Industries, According to IDC, 15 August 2018