Absa Bank has warned customers to be vigilant against attempts to have them hand over their card pin, One-Time PIN (OTP) or banking password online.
The bank said banking fraud is on the rise globally, with criminals using personal data from breaches to impersonate banks and trick customers into granting them access to their account.
"In South Africa, digital banking fraud cases increased by 64% over the past year; these impact the entire financial services industry," Absa said in a statement on Monday.
Data breaches fuel phishing (impersonation through emails, commonly containing hyperlinks used to get sensitive information from the customer), vishing (similar impersonation, but through phone calls) or smishing (similar impersonation through text messages).
Absa’s Head of Fraud Strategy, Ulrich Janse Van Rensburg, offered these safety tips:
• don’t use public WIFI when banking;
• check that the bank’s website browser begins with https;
• create complicated passwords that are not easy to decipher, and change them often;
• type in the URL (uniform resource locator) for your bank if you need to access the webpage.
World Data Privacy Day
Monday is World Data Privacy Day, which aims to highlight that millions of people worldwide are unaware of how their personal information is being used, collected or shared in an increasingly digital society.
Business leaders in the World Economic Forum's Global Risks Report 2019 listed a 'massive incident of data fraud and theft' as their fourth largest concern, after extreme weather changes, failure to mitigate for climate change and major natural disasters.
In South Africa, a massive data breach targeted Liberty Life in June 2018 and was considered the biggest hacking incident in the financial services sector in the country. The company maintained no clients suffered any financial losses and policies and investments were not at risk from the attack on its email server.
Lobby group the Rigt2Know campaign said International Data Privacy Day 2019 is a reminder that people’s private information is not yet protected in SA.
"Even though on paper we have the Protection of Personal Information Act of 2013 (the POPI Act), which would prevent our personal information being abused by private companies and government agencies. Five years after being signed, the law is still not in force," The Right2Know campaign said in a statement on Monday.
The lobby group questioned why the POPI Act is not yet in force and blamed this on the delay in ensuring the Information Regulator is operational
"Headed by Advocate Pansy Tlakula, the Information Regulator would have the mandate to enforce POPI and step in when companies or government agencies misuse our personal information. But it still does not have the staff, resources and systems to fulfil this mandate," The Right2Know campaign complained.
According to law firm Michalsons, the majority of the act will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period for companies and entities to comply, the POPIA deadline might only be set for the end of 2019 or in 2020.