Surge in banking fraud, but Sabric is onto the culprits
Criminal syndicates have been living it up on the proceeds of their fraud victims’ bank accounts, but the good news is the SA Banking Risk Information Centre (Sabric) has been quietly assisting to bring them down.
Last year’s dramatic uptick in bank fraud, brought about by the sudden and massive swing to working from home, saw Sabric upping its game. Its new advanced analytical technology enables banks to detect, prevent, investigate and remediate crime threats using data on a single, self-service platform.
The organisation’s 2020 annual report, released this week, revealed the alarming range of consumers’ personal information which the syndicates possess:
- spreadsheets of thousands of people’s names and ID images;
- bank account numbers and files containing bank confirmation letters;
- SA Revenue Service documents’ images of bank cards; and
- Eskom billing statement templates.
The report also revealed that while credit card fraud decreased by 27% from 2019 to 2020, debit card fraud increased by 22% for the same period.
This is because the Covid-19 lockdown shifted consumers to online shopping, but many chose to use their debit cards instead of credit cards, “where the funds were already in their account, rather than spending on their credit cards which they would have to pay back later”, Sabric said.
That created what Sabric terms “more opportunities for criminals” because while consumers can apply to their credit card companies via their bank for chargeback (a refund) if they don’t get what they paid for, there is no such protection when consumers use a debit card for online purchases.
In one fraud case, Sabric was requested by police to analyse several hard disc drives, cellphones, flash drives, SIM cards and micro-SD cards recovered from suspects involved in vishing scams.
Vishing is the technical name for a form of fraud which many bank clients, particularly older ones, have fallen victim to. The fraudster calls the potential victim, pretending to be calling from a bank’s call centre and claiming suspicious payments are about to be put through. When the account holder confirms the transactions are not authorised by them, the fraudster requests their help to block the account.
By using their personal information, the fraudster is able to manipulate their victim into sharing or confirming confidential information such as their online banking login credentials and bank card PIN numbers.
Data extracted from devices seized in this case contained spreadsheets with thousands of entries of personal information, including names and surnames, identification numbers, bank names and account numbers, images of ID documents, company documents and temporary permits for asylum seekers.
“Sabric prepared and analysed the data so law enforcement and the criminal justice system could use the evidence in their criminal investigations to prosecute the suspects,” the organisation said in its report.
The data could also be used by Sabric members (banks) to identify if any fraud had been committed against their clients and improve client authentication, while taking additional steps to protect customers against fraud.
Secure Citizen, the data identity arm of the SA Fraud Prevention Service, has been urging credit providers to make use of biometrics, such as voice recognition, to combat fraud.
In another case, at the request of the prosecution in a high court case, a Sabric official testified in aggravation of sentence for a man found guilty of murder, attempted murder, robbery and other offences all relating to a cash-in-transit heist.
“On handing down the sentence of a total of 145 years, the judge referred to the Sabric testimony.”
Sabric also gave evidence in a court case involving an ATM attack.
The risk information centre supported the National Prosecuting Authority in evaluating a proposed plea bargain in which the two accused were negotiating with the state for a lesser charge of malicious damage to property.
“[We] compiled a comprehensive opinion and accompanied the bank representative to consult with the prosecutor. As a result, the prosecutor declined the plea bargain and went to trial with the matter. In September 2020, the accused were both convicted and sentenced to 10 and five years’ imprisonment respectively.”
In a “business email compromise” case a fraudster hacked into a business email account and impersonated the owner by tweaking the email to replace the bona fide business bank account details with their own. After the criminal mastermind was arrested in Gauteng, Sabric was asked to prepare still images from video footage recovered at the crime scene to use as evidence.
“The images linked the suspect to multiple new crime scenes, with each scene leading to the identification of new accomplices, resulting in the arrest of several perpetrators for suspected fraud,” Sabric said in its report.
“Multiple devices were recovered and sent to Sabric for processing and analysis. Deposit slips, fraud templates and letters of transactions were recovered from these devices linking the suspects to more crimes.”
Need to know
Sabric urges consumers to register for credit-related alerts offered by credit bureaus, and to conduct regular credit checks to verify whether someone has applied for credit using their personal information.
If you’ve lost your ID book or card or had it stolen from you, or you discover when checking your credit profile that you’re a victim of identity fraud, contact the Southern African Fraud Prevention Service about protective registration.