Cash-in-transit heists are down but cyber crime is on the increase
While other banking-related crimes increased in 2018, there were drops in cash-in-transit (CIT) heists by 22% and ATM attacks by 7%.
"We are pleased that cash-in-transit (CIT) robberies decreased by 22% from 376 to 292 incidents from 2017 to 2018. Cash losses here also showed a decrease of 22% for the same period," the South African Banking Risk Information Centre (Sabric) CEO Kalyani Pillay said at the launch of its 2018 crimes stats in Sandton on Wednesday.
"ATM attack incidents using explosives increased by 26% during 2018 when compared with 2017, however losses decreased by 15% for the same period. Although there was an increase in recorded attacks during 2018, most (70%) of them were unsuccessful and may have been perpetrated by inexperienced criminals," Sabric said in its report.
The most common violent crime was customers who were robbed after drawing money from ATMs.
Phishing vs vishing vs SMishing
Phishing e-mails ask users to click on a link in the e-mail which will direct users to a fake website to lure users into entering their financial information;
Vishing is when a fraudster calls customers posing as a bank official or service provider to manipulate them into disclosing their financial information; and
SMishing is when criminals send an SMS pretending to be from the bank, requesting their financial information.
Although offenders used many methods to rob bank customers, the most common was where offenders followed their victims and robbed them of cash which they had withdrawn at a bank branch en route to their home or office, Sabric said.
"A variation of the 'follow home' modus operandi is where the victim is lured into a motor vehicle under the pretext of being offered a lift. In some incidents perpetrators use a minibus and pretend to be the driver."
More than six in 10 (62%) violent robberies happened in Gauteng, which has the highest concentrations of bank branches and ATMs, followed by KwaZulu-Natal with 8%.
Pillay said criminals "will take every opportunity" to steal money from bank customers.
"We have seen a sharp increase in vishing incidents, where criminals phone bank customers, leading them to believe that they are speaking to the bank or a legitimate service provider and use social engineering tactics to manipulate them into disclosing their confidential bank card details, as well as other personal information," Pillay said.
"Criminals are adept at psychology and will use social engineering tactics to exploit any human vulnerability in order to get information such as PINs and passwords."
Sabric was formed by SA's banks to help the industry fight crime.
Digital banking crimes increased by 75.3% from 13,389 incidents to 23,466 - in which R262m was stolen. These crimes were committed via phishing, vishing, SMishing or e-mail hacking, Sabric said.
Meanwhile credit card fraud rose by 18.4%, resulting in R873.3m being stolen, while R331.6m was stolen because of debit card fraud which increased by 17.5%.
Meanwhile, the Institute of Security Studies (ISS)’s Karen Allen wrote in an analysis published on Wednesday that the Cybercrimes and Cybersecurity Bill of 2018 is broadening the scope of cyber offences from earlier legislation and allows for the extradition of cyber criminals.
"At a recent conference on cybersecurity hosted by the South African Police Service, plans for a 24-hour rapid response unit were enthusiastically debated. However until it becomes a fully funded reality, law enforcement agencies and the banking sector are relying on informal networks to try to prevent the country from becoming a safe haven for cyber criminals," Allen wrote.
SABRIC’s tips for keeping you safe when using ATMs:
- Cancel a transaction if you suspect the ATM is faulty;
- Report faulty ATM to bank. Find the toll-free number on the ATM;
- Be aware of your surroundings;
- Avoid ATM which are dimly lit or surrounded by loiterers;
- Never allow your children to draw money with your ATM card;
- Have you card ready when you approach to ATM;
- Be wary of strangers offering help;
- If you were interrupted while transacting, change your PIN or block your card immediately;
- Do not ask anyone standing around the ATM, including security, for help. Go inside the bank for assistance;
- Memorise your PIN. Don’t write it down or share with anyone, including family or bank employees;
- Don’t use your date of birth or any PIN which can be easily guessed;
- Covering your PIN when entering the numbers;
- Secure your cash, bank card and wallet before leaving the ATM;
- Set daily withdrawal limits;
- Check your bank balance regularly and report discrepancies.
Tips to keep you safe from Phishing:
- Do not click on hyperlinks or icons in unsolicited emails;
- Do not reply to unsolicited emails;
- Delete these emails immediately;
- Ensure you are on a bank’s official website before entering personal information;
- Create complicated passwords which are difficult to decipher; and
- Change your passwords often.
Tips to keep you safe from Vishing:
- Banks will never ask you to confirm your confidential information over the phone;
- If you receive a phone call requesting confidential or personal information, do not respond and end the call; and
- If you receive a one-time password (OTP) on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information.
Tips for safely carrying cash:
- Carry as little cash as possible;
- Consider paying accounts electronically; and
- Consider using cellphone or internet banking.
Tips for businesses to safely carry cash:
- Vary the days and times you make cash deposits;
- Never make your bank visits known, even to people close to you;
- Avoid carrying moneybags, briefcases or displaying deposit receipt books;
- Mix up the bank branches you visit to stop anyone from detecting a pattern;
- If the amount of money you’re depositing is increasing, consider using a cash management company;
- Do not pay employees or casual labourers in public view.
Tips for protecting your personal information:
- Don’t use the same username and password for different accounts such as your banking and social media;
- Avoid having joint social media accounts;
- Be aware of what you share on social media;
- Do not carry unnecessary personal information in your wallet or purse;
- Avoid doing internet banking at internet cafes or public Wi-Fi;
- Change your passwords often;
- Never share your passwords;
- Install a firewall and antivirus software on your computer; and
- If you suspect identity theft, call the SA Fraud Prevention Service at 0860 101 248 or alert them on www.safps.org.za