#WeekendRead: Online payment platforms remain a playground for criminals

Online transacting hit an all-time high worldwide due to lockdown restrictions, and many consumers now prefer this method despite being able to actually leave home to buy something.

Why not transact online? It is simple, convenient and cheaper, banks are encouraging it and just about every store has an online shop today.

Piet Swanepoel, chief risk officer at African Bank, said the reality is this environment provides fraudsters with an easy and ever-growing range of targets.

ALSO READ: New system ‘vital’ in arrest of ATM scam suspect

“Just as the online transaction landscape has transformed so have the methods criminals use to access your money,” he said. “Strong identification and verification procedures remain a vital defence but digital attacks continue to pose challenges to the online payments ecosystem.”

This is mainly due to the proliferation of payment platforms and channels and the growing list of Internet of Things devices.

Card not present (CNP) fraud is when a fraudulent transaction takes place but neither the card nor the cardholder is present. Only the card details are used. These transactions are usually performed by the merchant where the customer provided the card details in a non-secure manner. This kind of fraud generally falls into two categories.

“One is device theft whereby criminals access your banking app through methods in which they breach the security features of the device. The other is what we term a SIM swap/twin/porting fraud. This is a big problem in the sector as effectively, if there are not controls in place detecting the aforementioned, the fraudster will receive either the OTP or USSD message from the user’s bank and can easily steal funds from a customer’s existing accounts,” said Swanepoel.

Members of fraudster syndicates trick ordinary, often desperate, citizens to use their bank account or open new accounts for them to use in their syndicate operations.

“They can also use social engineering methods (no tech but persuasive psychology to break normal security procedures and practices) to gain access to the user’s OTP to initiate the account take-over or profile compromise.

They have become so skilled that it is often difficult to realise you are being scammed. Once criminals have access to the profile, they will change the stored cellphone number to potentially receive all future OTPs or interactive accept messages.”

Tips for avoiding fraud
• Subscribe to your bank’s SMS notification services to stay informed of any transactions on your accounts.
• When shopping online, only place orders with your card on a secure website.
• Do not click on hyperlinks found in emails or text messages from unknown or suspicious sources.
• Report lost and stolen cards immediately.
• Do not choose the same PIN for all your cards.

ALSO READ: Police appeal for information about foiled Daveyton ATM bombing