SABRIC, the South African Banking Risk Information Center, has released on behalf of the banking industry its annual crime statistics for 2020, showing that Covid-19, together with the implementation of the regulations of the disaster management, has had a significant influence on financial crime. trends from last year.
It triggered changes in human behavior, human movements and policing, creating new opportunities for criminals that have had a significant impact on the number of criminal incidents.
While some types of crime have declined, others have increased as criminals exploit Covid-19 for their own benefit. Overall, SABRIC has seen an increase in banking crime incidents.
As customers shifted to online shopping and in-app payment settlement, criminals have stepped up efforts to phish customers to steal their personal data to defraud them on digital and online platforms.
Online banking and mobile banking
Online channel fraud constitutes the smallest portion of digital banking crime incidents, accounting for 11.1% of reported incidents, however, it accounts for the highest portion (45.1%) of gross losses, SABRIC noted. .
Phishing uses emails to trick the victim into entering their login credentials by directing them to a “spoofed” website designed to appear legitimate. The vishing, which is believed to have increased significantly in 2020, involves criminals calling potential victims, claiming to be from the bank, and convincing them to compromise their details.
In some cases, vishing is used after criminals gain access to the victim’s account as an additional step to trick the victim into providing them with the verification token (OTP or RVN) required to complete a transaction, said SABRIC.
Mobile banking fraud accounted for 59.7% of digital banking crime incidents reported to SABRIC in 2020, however, only 14.8% of gross losses. Fraud on the Mobile Banking channel is characterized by a high volume of lower value transactions.
SIM exchanges were reported in 92.7% (19,537) of mobile banking fraud incidents reported in 2020 and are the most common modus operandi used to commit a crime on this channel, SABRIC said. The increased ability of criminals to trade SIM cards may explain the significant increase in incidents (67.6%) and gross losses (62.1%).
Known or “friendly” fraud was also a frequently reported MO on the Mobile Banking channel in 2020. In this type of fraud, a person known to the victim (such as a family member or colleague) and who is in close proximity to the victim and / or his device, is able to access the device and performs transactions without the victim’s knowledge on the Mobile Banking platform.
The method of withdrawing this MO is usually by purchasing airtime or electricity and instant money sending facilities.
Digital bank fraud has increased by 33%. Social engineering (phishing, vishing and SMishing) continues to be the primary method used by criminals to target victims on digital channels.
Despite the overall decrease in reported incidents on the channel, in 2020 there was a significant increase in banking application fraud following cell phone theft. “It is important to note that there have been no reports where the banking application software has been compromised to commit the fraud,” SABRIC said.
While there are various methods and techniques used in the cell phone theft modus operandi, the correct credentials are used to access the app.
“These credentials may have previously been compromised by social engineering methods, such as shoulder surfing or phishing, however, in many cases the credentials have been compromised by vulnerabilities in the management of this information. “
For example, the credentials were saved elsewhere on the device, or the same username and password were used in multiple apps. An increase in the number of incidents involving SIM swaps was reported in 2020 with 26.11% (2,684) compared to 8% (855) in 2019.
Debit card fraud increased 22%, while on a positive note, credit card fraud decreased 7%.
Contact crime has been affected by restriction of movement and visible police surveillance, resulting in a decrease in the number of incidents. Associated flights saw a 24% drop in 2020 compared to 2019, with obvious declines in the Free State, Eastern Cape and Mpumalanga.
While ATM attacks have decreased by 9% overall, ATM explosive incidents have increased by 20%. One important change that occurred during the year was the increased incident success rate. More than half (54%) of incidents in 2020 were successful while only 40% of incidents in 2019 were successful. Through analysis, it was determined that the suspects used more explosives or multiple explosions to breach the safes.
Grinding incidents decreased by 44%. This can be attributed to the efficient monitoring of ATMs to detect signs of grinding in progress, for example, loss of signal as well as rapid responses from reaction teams. Associated cash losses decreased by 50%, although cash losses accounted for 27% of overall losses, SABRIC said.
In 2020, ATM attack cutting torch incidents decreased by 19%, while losses increased by 59%.
Money-in-transit (CIT) thefts fell significantly due to the Level 5 lockdown in April and May 2020, but once the restrictions were lifted, they increased again by 22% as criminals were able to get around with less. restrictions and fear of roadblocks and searches, SABRIC said.
Thefts and burglaries also increased by 42% and 12% respectively.
SABRIC CEO Nischal Mewalall said: “Your personal data, when combined with technology, has become the new key to the safe that holds your money in a bank, so you need to protect your data to prevent criminals to gain access to your safe. “
Mewalall further warned that in the future cybercrime and data breaches will pose a significant threat to customers and banks, as even the best security and the best technology can be compromised when criminals illegally seek and use data. legitimate data to commit a crime.
Mewalall also warns bank customers to never click on links in unsolicited emails, as these links are used in phishing emails to lead people to “spoofed” websites that look like retailers. legitimate online, with engaging images and compelling slogans.
“Criminals use these bogus websites to collect bank card details in order to make online purchases using your account. We still see a lot of scams advertising seemingly incredible offers for personal protective equipment, disinfectants, and fake vaccines that exploit people’s concern for their health and safety. Mewalall said.
Read: These are the bank scams you should watch out for in South Africa right now – with fraud on the rise