Here's how you know you're being duped in a vishing scam
- Scammers are continuously coming with with ways of tricking vulnerable South Africans into divulging their confidential banking details, warns Banking Ombudsman Reana Steyn.
- Vishing is on the rise and used to trick banking customers into divulging their confidential banking details using phone calls or by leaving voice messages.
- The Banking Ombudsman is warning South Africans to be vigilant.
- Visit Business Insider SA's homepage for more stories.
Scammers are continuously coming with with ways of tricking vulnerable South Africans into divulging their confidential banking details, Banking Ombudsman Reana Steyn warns.
On the rise is vishing (voice or VoIP phishing). For customers new to the scam, this is the fraudulent practice of making phone calls, or leaving voice messages, purporting to be from reputable companies in order to gain access to your personal or financial information.
Fraudsters will phone clients posing as bank officials or service providers and manipulate unsuspecting bank customers into disclosing confidential information such as their card details and one-time passwords (OTPs).
"The caller may seem so believable or genuine, because they already have the customer’s telephone number and often other personal details such as card number, ID number or address," says Steyn.
The mere fact that the caller is in possession of such information does not prove they are who they're claiming to be. The information could have been stolen, or willingly handed over to another service provider at some point in the past during another transaction, explains Steyn.
Steyn says the majority of internet banking fraud and credit card fraud cases opened by her office relate to vishing fraud, and it targets everyone - from customers who have access to internet banking, to customers whose bank cards have the capability to make card-not-present purchases.
"What is most important for bank customers to note is that fraudsters do not need to be in physical possession of the bank customer’s card to make online purchases."
If fraudsters have your personal information, card number and CVV number, they will be able to perform card-not-present transactions, such as online and telephonic purchases.
And although the office recognises the role bank customers must play in keeping their card details confidential, Steyn emphasises that they also recognise that card details can be obtained by fraudsters without customer negligence and/or bank staff involvement.
As an additional layer of security to safeguard customers against this type of fraud, the banking industry introduced OTPs and other similar methods to authorise card-not-present transactions. But now, fraudsters are finding ways of getting around this additional security through vishing scams accompanied by sim swaps.
A fraudulent sim swap makes it much more difficult to prove as the OTP is still sent to the correct number and thus not received by the customer, but by the fraudster instead. This makes proving negligence difficult as the Ombudsman requires banks to provide proof that the OTP was sent to the customer.
While it is very difficult for bank customers to tell whether a legitimate telephone call is from their bank, the Ombudsman stresses that banks will never ask their customers to disclose their confidential card details or OTPs.
- when receiving a call from someone saying that they are from your bank and asking for your OTP, or bank card details;
- if you suddenly lose cellphone reception and/or receive an SMS from the cellphone network provider of a pending sim swap.
Should either of these happen, or if anything about a call from an alleged bank employee feels suspicious, please call your bank's fraud division immediately.
If your bank can prove that you provided fraudsters with card details and/or OTPs, it can deny liability unless the Ombudsman's investigation establishes maladministration on the part of the bank.
In some instances, banks have made a commercial decision to refund their customers, even in instances where no legal liability could be established.
Steyn cautions that the banks’ decision to refund is on a case by case basis and there is no blanket approach.
Compiled by Bombi Mavundza
Receive a daily update on your cellphone with all our latest news: click here.
Also from Business Insider South Africa:
- Smart delivery drones are one step closer in SA, thanks to the approval of a new autopilot system
- AngloGold leaves SA - more than 100 years after the Oppenheimer empire was founded in local gold mining
- Sorry, your Mandela R5 coin is probably still only worth R5
- While .com domains are getting much pricier, you can get a co.za from R75 a year – but there’s a catch
- Samsung's new Galaxy Buds+ will cost R1,200 less than Apple's Airpods Pro — here's what we know
- Photos show how life is returning to Australian forests that were devastated by wildfires