Banking services have gone hi-tech – and so have the fraudsters. While banks have issued a plethora of warnings about the scam emails that are now synonymous with internet banking fraud, very little has been done to address fraud linked to cellphones.

When First National Bank introduced the e-wallet for cardless ATM withdrawals in March, some  hailed it as the best thing that ever happened to the previously unbanked. Not much of a boon, though, if the bank has failed to address all the security loopholes that are exposing its clients to fraudsters.

For the past few months First National has been on a country-wide drive to persuade its clients to register for cellphone banking. In November they upped their offer to include smartphones and tablets. But what the marketers don’t give their clients is the warning that never comes with the manuals for their gadgets: “bank at your own risk as we cannot guarantee that your money is safe”.

Moghamet Dharsey

Capetonian Moghamet Dharsey, 66, recently discovered that the cost of registering for cellphone banking is far higher than the traditional way of doing banking: face-to-face with a teller.

In August 2010, a bank representative persuaded him to sign up for cellphone banking – a “convenience” that soon lost its appeal when, at 7.06 on the morning of November 21, he received a flurry of text messages notifying him of five transactions on his account. By the time the messages stopped arriving, Dharsey had lost a total of R1 605.

He was first in the queue when his local branch opened that morning and he demanded answers.

“Sorry, there is nothing we can do. According to our system, you must have made the transfers,” they insisted. When Noseweek contacted the bank, we received within a few hours what appeared to be a standard response: “The client was responsible for the transactions,” wrote Busi Mngomezulu, a senior FNB communication manager: Smart Solutions: “…FNB Cellphone Banking is regrettably unable to credit the customer’s account with the disputed transactions. Should the customer not be satisfied with the outcome he is advised to take this matter to the Banking Ombudsman.”

Dharsey’s cellphone records for that morning showed that the only activity on his cellphone had been that of the five incoming text messages from FNB.

With that information, we returned to FNB to ask them to explain the kind of investigations they had conducted to confirm that Dharsey was indeed responsible for the unauthorised transactions. We also sought to know how many similar complaints they had received from their clients since the launch of cardless withdrawals, as “Dharsey’s” transactions originated from two different cellphone numbers, neither of which was his.

Noseweek asked the bank whether they had bothered to establish the  Rica registration of the two numbers used to prompt the transfer of the funds and questioned the competence of the bank’s security that could be breached so easily – as in this case.

Five days later a bank employee,  who refused to identify herself, called Noseweek to say they had “settled” with Dharsey and refunded his stolen money (of course, arrogantly emphasising this was a magnanimous gesture that was in no way an  admission of liability) “but mainly as a matter of good faith on our part”.  And she made no mention of how or why the fraudsters were allowed to access the account with a cellphone number that was not registered with the bank for the said services.

The following day the bank credited Dharsey’s account with R1 446.00 – R159.00 short of the stolen sum. Noseweek couldn’t resist asking the bank whether their staff had problems with simple arithmetic.
 

Copyright © 2012 www.noseweek.co.za