Recently one of South Africa’s leading banks, FNB, lost an interesting suit involving about R2.9 million or about US$202 000 being siphoned out of a client’s bank account. The client who can only be described as technically challenged was duped using an online social engineering scheme, he gave the thieves his personal details which allowed them to steal the money through his account. FNB wanted the client to pay back the money. The courts denied their request.
An important case in today’s world
Banking isn’t what it used to be a decade ago. Back then, the only people you needed to be wary of were ATM card thieves who tried to guess your PIN and signatures. Most heists involved someone gaining physical access to your card. Now it’s different with apps, mobile banking and online banking, there are so many doors into your account.
While this is convenient it means you have so many doors and windows to secure in order to make sure your money and account are safe. The truth is your average day account holder lacks the tools and knowledge to protect themselves. Every other week I receive messages from helpless account holders desperately trying to get their money bank.
Banks just give you an account, ATM card and your passwords and leave you out in the cold with half-hearted that are not coordinated send out at sporadic intervals. I feel like most of them don’t have real earnest security and safety programs aimed at customers in order to bring them up to speed on what threats lie out there. I am not talking about some lazy PDF out there. I am talking about actually training each new user so that they are aware of the opportunities and threats they face regarding their accounts.
Blame the account holder strategy
In the FNB case here is what happened:
- Godfrey Kgethile an unremarkable account holder whose account had a R5 000 (US$350) limit was told he had won a lottery by scammers online
- He was using a computer in an internet cafe and he responded with his banking details and ID number to the scammers
- Then a person with a “British accent” called him asking for his proof of residence and ID and he provided them.
- Again he obliged since this all sounded harmless but imagine his suprise months later when he got a call from FNB demanding that he payback a loan of R2.9 million.
- The account holder was unemployed and prior to that the bank had denied him a loan of R6 000 which he intended to boost his business.
FNB did what all banks do even here in Zimbabwe when stuff like this happens. Blame the account holder. They then even took the man to court asking that he pay the millions he had supposedly taken when it was clear it wasn’t him.
The bank was somehow making it out as his fault but what happened to him can happen to anyone. Anyone can be duped to give the sort of information he gave out. In fact, sometimes it’s even possible to get this data off the internet without even duping someone. After all, once information filters onto the internet it’s kind of hard to delete it.
Banks need to be accountable
I think it is the duty of banks to do more in order to combat hacks and thefts like this. For example, Zimbabwean banks should be made to pay back the money lost in card cloning schemes. This is because despite what you would think they are the ones to blame.
We all know magstripe cards are rubbish when it comes to security and yet here we have plenty of banks still giving out such cards. I even know a shameless local bank that takes 10 days to issue a magnetic strip card that comes with fancy embossing. In this day and age? Would be banks be doing this if the money stolen using cloned cards was coming out of their own pockets?
My grandmother doesn’t even know the importance of an OTP code. She was just handed a card after opening an account with a bank in Nyanga. All a thief needs to do is download an App, install it on their phone and politely ask her to give her that OTP over WhatsApp and its bye-bye pension money.
Not a long time ago I was contacted by an esteemed colleague who is in South Africa with a case that baffled me. It involved one of Zimbabwe’s leading banks. Each month my colleague’s relative would have their entire salary siphoned out of their account within minutes of landing in there. Each time it was a new account doing this and the money would go to one of those lite accounts you can open in minutes. The trail would go dead.
They had tried everything. Going to the bank, having their passwords reset. Getting a new phone. Getting a new card. Linking a new number to the account to no avail. Each time they go to the bank the staff is equally befuddled. They keep losing money because changing account details at work takes time.
Again if banks were made to pay for losses suffered by account holders they would be more vigilant and do better to educate their account holders. They would have skin in the game.