Banking fraud happens

A reader told Moneyweb how a crook apparently hacked into a business associate’s email account and sent fraudulent bank details for the refund of a rental deposit. The money was gone by the time anybody realised anything was wrong.

Their experience highlights the importance of keeping personal information safe and being very careful about access to personal computers and email accounts, either remotely by slipping up on access and hacking, or physically by not watching your cellphone, laptop or desktop.

The story starts at the end of a rental agreement between Muriel and Justine. Muriel emailed Justine to ask for her bank details to refund her deposit of R9 800.

“I never had her bank details because she always deposited the rent into my bank account. I didn’t need her bank details before I had to refund her deposit,” says Muriel. She transferred the amount to the bank details she received from Justine.

Read: Cybercrime hits Toyota dealership

They only realised something was amiss a few days later when Justine complained that the money did not show in her account. Someone had sent Muriel an email with completely different account details.

Justine has an account with Nedbank, but the email sent from Justine’s email provided details of an account at TymeBank.

“I guess that somebody hacked into Justine’s email or got to her computer,” says Muriel.

She immediately contacted TymeBank, who told her to report the matter to her bank, Absa, saying that Absa would engage with TymeBank to look into the problem. The two banks got to work, but a couple of days were enough for the crooks to disappear with the money.

Common pattern

TymeBank confirmed that the problem was only reported on 11 July, six days after the fraudulent incident occurred.

“According to the details received, a payment of R9 800 intended for a Nedbank account belonging to Justine was fraudulently re-routed to a TymeBank account on 4 July 2023,” says George Wandsella, TymeBank’s head of enterprise risk and fraud.

“This scam follows a common pattern. An innocent party receives an email or letter notifying them of their client/supplier’s bank account change. The communication provides new account details and requests an update in records, leading to future payments being directed to the altered account.

“However, the ‘change of account details’ mail is fraudulent and is intended to divert funds to the fraudster instead of the genuine client/supplier,” he says.

Read:
R2.7m ‘fees’ for R1m loan: How Cape farmer got scammed
Nine British banks sign up to new AI tool for tackling scams
Meet the bank that’s had zero card fraud since launch

He confirmed that the bank account exists.

“It was opened on 18 May (at 5.44 pm),” he says, following TymeBank’s procedures.

“TymeBank prioritises regulatory compliance, ensuring all mandatory account-opening requirements are met. In this case, the account adhered to FICA [Financial Intelligence Centre Act] standards through our web onboarding process.”

Wandsella says TymeBank’s fraud team took immediate action when the incident was reported on 11 July by blocking the recipient account involved in the fraudulent scheme before proceeding with an investigation.

“However, by this time, the misappropriated funds had already been utilised.

“The funds were utilised by 08:20 am on 5 July [less than 24 hours after the transfer and before anybody suspected fraud]. The case was reported on 11 July, with no prospect of recovery as the fraudster withdrew the funds in cash,” he says.

TymeBank advises people to immediately report fraud to their own bank. “In accordance with established industry practice, it is crucial for a person reporting fraud to directly engage with their own bank.

“This ensures legitimate customers’ accounts are not blocked for no reason and that there is no unnecessary sharing of personal information with third parties.

“In this specific case, after being contacted by Absa [the complainant’s bank], TymeBank promptly placed a hold on the account to prevent further unauthorised transactions,” says Wandsella.

Mule accounts

Mule accounts are currently a concern among banks, with several recently issuing warnings to their clients and the public.

Wandsella says the Southern African Banking Risk Information Centre (Sabric) confirmed the problem of mule accounts in its recent report on banking crime statistics.

“At TymeBank, we treat all cases of fraud with the utmost gravity. We do more than only place an account on hold and taking steps to close the account,” he says.

Steps include:

• The account holder’s identity number is registered on TymeBank’s internal fraud database and is reported to the South African Fraud Prevention Services (SAFPS) for registering on its database. This ensures that the identity number is flagged across financial institutions in case the person attempts to open other bank accounts or apply for financial products.
• Furthermore, these cases are reported to Sabric as part of ongoing collaboration among all banks for fraud data analysis. This aids in identifying fraud syndicates and analysing industry trends so that proactive measures can be adopted.
• TymeBank actively engages with the South African Police Service (SAPS) and Crime Intelligence to investigate instances of fraud. The bank utilises artificial intelligence and machine learning to help detect and prevent fraud.
• To bolster fraud awareness and safeguard its customers’ financial well-being, TymeBank conducts campaigns, in collaboration with SAFPS and Sabric, to educate customers about fraud scams.

Wandsella says TymeBank adheres to a range of banking regulations in its account opening processes.

“Our banking platform employs cutting-edge technology for customer onboarding, such as biometric verification and facial recognition, to ensure customer identity is verified.

“Customers lacking Department of Home Affairs (DHA) fingerprint or identity data undergo customer due diligence to confirm their identity,” he says.

Read: FSCA warns ‘money mule’ bank account scams are on the rise

“Furthermore, accounts are subject to risk rating, with limits allocated based on a risk-centric approach. More generally, we are committed to continually refining our processes to improve banking security.

“While this specific case involves a TymeBank account, the problem is industry-wide and is not confined to a particular bank.”

Below benchmarks

TymeBank’s fraud levels are “significantly” below industry benchmarks, according to Wandsella.

“Our approach is to design products with fraud prevention in mind from the onset whilst ensuring that we find an appropriate balance between fraud prevention and providing a seamless customer experience.

“Our commitment to security is evidenced by our strategic collaboration with industry leaders in the area of security and fraud prevention and our adoption of cutting-edge technology. We constantly reinforce our platform’s safety measures. The Banking Ombudsman’s data for the 2023 financial year highlights the effectiveness of our efforts – only 99 fraud complaints were registered among our 7.6 million customers.

“Instances of change of banking detail scams are notably rare,” he says.

The bank urges consumers to verify any changes to banking details diligently. Independent verification is paramount, especially for requests received by email.

Read: Nedbank and Capitec had biggest increase in complaints in 2022 – Ombud

“It is important to rely on official contact information from trustworthy sources rather than information furnished in the request itself. Vigilance contributes to a secure banking environment,” says Wandsella.

He adds that consumers should be aware of their duties and responsibilities with regard to taking precautions when making payments, as summarised by a landmark court judgment (Hawarden v ENS).

Organisations that use email to communicate banking details have a duty of care to secure information, while those who receive banking details need to be aware of the possibility of a business email compromise occurring and know what to expect from those they are doing business with.

Listen to this Moneyweb@Midday podcast with Jeremy Maggs:

You can also listen to this podcast on iono.fm here.