NOMPU SIZIBA: Experian South Africa, which is a credit bureau, has reported that the company suffered a data breach. Some 24 million people’s data was acquired and around 780 000 businesses’ data as well. But, according to some reports, the bureau says that it has since found the person who extracted the information, and that it’s been destroyed. But how much comfort can this give South Africans, given that data can be transferred within a matter of seconds?
Well, to discuss this matter further, I’m joined on the line by Manie van Schalkwyk, the CEO of the Southern African Fraud Prevention Services. Thank you so much for joining us, sir. So we know, or do we understand, how this breach happened in the first place? It does sound like Experian handed over this data to whomever was applying for it, because this person was obviously representing themselves falsely. But how does that happen? One would have thought that the systems would be very sophisticated for that amount of data to be handed over to any one person.
MANIE VAN SCHALKWYK: Yes. Hello, good evening, Nompu, and thank you for inviting me to your show. Unfortunately, I’m not privy to what happened. I think Experian is in a better position to answer that. And I would also imagine that the information regulator, the National Credit Regulator, will be on top of all of those kind of things to see exactly how it happened, and how that information was breached, and if all the processes were followed to sign up a client properly, and what verifications were done. So one would assume that all of those processes must be in place.
I’m more concerned about what happens now. You quite correctly have stated that, yes, they could have found the person and destroyed the information that was in his or her possession. But one doesn’t know whether this has been sold to the Dark Web, or wherever information may have gone.
So it still leaves consumers like you and me maybe vulnerable, where our information is available to people who shouldn’t have it. And I think we, as consumers, need to be vigilant and understand how this data is used. Perhaps I could just give you some examples of what we’ve seen in the past when people steal data. Clearly I heard in a previous interview that not all the data was stolen, but it’s things like ID number, cellphone number, address, information – those kinds of things. So the fraudsters who have this information will usually contact the consumer on the premise that they are phoning from the bank. And then they will try to instil confidence in the consumer and say this is XYZ quoting from the bank, and there’s a big debit order going off your bank account. Should we stop this?
Your immediate response will be to say yes, and then they will instil confidence. They say: “We see you live here, we see this is your telephone number, your email address. Oh gosh, my system just went down, please give me your bank account detail quickly, because I need to stop this debit order. I’m not supposed to ask you for your pin, but to stop it immediately, please give me your pin.” And by that time you are kind of trusting this person. He’s provided some information which makes sense – which is you, which is what belongs to you. And through that process you kind of think, okay, this is from a bank which is really planning to help me; let me give that information.
And that is my big message to consumers – to say, although some of that information now looks stolen, we have now got the duty as consumers to say, well, how do we protect the rest of that information that we don’t have financial loss.
NOMPU SIZIBA: Manie, what really is the extent of this problem? We’ve heard about some big companies, particularly the banks, being infiltrated. And, despite their investments in cybersecurity and all those fancy things, the cyberhackers or thieves still seem to be one step ahead.
MANIE VAN SCHALKWYK: Yes. I agree. Experian is an international company, and the banks have got the best systems in place. Earlier this week we saw an insurance company got hacked. And I do think globally we all do what we can, but it takes one clever fraudster to outwit us.
So I think it just puts it right back on the agenda to say, do we have the best and the latest technologies available to make sure that our systems are not infiltrated, and processes and procedures to make sure that whoever subscribes to us, this is legitimate and it’s not a finger to anybody, because I think we are all in this thing, If we’ve got a database at all we are at risk of fraudsters having fun with us.
NOMPU SIZIBA: You’ve explained nicely how a consumer can unwittingly sort of give their information to these guys who are very sophisticated in the way that they extract the information that they need to commit crime. But if, say, a consumer does think something off has happened, where can they go?
MANIE VAN SCHALKWYK: Well, my first thing will be to go to the credit bureau and get a credit bureau report. See what’s going on in your credit report, and see if you’re not maybe a victim of high-risk theft. You will see that from accounts which have been opened which you’re not aware of, any inquiries on your credit bureau profile that you’re not aware of. If you become a victim of identity theft, you can contact the SAS, which is the organisation that I work for. It’s a non-profit organisation and we do a free service to consumers for additional protection. They can email us at protection@SAS.org.za, and we will get in contact with them. Or they can just SMS the word protectID, one word, to the number 43366.
NOMPU SIZIBA: Excellent. And then lastly, the title of the company that you belong to contains “Southern African”. Presumably you look at other countries in the Southern African region. How much of a problem is this in those other economies around South Africa?
MANIE VAN SCHALKWYK: We still haven’t opened offices in other countries, but we have spent some time there in the past couple of months before the lockdown. And I can tell you, South Africa is well equipped to deal with these kind of challenges that we are facing.
NOMPU SIZIBA: Manie, thank you so much for that. That was Manie van Schalkwyk, the CEO of the Southern African Fraud Prevention Services.