The South African Banking Risk Information Centre (Sabric) remarks in its recent annual report that the Covid-19 pandemic triggered changes in human behaviour and human movement, which created new opportunities for criminals and significantly impacted on the number and type of criminal incidents reported to Sabric.
Covid-19 seemed to have accelerated online stealing. Figures in Sabric’s Annual Crime Statistics report for 2020, published at the same time as the annual report, show that criminals also seem to have opted for working remotely during the first part of 2020 by expanding their online presence.
Violent contact crime such as cash-in-transit robberies and robberies at automatic teller machines (ATMs) decreased in the first half of the year, while online crime continued to grow.
Sabric CEO Nischal Mewalall says cash-in-transit robberies decreased significantly during April and May 2020 due to the Level 5 lockdown, but increased by 22% after restrictions on movement were lifted as criminals were able to move with fewer restrictions and less fear of roadblocks and searches.
“Digital crime incidents increased by 33% from 2019 to 2020 due to the massive shift in consumer buyer behaviour from physical retail stores to online retailers, providing cybercriminals with increased opportunities to defraud people,” he says.
“Your personal data, when combined with technology, has become the new key to the safe that holds your money in a bank. So, you must safeguard your data to prevent criminals getting access to your safe.”
While Sabric has noted an overall increase in incidents of banking crime, it mentioned that criminals seem to have enhanced their efforts to phish customers on digital and online platforms to steal their personal data and try to defraud them, as customers turned to online shopping and settling payments through digital channels.
SA banks established Sabric some 20 years ago as a central body to share and analyse information about crime in the banking sector and to develop countermeasures to prevent fraud and theft. All SA banks and cash transport operators are members, while cellular providers, law enforcement agencies and a long list of government departments are listed as stakeholders and users of Sabric’s services.
Interestingly, Sabric warns consumers of no less than 29 different methods that criminals use to try to steal money.
Some are new and sophisticated, while others are old and well known – so old that it’s surprising they still work, like the so-called 419 scam (a type of ‘advance-fee’ fraud).
Some seem really stupid (but could still work), such as a stranger approaching somebody at an ATM with a story that the cash from the machine is cursed but he has the muti readily available to clean it. “Just give it here for a moment …”
Lovesick people on dating websites are also targets, with criminals fostering a friendship, then asking for money for an aeroplane ticket.
Other criminals do roaring trade selling goods that don’t exist.
Fake CEOs, online dating scams push up UK bank fraud by 30%
Fraud involving credit and debit cards is big business. The Sabric figures indicate that SA bank account holders lost nearly R1 billion due to card fraud in 2020, even if showing a slight decrease from 2019.
Overall debit card fraud increased by more than 26% to over R520 million in 2020 compared to R411 million in 2019.
Fraud and theft involving credit cards decreased from R656 million to under R470 million. Mewalall says the reason for this change is a change among consumers where the use of debit cards is growing.
Criminals targeting South Africans seem to be able to work from anywhere in the world.
Nearly 60% of all fraud involving cards issued by SA banks can be traced to transactions originating outside of SA.
These crimes include unauthorised transactions where the card is not present, for example, using a card’s information to make an internet transaction. In total, SA account holders lost in excess of R650 million as a result of such fraudulent transactions.
Using counterfeit and lost or stolen cards netted criminals R301 million.
Sabric noted that the incidence of crime involving physical contact with either a victim or property reduced during 2020 due to the restriction of movement and visible policing during the pandemic lockdowns.
The number of robberies of bank clients at ATMs decreased by 24% and the amount of money lost decreased by 31%. The visible police presence (to enforce pandemic regulations) helped, according to Sabric.
Attacks on ATM machines also decreased, by 9%, while takings fell by 22% compared to 2019.
However, explosive attacks on ATMs increased by 20% and the success rate of attacks increased to 54% of incidents – up from 40% in 2019.
“Suspects made use of more explosives or multiples explosions to breach safes,” according to the crime report.
Cutting open an ATM safe with a hand-held angle grinder doesn’t seem to work anymore. The number of attempts fell by 40% and the losses decreased by 50%.
Old-fashioned burglaries from financial institutions, targeting cash and computers, increased by some 12% in 2020 and associated cash losses increased by 23%.
Sabric noted that burglary of cash and assets at Post Office branches constituted most of these burglary incidents.
The Post Office was also the target of most bank robberies, which increased by 42%, with losses increasing by a massive 67%.
The perpetrators apparently disguised themselves as government officials conducting Covid-19 compliance inspections.
Bank apps relatively safe
The Sabric figures indicate that digital banking is relatively safe, but not immune to crime.
Fraud across all digital banking platforms (bank apps, mobile banking and internet banking) increased by 33%.
Sabric reported 35 307 incidents and total losses of R309 million before recoveries, while each of the big banks report millions of digital transactions every year.
The worst risk seems to be cellular SIM card swaps, which were to blame for most of the fraud incidents reported in 2020.
The amounts in more than 21 000 incidents would have been reasonably small to total less than R46 million (averaging around R2 190 each) .
Mewalall says that looking ahead, cybercrime and data breaches will represent an ever-increasing threat to customers and banks, because even the best security and technology can be compromised when criminals source and use legitimate data to carry out a crime.
He warns bank customers never to click on links in unsolicited email messages as these links are used in phishing emails to drive people to “spoofed” websites which look like legitimate online retailers, complete with enticing images and convincing taglines.
“Criminals use these bogus websites to harvest bank card details to make online purchases using your account,” says Mewalall.
“We are still seeing lots of scams advertising seemingly incredible deals for personal protective equipment, sanitiser and fake vaccines that exploit people’s concern for their health and safety.”
Listen to Melitta Ngalonkulu’s interview with Rian Schoeman of LAWtrust (or read the transcript here):