Picture: THINKSTOCK
Picture: THINKSTOCK

THIS has been a tricky column to write. Not only because the complexities of internet banking and sim-swap fraud make me want to stash my money under a mattress and ditch my cellphone.

It's because I've had to make hard decisions about what information to include, to ensure I don't inadvertently help fraudsters while giving advice to consumers.

It's a bit of a tightrope. Consumers have the right to know what is, or is not, being done to protect them.

I'm unlikely to be popular with either the banks or the cellphone networks, but as neither industry is hugely popular with customers anyway, I reckon we're square.

However, in the interests of keeping the good guys ahead of the bad, I'm not going to divulge the new plans by Vodacom to thwart sim-swap fraudsters, nor to reveal the latest sim-swap procedures that are in place.

But I am going to tell you that Vodacom has the technology to alert South African banks, free of charge, to suspicious sim swaps - but only two of them use it.

So while the code of banking practice commits all of our banks to taking "reasonable care" to keep clients and systems safe, only FNB and Absa have stepped up to this particular plate.

The alert system doesn't stop all internet banking fraud but, depending on the speed of the transfers, it can certainly help reduce it.

Vodacom has had the system for four years already - and says it actively engages with banks on the opportunity it offers to prevent fraud.

Sim swaps are often central to internet banking fraud.

Once criminals have a customer's pin and/or password for online banking - generally through phishing e-mails - they need a one-time password or other SMS-based notification to authorise cash transfers.

The crooks can get this through a fraudulent sim swap with the network provider - and clean out entire bank accounts.

Vodacom's technology not only allows banks to check the date and time of the last sim swap but, more recently, the date and time of change of handset, and number of calls made with the combination of new sim and handset. Alarm bells ring if few calls are made on a new phone that has a new sim as well.

Sim-swap fraud is on the increase: in a good month, Vodacom sees five such cases; in a bad month, up to 100.

But - and this is significant - in most cases neither the banks nor the networks will refund a client's losses.

The banks argue that victims must have been negligent in somehow compromising their secret pins or passwords.

The networks argue that the loss didn't stem from the sim-swap fraud alone, but from the compromising of the pin or password.

Vodacom relies on a 2010 court judgment to support its position.

How convenient. My feeling is that if there are options available to banks to better protect customers, and they're not using them, they should be held liable for the losses.

Accessing Vodacom's automated system requires technical development by the bank. So yes, there are costs involved. But it is money responsible banks are expected to spend.

At least accessing Vodacom's system is free.

MTN, on the other hand, which investigates about 10 fraudulent sim swaps a month, charges for its service. Again, only FNB and Absa use MTN's system, which operates via a wireless application service provider.

Cell C has no automated facility on offer. And for "security reasons" it won't divulge its sim-swap figures.

Said representative Karin Fourie: "We have not had a formal request to implement an alert service for this purpose from the banks. However, we have the ability to provide the required information, and do so on request."

Vodacom's chief risk officer, Johan van Graan, confirmed that only FNB and Absa were using the network's alert services.

"Standard Bank is investigating what is required to obtain this information. All other banks need to develop systems to access and use this information," he said.

Standard Bank declined to comment, saying it didn't "share information" on its fraud-prevention mechanisms.

But it welcomed any engagement and "robust solution" to mitigate fraud.

Nedbank said its latest offering, Approve-it, had brought online fraud against its clients to "a virtual standstill" since the beginning of the year.

"Nedbank fraud-detection systems and recent initiatives ... have led to a state where sim swaps perpetrated against our clients have virtually flat-lined over the past four years," said the bank's head of digital and mobile, George Chirwa.

If Nedbank's claims can be backed up, it's hard to think why its system hasn't become the gold standard for all our banks.

Unlike other banks, Capitec's passwords are generated via an app on a client's handset, not via a sim. And the app can be downloaded only with verified fingerprints, at a branch.

Said Van Graan: "The Vodacom system is a useful tool to help reduce the risk of internet banking fraud. It would definitely be more effective if all the banks used it."

Indeed. Even as a extra layer to existing security systems.

Not doing so somehow smacks of negligence.

Sunday Smile

At Faxsure Solutions on Gauteng's West Rand, which arranged for and delivered a replacement part for Colin van Rensburg's Samsung microwave within four days. "I just think this level of service is fantastic and deserves a mention," said the Roodepoort reader.

Sunday Snarl

At the City of Johannesburg. On a reader's recent trip to Montecasino via William Nicol, two sets of traffic lights were out of order, one at the busiest Sandton intersection. No metro cops to direct traffic. No street lights, either. Hardly a "world-class city".

*This article was first published in Sunday Times: Money & Careers