Financial services group Absa on Monday reported a 122% increase in total operational risk losses to R535 million, “mainly due to increased litigation reserves for historic cases recently concluded”.
“Plastic and digital fraud losses remain as the major contributor to operational risk losses,” the bank said in reporting its financial results for the year ended December 2018.
Looking head, Absa said that strengthening of fraud capabilities, in particular over digital channels, is a key focus for the financial year ahead.
The bank has seen continued growth in digital adoption by customers across a number of channels including iATM (withdrawal and deposits), Mobile Banking, POS and internet banking. Transactional volumes from mobile and internet banking grew by 94%, it said on Monday.
The bank recently urged customers to be vigilant against any attempt to dupe them into handing over their “keys to the safe” – card PIN, card CVV, card One Time PIN (OTP), online banking PIN, online banking Password – to third parties.
There is an upsurge in social engineering globally, it said.
“Fraudsters use personal data from data breaches to impersonate banks with the sole purpose of tricking customers into granting them access to their money and bank accounts.”
Citing external studies, Absa said that during the first half of 2018, 4.5 billion customer data records globally were reported to have been compromised – 86% of all consumer information has been compromised through spam emails and data breaches. Studies also showed that 97% of customers struggle to differentiate between a phishing email and a legitimate email.
- Phishing – impersonation through emails, commonly containing hyperlinks;
- Vishing – impersonation through phone calls;
- SMShing – impersonation through text messages where the customer is requested to open the link and complete the fields.
In South Africa, digital banking fraud cases increased by 64% over the past year; these impact the entire financial services industry, Absa said.
Absa head of fraud strategy, Ulrich Janse Van Rensburg, said customers should never approve transaction requests via the mobile banking application (App) if they’re not transacting or if they are not responsible for the transaction.
Absa will never request for its customers’ “keys to the safe” for any reason whatsoever, the bank said.
Cybersecurity and anti-virus provider Kaspersky Lab, warned on Monday that South Africa is listed as one of the countries with the highest percentage of users attacked by Android banking malware.
In 2018, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans, an increase of 15.9% compared to 2017, when over 767,000 users were hit. The growth partially occurred due increased activities of only one banker, according to an analysis of the financial threat landscape by Kaspersky Lab.
Attacks with banking Trojans or ‘bankers’ are among the most popular for cyber criminals as they are focused directly on financial gain. This kind of malware steals credentials for e-payment and online banking systems from victims, intercepting one-time passwords, and then sending the data to the attackers behind the Trojan.
Of 889,452 attacked users, almost 25% were corporate ones, a figure that has remained fairly consistent for the last three years. According to Kaspersky Lab experts, the reason behind this is clear: while attacks on consumers will only provide access to banking or payment system accounts, successful hits on employees can also compromise a company’s financial resources.
Russia, South Africa, and the US were the countries with the highest percentage of users attacked by Android banking malware. The number of users that encountered Android banking malware in 2018 more than tripled to 1,799,891 worldwide.
Just three banking malware families accounted for attacks on the vast majority of users (around 85%), Kaspersky Lab said.