The network providers are never comfortable talking about criminal syndicate partners within their ranks, of course, which is why their responses to media queries about such cases either gloss over this aspect completely or spread the blame to the victims and, in some cases, to similar collusion on the part of bank employees.
Uncomfortable questions about exactly how the fraud happened, and why the victim had such trouble getting help, much less an explanation, are often simply ignored.
Last week forensic scientist Dr David Klatzow said that a client of his lost R200000 from her FNB account as a result of an MTN SIM-swap scam, and that other MTN-FNB clients had also suffered losses, and it was “an inside job” in both companies.
My e-mail inbox suggests that such fraud isn’t restricted to one cellphone network or bank.
One of the most alarming cases I’ve taken up recently was that of Irene Rheeder, of Durbanville, Western Cape, who has a Vodacom contract and banks with Absa.
While she was on a flight from Cape Town to Seoul, South Vietnam, in September, someone at a Vodacom shop in Sunnyside, Pretoria, activated a “twin call” facility on her account.
With this facility, when the primary number is switched off, the second or “twinned” number receives calls until the primary SIM is activated again.
At the same time, Rheeder’s Absa account was hacked online, and R30000 transferred from her credit card to her cheque account, plus R35000 from her savings account, R25 000 was then transferred into a Capitec account, but thankfully a second attempted transfer was stopped by Absa’s fraud department.
Absa refused to refund the money, saying the security SMSs to her cellphone were acknowledged, and when weeks went by without a response from Vodacom’s fraud department, Rheeder contacted In Your Corner for help.
She is adamant that she has never compromised her PIN.
Responding, Vodacom’s chief corporate affairs officer, Maya Makanjee, said an investigation had revealed that the fraudster had presented no documents in order to activate the Twin Call facility on Rheeder’s account, and had since been arrested and detained pending criminal investigations, along with “external persons”.
Vodacom told Rheeder the network did not accept liability “for the alleged loss” she sustained “as a result of the fraudulent activity linked to your bank account”.
But as a “gesture of goodwill”, and in order to “resolve the matter on an amicable basis without resorting to litigation”, the network offered her R8750.
So, in short, as with so many other cases just like this, the bank claims the PIN and passwords were compromised, so they don’t take responsibility, and the network says, okay, internal collusion led to your cellphone being “hijacked” but the fraud couldn’t have taken place without your bank details being compromised, so we’re not liable.”
Which leaves the consumer stuck between a rock and a hard place.
Stopping sim fraud
An SMS is sent to the primary number advising that Twin Call has been activated, which wouldn’t have helped Rheeder on her international flight.
There is now a two-hour delay on Twin Call activations and it can no longer be activated by stores.
Responding to Klatzow’s allegations, MTN said last week its Subscriber Identity for Third Parties, which has been available to banks since 2009 at a cost to alert them immediately of SIM card changes, would now be free to encourage the banks to use it to protect clients.
There’s a one-hour SMS notification period to ensure that the legitimate customer has ample time to confirm the SIM swap request.
“MTN is furthermore investigating a solution that allows customers to be contacted on a secondary number or e-mail address to verify SIM card swaps.
“The SIM swap will be activated only after the customer has given consent to the transaction via the alternate contact detail,” it said.
‘We say nothing’
Late last year Fiona Budd, who banks with FNB, discovered that a fraudster – using a copy of her ID which had been stolen in a robbery some years ago and manipulated – had opened an MTN account in her name.
Then R3700 was debited to her FNB account, with an MTN reference.
Not being an MTN customer, she was instantly alarmed and had FNB reverse the debit and cancelled the debit order on her profile, thinking it was a mistake.
But the next month almost R5000 was debited by MTN.
Store employees at Rosebank MTN advised her to make an affidavit, submit copies of her ID and open a police case, which she did, and later learnt her case had been closed, with no further feedback.
But another R6100 was debited from her account in December.
Naturally, she questioned why the SIM cards on the account had not immediately been blocked and the account closed when the fraud was detected and her affidavit submitted.
But she has never been given an answer, and neither have I, despite submitting the question to MTN twice.
I also asked MTN’s media office in early January: How was the account opened without any RICA checks, why were Rheeder’se-mails to MTN’s fraud division gnored, and why was her case initially “closed” without any resolution?
MTN’s response: “A fraudulent account was opened in Ms Budd’s name without her knowledge and consent.
“We are conducting an internal investigation and improving controls to try to prevent a recurrence of this type of fraud.
“The matter with Ms Budd has been amicably resolved, MTN has refunded the money deducted from the customer and we registered the customer’s details with the Fraud Prevention Service.”
But Budd was left feeling less than amicable towards the network and is still waiting for answers.