MBOMBELA – A fake SIM-swap enquiry has claimed at least one victim in the Lowveld. Ms Patricia Lubisi’s Capitec Bank account was emptied last week.
R3 900 was stolen from her account by Internet fraudsters. Lubisi was left without money for basic necessities and the bank will not reimburse her.
“They would not even loan me money for basic necessities,” she told Lowvelder on Monday, four days after the incident. She was still visibly upset as she recounted the events.
Lubisi received a call from a purported Vodacom employee last Thursday. The woman said a SIM swap involving Lubisi’s cellphone number was being processed and asked whether Lubisi had authorised it.
Lubisi said that she had not. To stop the unauthorised swap, she was asked to tell the caller which banks’ SMS banking services her cellphone number was registered with.
“I told her it was Absa and Capitec,” said Lubisi.
She was instructed to switch her cellphone off and wait five minutes before switching it back on again. The next day, she realised that she had not received one incoming call since. She attempted to draw cash from a Capitec ATM. However, her account was empty.
“I went numb with shock. But I had hope. I thought it was a mistake or at least something reversible,” she told Lowvelder. She requested a bank statement, which showed that a Mr Dumisani Buzu withdrew the money in KwaZulu-Natal last Thursday.
“I went to Capitec I’langa expecting the bank to act as the custodian of my money, but they just pulled up their shoulders, and said they could not do anything for me. They could not replace my money and they could not loan me money,” she said.
Capitec informed her that they would investigate the disappearance of her funds, but that it would take up to 11 days to provide her with feedback.
She approached Vodacom. Her SIM-card history reflected that a SIM swap was done on Thursday, although Lubisi never authorised it.
Shocked and dazed, she made her way to the police station to report the fraud. She relayed her experience in an affidavit.
“By that time I realised that the woman who phoned me about the SIM swap must have tricked me. I think she used my phone number to gain access to my bank account somehow. I never gave her my PIN, ID number or any other information other than the names of the two banks,” she emphasised.
Armed with a copy of the affidavit, she approached Capitec Riverside on Saturday.
“To me, there was no option of the bank not helping me. I am a paying customer. What do
we pay banks for? To take care of our money,” she said.
She asked a teller to reimburse the funds. Again, they denied her request.
“They didn’t even give me money to cover my living costs for the next 11 days. How must I eat, live, get transport without funds?” she asked on the verge of tears.
“Some of that money was my savings. I have been saving for nine years and six months. And now it is all gone.”
According to Absa, her account had not been accessed.
Mr Francois Groenewald, a specialist investigator, explained how fraudsters have been using SIM swaps to empty bank accounts in a recent press release.
According to Groenewald, fraud victims receive an SMS from a number similar to the one they get bank notifications from. “The SMS will indicate a problem on your account and that a ‘consultant’ will contact you,” he wrote.
The “consultant” asks you to confirm your details such as your account number and the make of phone you are using. The fraudsters will then contact your cellphone provider and perform a SIM swap, which will enable them to receive OTPs (one-time pins) and RVNs (random verification numbers) from your bank to gain access to your bank accounts.
According to Groenewald, victims’ bank accounts will have been depleted by the time they realise that their phones have stopped working, and they would not receive SMS notifications about activity on their accounts.
On Sunday, Rapport reported that other South Africans had gone through similar experiences, some having millions stolen from their Absa and Capitec accounts.
The banks reportedly shrugged off responsibility, relying on contractual terms to evade compensating clients for their losses. Capitec spokesman, Mr Charl Nel, said the bank only takes responsibility for losses like Lubisi’s if Capitec’s negligence or fault led to the client’s loss. “Our agreement states that a client agrees to use the mobile banking service at their own risk,” he told Lowvelder.
“If the client was negligent the bank cannot take responsibility for such action.” Nel did not define “client negligence,” but specified that clients are responsible for the security of their mobile banking PIN numbers. Lubisi maintained that she was not negligent.
“Providing the names of my two banks to someone I believed would protect me from an unauthorised SIM swap is everything but negligence,” she said.
Lubisi also has no guarantee of getting her money back.
Nel confirmed that banks are not required to insure their clients’ funds against incidents like this and that, ultimately, clients must take responsibility for the safekeeping of their own information.
Investigations into such cases are complicated. Proving that Lubisi provided fraudsters with her personal details may be difficult. Banks have been unable to prove this in similar cases elsewhere.
Tracing the computers or cellphones from which Internet fraud was committed is another challenge, as the IP addresses are sometimes tampered with.
Although banks have dedicated departments conducting fraud investigations, Nel said they still require time to conduct and conclude thorough investigations.
According to Mpumalanga police spokesman, Brig Leonard Hlathi, clients should take cognisance of fraud incidents such as these. “We have been educating communities to be aware of strange calls,” he said.
Vodacom did not respond to the newspaper’s queries.
Click here for ABSA’s full response.
