Users are up in arms about an alleged SIM-swop inside job at MTN and First National Bank (FNB) that has apparently defrauded customers of hundreds of thousands of rands.
MTN has issue a statement, aimed at assuring customers that it has put security requirements and systems in place to improve security.
“MTN continuously reassesses the applicability of such security controls and as and when such security controls are breached, new and different controls are developed and implemented,” the company states. “However, as with any security and control systems, unscrupulous individuals will always explore ways of circumventing such systems. It is unfortunately a continuous process as criminal elements always find ways to improve their fraudulent methods.”
The company says that, since 2009, it has implemented and had made available to the banking environment a feature called Subscriber Identity for Third Parties (SIFT), which gives banks realtime alerts on change in SIM card number.
“MTN’s view is that if implemented by a bank, SIFT should go a long way to enable banks to mitigate bank fraud risk. The banking sector has had access to this system at a nominal cost.”
To encourage its use, MTN has now zero-rated this system.
“MTN has also implemented a range of other security interventions for the SIM swap process,” the statement adds. “These measures include improved SIM swap verification and a double opt-in to activate the SIM swap, to give control to the customer.
“Another solution within the Sim swap verification process that MTN introduced was a one-hour SMS notification to ensure that the legitimate customer has ample time to confirm the SIM swap request.”
MTN states that it is also investigating a solution that allows customers to be contacted on a secondary number or email address to verify SIM card swaps. This would only be useful if customers provide secondary contact details.
“MTN urges its customers to safeguard their Internet and telephone banking log-in details and password against social engineering (phishing) to safeguard their accounts,” MTN states. “The banking customer’s log-in details and password is the last line of defense that should only be known to the user. The onus is on consumers to ensure that their passwords and log-in details are not compromised.”
Where fraudulent activity has taken place, the company says it is working closely with the South African Police Services as well as the South African Banking Risk Information Centre (SABRIC) to assist in the necessary investigations to bring perpetrators to book.