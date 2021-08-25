



- Most banks deny all liability for their clients’ losses to banking fraud if the crimes were committed using their personal identification number (PIN)

- But what if it was the bank’s own self-service system that read out that PIN to the fraudster?

Never leave your ID number, your phone’s SIM, and your credit card in the same place unattended.

That's the advice from Cape Talk listener, Standard Bank customer and fraud victim, Grant Warren.

On June 19 Grant left his cards and phone locked inside a friend’s car in a crowded parking lot near Melkbosstrand while they surfed.

When he returned to the car about 90 minutes later, it had been broken into and his valuables stolen.

Reporting the incident to Standard Bank’s fraud division at home an hour later Grant was told by a consultant that almost R19 000 had already been stolen from his account.

Not only that, but the bank denied all liability, saying Grant had taken three hours to report the loss of his card (calculated from the time he left the valuables unattended to go surfing), and that he had supplied the criminals with his card and PIN.

Consumer journalist Wendy Knowler says Grant's experience is not a once off:

After sharing his experience on social media, Warren heard from another Capetonian, Johan Beukes, who had a similar experience in February, and his loss was massive - R318 000, being most of the disability pay-out he’d received earlier that day. Wendy Knowler, Consumer journalist

So just how are fraudsters able to obtain our personal identification numbers?

Armed with their victim’s bank card, cellphone SIM, and ID number (They don’t need the ID book or card, just the number) they call Standard Bank’s helpline number, chose the lost or stolen PIN number option, then chose self-service PIN retrieval, and are then prompted to key “their” ID number, the three-digit CVV number on the back of the credit card, and the cell number. Wendy Knowler, Consumer journalist

A one-time PIN is then sent to that SIM - now in the hands of the fraudster - which he keyed in, and with that, their victim’s PIN are “read out” to them. I have seen video evidence of this and it’s quite chilling. The PIN can be obtained in under four minutes. Wendy Knowler, Consumer journalist

Asked why it did not take any responsibility for the losses suffered by it's customers, given the circumstances, the bank said: “The outcome of each case will always be determined on its own merits”.

“So it is possible to call Standard Bank and obtain the victim’s PIN number if the victim’s credit card, cell phone SIM and ID number are collectively stolen, however this risk is mitigated if a customer has enabled a SIM and phone lock functionality,” the bank said.

Knowler contacted a number of other local banks to ask how their customers can retrieve their PINS.

Here’s how they responded:

Nedbank sign. Image: EWN

NEDBANK: Nedbank does not offer this service to retrieve a card PIN. The only way to retrieve one’s card PIN is via the Nedbank Money app or by visiting a Nedbank Branch, both of which require authentication. When visiting a branch, the client resets the PIN and at no point does the teller have access to this.

CAPITEC: We do not offer this voice/call centre option. A person can only reset their card pin at an ATM.

However they need their existing pin to enter the ATM flow and then change it to a new pin.

If they cannot remember their pin, they will need to visit a branch and do the transaction with their fingerprints in branch.

Clients can change their remote access (internet & App) pin, via the app. But they do need their old pin to access the app to make the change – otherwise they also need to go to a branch and present their fingerprints for the change.

ABSA: Absa does have a voice self-service read-back PIN retrieval service, as well as providing this service via its banking app. But, if the customer has lost their card, a third party cannot retrieve their card PIN without the customer approving it through the Mobile Banking app.

If the caller does not respond to the Mobile Banking App request or declines the request, the self-service read-back process will stop.

“We always prompt the strongest control available in our voice centre - voice biometrics first, and if the customer has not saved their voice, then we do move to the mobile banking application approval, and finally we check to see if there has been a SIM swap. In any event, Absa provides its mobile Banking App users with its Free Digital Warranty, meaning it covers all their fraud losses.

FNB: Customers can securely log on their FNB App or online banking to retrieve their PIN. When a customer is unable to access digital channels to retrieve their PIN, we assist them via an alternative process that requires multi-layered authentication.

To ensure privacy and safety, our interactions with customers are authenticated across both self-service (digital) and human-assisted channels. Due to confidentiality, we cannot divulge the nature of our security measures.