Stuff South Africa

Stop using SMS’ to secure your banking accounts – here’s why

Unfortunately, SIM-swap fraud is a thing, and it’s only getting worse as time goes on. In 2020, nearly 93% of all banking fraud cases in South Africa came from SIM-swapping, according to a report from SABRIC. It’s not nice, but SIM-swapping has become the method for this medium.

What exactly is SIM-swap fraud? There are a number of ways these folks can ruin your week and get into your private accounts. First, they need access to your phone number. They either target an individual or try different phone numbers until they get one right. Once they have that, they’ll find enough information to impersonate the victim, contact the SIM provider and ask for the number to be switched to a different SIM. If that’s successful, the fraudster had access to your phone number. Once they’re in, a world of personal information opens up to them. Most worrisome of this is access to 2FA requests or OTPs. With these, they can access accounts and lock you out before you know it.

There are ways of making it harder for fraudsters to get your SIM info – authenticator apps. Apps such as Last Pass, Google Authenticator, or Microsoft Authenticator. These are all free, and add an extra layer of protection to the thin veil that is our security. There isn’t much else to do about the situation. Well, nothing more that we can do. Fixing the issue requires businesses, telecom providers, and users to all work together.

Capitec and Samsung Pay customers are winning

SIM

Some companies are working on a solution. If you’re a Samsung Pay user who banks with Capitec, then you can relax a little. Capitec is adding Entersekt’s SIM age validation capability to the platform, known more commonly as MNO (Mobile Network Operator) Authentication. The point of MNO Authentication is to detect whether a SIM has been swapped or breached recently.

Before you can add a Capitec card to the Samsung Pay app, the user needs to verify themselves before the card is usable. It sends out an SMS OTP which is needed to proceed, which is where Entersekt’s MNO authentication comes in. Before an OTP is sent to the customer, the MNO can verify the user’s SIM hasn’t been breached recently. If it passes the check, the OTP SMS is sent as usual, and the customer accesses Samsung Pay as normal.


Read More: Why you should never send digital versions of your ID documents via email or WhatsApp


The successful integration of Entersekt onto the Capitec platform has proven to be extremely fast and reliable, according to Capitec. We’re hopeful that other companies that store important personal information will jump on the bandwagon. If the integration was as easy as Capitec makes out, it won’t be long before we see plenty of people getting in on Entersekt’s business model. The sooner the better.

“Protecting sensitive information must be a priority for businesses across all sectors. By applying a quick and silent SIM check, organisations can significantly boost their security without their customers even knowing the checks are happening in the background. This solution should be an obvious choice for all businesses using SMS OTPs to authenticate users for any reason,” says Ellezane Williams, Entersekt Solution Architect Manager.

Exit mobile version