According to Stieler van Eeden, Assistant Manager at Ernst & Young's Technology Security Risk Services section, "Nobody's ever 100 percent secure". And Van Eeden should know — he is renowned in South Africa for breaking into the JSE website and Computicket's website back in 2000.

"The consumer is a bit confused," he tells iafrica.com. While banks have to refund customers for credit card fraud, this is not the case should they be defrauded while banking online. "Banks have done more than they should have done", he says.

Stolen identities

This follows reports that fraudsters succeeded in gaining access to the accounts of clients of three major banks in the past four months, stealing thousands of rands. In the majority of these cases, the clients were reimbursed.

According Gilbert Swats, CEO of the South African Banking Risk Information Centre (Sabric), customers were defrauded after their identities were stolen, potentially at "vulnerable points" like internet cafés. But your account details could be stolen while you're banking online in the comfort of your own home, says Van Eeden.

Your identity is stolen by "tricking you". In the first instance, thieves pretend to represent your bank and trick you into giving them your details, called 'social engineering'. Alternatively you're fooled when "syndicates create fake websites" on which you then enter or change your bank details.

But is it fair that you should be paying some R20 per month internet subscription fees — which often excludes transaction costs — if there's a chance that your account could be compromised? Standard Bank and Absa bank, two of the three banks that admitted that their internet banking facilities had been penetrated, charge a R21 per month and R19.95 per month internet subscription fee respectively.

'Awareness' required

Van Eeden replies that when you bank online it is no different from walking into your branch to bank — "the same level of awareness is needed", making banking safely your responsibility.

But can banks do any more? Swats tells iafrica.com that banks are making use of world-class IT systems and infrastructures which offer the most secure and effective service possible.

"The banks and Sabric are working closely with law enforcement to ensure that bank related crime is dealt with in an appropriate manner."

According to Van Eeden, banks could add one more layer of security when you log in — by using a physical 'token' which uses a formula which is synchronised with your password, giving you a number which changes every minute to enter when you log in. This is however an expensive procedure for banks and could push up your internet banking costs.

Get the latest updates

You should therefore always follow the basic security procedures, he says. The software that you need to protect yourself is "freely available" — you should install the latest anti-virus and anti-spyware software (offered by the likes of Microsoft), and always get the latest security updates.

The onus is on you to follow the basic security procedures since banks have no direct control over the access points their clients may use and customers "should take the necessary precautions to ensure that the access point they use are safe to use", says Swats.

You're up against sophisticated and determined thieves. Says Van Eeden: "In the past, hackers hacked computers, now criminals hack computers."

Here's a list of what you should be doing in order to ensure you are banking safely online:

Call your bank immediately if you're unsure about any security issue.

RSS

Digg

de.li.cious

facebook