There has been much talk over the past few months of a lack of information security in the online banking industry in South Africa. In fact, South African banks have been working very hard to protect their customers...
Inherent Risks in Online Banking
Online banking is by definition, a risk. Like telephone banking, rather than presenting yourself to the bank teller within a branch of your lender, online banking demands that distance and hardware are placed between you and the banking establishment. It is by taking advantage of these barriers - in more ways than one - that scammers, fraudsters and thiefs can take your identity and the contents of your bank account.
The result of this is a need for increased security provisions – something which banks in Europe, the Far East, the USA and prosperous areas in the Middle East have implemented without a problem.
Given the country’s links to Europe and the requirement for continued confidence within the financial sector in the short time since what amounted to a political and cultural revolution 20 years ago, you might expect there to be an acceptable degree of information security within online banking in South Africa – especially given their 2010 hosting of the most watched sports tournament on Earth, the FIFA World Cup.
Information Security within the Online Banking in South Africa
Phishing has been widespread in South Africa over the past few months – spoof websites have been an active tool in the quest for scammers to steal personal information from online banking sites, leading to a massive crackdown by the banks.
According to claims by the South African banking industry, over 900 fraudulent banking websites were shut down in the first three months of 2010 – a massive proportion of those were used as fake websites styled to look like the sites of major banks.
The problem with closing down a website is that a copy can be instantly created with a small amount of webspace – the scammers don’t even necessarily need a database, just a script to email personal details directly to them. It seems that the banking industry in South Africa has a tough job on its hands to educate their customers of the dangers of phishing and spoof websites.
Find out more about phishing and how to prevent it in my article Best Practices to Prevent Phishing - meanwhile learn how to identify a spoof website with this article, Guide to Recognizing a Phishing URL.
How Improvements Could be Made
Everyone in the banking industry in South Africa recognises that there may previously have been lack of information security within the online banking industry in South Africa, not to mention a lack of awareness.
While efforts to combat spoof websites have been described as “leading the world", the banks are not embarking on a quest to improve education about the dangers of phishing. There is only one way an online bank account can be reliably hacked and emptied – a customer must divulge secret personal information to a stranger, either over the phone (someone pretending to be a banking official or law enforcement agent) or into an email or spoof website.
South Africa doesn’t need the image of a place where it isn’t safe and secure to trade or use online banking – the 2010 FIFA World Cup will see hundreds of thousands of football fans from around the globe descend on the country, most of whom will be using online banking throughout the tournament.