Stanbic bank Botswana has foiled a P13 million fraud through Cell phone SIM SWOP by a criminal syndicate believed to be targeting commercial banks. The new electronic banking fraud scheme has turned the cellular from a convenient banking channel into an accomplice in your pocket.
Sunday Standard investigations have turned up information that the crime syndicate is diverting Cellphone banking customers’ alerts the One Time Password (OTP) required to carry out banking transactions by duplicating customers’ SIM cards.
The fraudsters obtain customers’ mobile phone number and bank account details through a phishing e-mail. They then ask the customers’ mobile-phone-service provider for a replacement SIM card under some legitimate pretext, like changing over to a new handset or loss of SIM/handset. The service provider would deactivate the customers’ SIM cards and sends a replacement SIM to the fraud syndicate. The syndicate would then open a dummy bank-account and introduce a payee into the customers’ bank accounts using the data they have phished. They would then transfer funds from customers’ accounts to the dummy account and then withdraw the money through an ATM. All this while, the service provider’s alerts don’t reach unsuspecting customers because their SIM cards have been deactivated.
Stanbic Bank Financial Crime Control Manager, Bickie Mbenge, confirmed that the fraudsters are using cell phone SIM swops to access bank accounts through customers’ identification documents such as passports, identity document details (e.g. Omang and Passports) and other relevant bank account documents such as bank statements, and cheque books.
“The fraudsters start by reporting that the customer’s cell phone sim card is malfunctioning or lost to the Mobile phone service provider (beMobile, Orange or Mascom), who will in turn verify the customer’s identity from the fraudster as they will have all the necessary documentation,” he warned.
He added that service providers will then disable the legitimate customer’s existing SIM card and activate a new SIM card with the same number which will be in the hands of the criminal.
Mbenge said through various internal security measures that the bank has put in place, his unit intercepted about P13m that was being diverted by the crime syndicate.
He urged members of the public to secure their mobile phone and banking details to avoid access by criminal syndicates and assured customers that the bank will strive to be always ahead of the criminals.
Detective Superintendent Chifana Toitoi of the Serious Crimes Squad said they were not aware of the crime because it had not been reported to them. He said some time back they investigated a case in which some criminals connived with Botswana Telecommunication Corporation BTC employees to divert calls made by commercial banks to confirm transactions. He said suspects were brought to book and since then his unit has not yet received a similar complaint.