MTN has noted the reports about customers losing money from their personal bank accounts.
MTN wishes to assure its customers that it has put security requirements and systems in place to improve security.
MTN continuously reassesses the applicability of such security controls and as and when such security controls are breached, new and different controls are developed and implemented. However, as with any security and control systems, unscrupulous individuals will always explore ways of circumventing such systems. It is unfortunately a continuous process as criminal elements always find ways to improve their fraudulent methods.
Since 2009, MTN has implemented and had made available to the banking environment a feature called Subscriber Identity for Third Parties (SIFT), which gives banks real-time alerts on change in Sim card number. MTN’s view is that if implemented by a bank, SIFT should go a long way to enable banks to mitigate bank fraud risk. Banking sector has had access to this system at a nominal cost.
This solution will now be zero rated and MTN hopes that by zero-rating this solution it will be widely used by banking industry to address some of the challenges, they face.
MTN has also implemented a range of other security interventions for the Sim swap process. These measures include improved Sim swap verification and a double opt-in to activate the SIM swap, to give control to the customer.
Another solution within the Sim swap verification process that MTN introduced was a 1 hour SMS notification to ensure that the legitimate customer has ample time to confirm the Sim swap request.
MTN is furthermore investigating a solution that allows customers to be contacted on a secondary number or email address to verify SIM card swaps. This of course is dependent on customers giving to MTN such secondary contact details. If successful, the Sim swap will be activated only after the customer has given consent to the transaction via the alternate contact detail.
MTN urges its customers to safeguard their Internet and telephone banking log-in details and password against social engineering (phishing) to safeguard their accounts. The banking customer’s log-in details and password is the last line of defense that should only be known to the user. The onus is on consumers to ensure that their passwords and log-in details are not compromised.
In a number of cases of fraudulent transactions, the customer has already compromised by unwittingly divulging their details to third parties either through phishing or social engineering.
Where fraudulent activity has taken place, MTN is working closely with the South African Police Services as well as the South African Banking Risk Information Centre (SABRIC) to assist in the necessary investigations to bring perpetrators to book.