One South African bank winning the fight against banking app fraud

Bank Zero says it is in the unique position of having no banking app fraud as well as no card fraud at a time when scammers and malicious actors are actively targeting banking app users.

South African banks recently warned of an uptick in banking app fraud impacting their clients. However, Bank Zero is free of fraud by design.

“We are in the unique position of having zero banking app fraud. As an aside, we also have zero card fraud thanks to our card patent and allowing authorised online purchases only,” Bank Zero co-founder Lezanne Human told MyBroadband.

“Our customers cannot be phished, and this is by design. We’ve worked from the assumption that a customer will, at some point, during clever social engineering, divulge their login details, OTP, etc., to a third party.”

Because of this, Bank Zero designed its app so that any new device pairing still requires verification through its biometric system. Human emphasised that this is its own biometric system and not those featured on smartphones.

Verification must occur before any new recipients can be loaded and paid.

“This prevents phishing,” added Human.

She explained that even in situations where a customer’s device is stolen, the perpetrators won’t be able to access their banking app unless they divulge their login PIN.

“Our customers can then minimise the risk by quickly pairing from any other device and then removing the previous device from their profile, thereby stopping all banking app activity on the stolen device,” she said.

“To keep apps secure, the standard advice is to keep login details private, phones locked, and banking apps and certain bank accounts within the banking app hidden.”

She noted that Bank Zero is exploring ideas to prevent “app-jackers” from being able to access the app at all. However, Bank Zero is unable to share more information on this at the moment.

Phishing and malware targeting banking customers

Several South African banks recently told MyBroadband that thieves are increasingly targeting customers who use smartphone banking apps.

Banks like Absa, Capitec, Nedbank, and Standard Bank agree that the biggest threats their customers face are phishing and remote access through malware.

Absa chief fraud strategy and analytics officer Ulrich Janse van Rensburg said there had been a significant uptick in banking app fraud.

However, he noted that app use in South Africa also markedly increased.

“We are seeing a significant increase in investment-and-false goods scams linked to mobile payments that surface on social media platforms,” he said.

“Most of the mobile app fraud is driven by customers being instructed by criminals impersonating banking officials to move funds to a safe account or to approve transactions.”

Capitec, Standard Bank, and Nedbank agreed. They warned that email, WhatsApp, and SMS-based phishing pose a significant threat to banking app users in South Africa.

They emphasised that the majority of banking app fraud results from sophisticated social engineering campaigns, rather than technical vulnerabilities within banking platforms.

Standard Bank’s head of fraud risk management, advocate Athaly Khan, added that remote access through malware also poses a significant threat.

“Through manipulation and deception, we are now seeing fraudsters employ the aid of customers to facilitate payments or unknowingly grant access to their banking app,” said Khan.

To mitigate the threat of remote access through malware, Khan advises that customers don’t click links in unsolicited messages asking for personal or banking information.

He also recommends avoiding loading any applications that don’t come from trusted marketplaces, not downloading files that enable anyone to view your device’s screen, and avoiding allowing remote access to your computer through software like AnyDesk or TeamViewer.