It’s no rocket science for crooks to steal from your bank account
Some people had a rough time over Christmas. Right in the middle of the world’s most anticipated holiday, fraudsters struck in Kenya and made away with money from some people’s accounts through Automated Teller Machines (ATMs).
I can’t but imagine the shock on those who discovered while overseas that they couldn’t fulfil any financial obligations because their accounts had been emptied. The Grinch – that fictional character who creates trouble around Christmas – had gone to town and made a killing.
So, how did he manage to be so successful? What would have been the best way to avoid such an incident in the first place?
This must have been a well planned attack. It was not sheer luck that an individual woke up and discovered he or she had dreamt up a means to get away with money from ATMs. It must have been a team effort.
Chances are that the Grinch preyed on the fact that Kenyan banking is still largely analogue in many departments. You fill out forms to apply for loans, cards, overdrafts and so on.
Although banking has grown technologically, there are still several transactions that remain analogue. As Adolf Galland theorised, “He who wants to protect everything, protects nothing.” That adage is true to this day, and more so in the technology circles and in banking.
In Western countries, there is hardly paperwork when it comes to obtaining a bank account. In fact, going to a local branch is rarely necessary as everything can be done online. Why? The appropriate data is interconnected and it is easy to validate a person without a photo and what not.
In Kenya, walking into a bank and out minutes later with an active account is rare. Too many people are involved in the process, which means that personal data passes through a number of hands.
That often takes a few days, during which your personal data will be handed over from one person to another. The net result is that with too many hands, and a lot of time, the person making the ATM card and the one who validates your details can conspire to clone the card. That sets the ground for the crime.
There is a stark contradiction though. Identity theft is not new, and neither is it restricted to online transactions.
Technology is a victim of its own success. In our hurry to depersonalise banking and make it unnecessary to visit your branch, we end up not knowing who we are dealing with.
In the old days, the branch manager knew you by name, and you knew him or her. Banks were in such high demand that to get an account, the application had to go through an elaborate approval process. But that is what made banking stagnate, as banks were perceived to be arrogant.
Today, identity theft is as easy as installing a programme like Zeus.
Zeus infects victims’ computers and steals personal data. It is so user-friendly that a primary school child with a basic understanding of the crime could install it and use it.
What is worse is that even in developed countries, discerning between the victim and the attacker and trusting the personal data to believe is very difficult, with the victim not learning about the crime until it is too late.
When the theft of client money is not orchestrated from within the bank, it could also be through card skimming. Popularised in Eastern Europe and Asia, widespread card skimming can make people reconsider using a credit or debit cards at retail outlets.
It is an easy thing to do. You give your card to make a payment and the crooked retailer has a reader that records the details of the card off the magnetic strip. The criminal then buys blank cards with a magnetic strip and puts the data onto the cards.
The duplicate cards operate as effectively as the real ones. To make it more effective, the skimmers can be installed into ATMs and not even the money couriers who top up the ATM would be the wiser. Skimming a card takes less than five seconds and there is absolutely no physical way of knowing that your card has been skimmed until it is too late. To prevent this, it comes down to one rule.
Never lose sight of the credit or debit card. When making payments at a retail outlet, make sure the “Process Data Quickly” (PDQ) terminal is brought to you in the case of a portable one. If it is fixed, go to where it is.
What do you do when you discover that your financial life is being drained away by crooks? This is literally the point where you do a litmus test on your bank.
A lax bank may not even be aware that there is fraud happening until its customers complain. Banks should always inform their customers when transactions seem out of place. Many of them don’t.
