In late August, credit bureau Experian notified the public that there had been an incident involving a fraudulent data inquiry which released the personal information of 24 million customers.
Although it appears that this breach did not contain sensitive information, there is an increase in criminal attempts to access our personal information. As responsible consumers, we need to behave as if our identity is compromised and act accordingly.
Mimecast’s State of Email Security 2020 report shows that 53% of South African organisations saw an increase in phishing attacks over the last year, while 46% witnessed an increase in impersonation fraud. These attacks are growing every year.
According to Experian, the data breach was limited to contact and employment information which is publicly available. No detailed information, including bank account information or credit profile information was shared.
“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services,” Experian stated in a press release.
Quick action resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.
South African Banking Risk Information Centre (SABRIC) CEO, Nischal Mewalall says that while there is no need to panic as Experian and the banks have taken steps to contain the incident, “to realistically protect your data, you need to be savvy about how you allow to access to your data. In everything we do we generate a record physically or virtually. Even going onto the internet generates records. As we access websites, our data is being harvested. To realistically protect your data, you need to learn how to avoid your data being harvested unintentionally.”
Need to remain vigilant
While we have been warned not to click on any links in emails or SMSs, including those that appear to be from our bank, we also need to be vigilant when we receive a call from our bank.
Manie van Schalkwyk of the Southern African Fraud Prevention Service (SAFPS) says criminals pose as your bank, calling to warn you of unusual activity on your account or that a large debit order is about to go through. You panic and agree that you want it investigated or stopped. The person verifies your information by giving you details such as where you live, your contact numbers and some other personal information such as accounts you may have. You now feel confident that you are dealing with the bank, as only they have access to that information.
At that point the scamster says the system as gone down and asks if you could please provide your banking details so they can expedite the reversal. The only way to protect yourself is to follow the rule that you never provide any banking details via telephone, email or SMS. Tell the person you will call the bank directly to verify the call.
Another risk is ID theft where a scamster has enough information to pretend to be you. They can open credit agreements in your name. Many service providers use knowledge-based authentication to confirm your identity. This means they ask you a set of questions based on the personal information they have from the credit bureau such as an address you once lived at or which retail store accounts you may have.
Van Schalkwyk says in the case of a data breach, this information would be available to the scamsters who could then impersonate you and make changes to your accounts. By regularly checking your credit record you are able to see if there are any unusual enquiries or new accounts on your record.
How to protect yourself
Given the current breach, credit bureau Experian will be provide access to a monitoring service where the consumer will receive an alert on enquiries performed on their profile. This will then further equip the consumer to monitor unusual activity more accurately.
This service is offered free of charge for six months. To access this service go to www.mycreditcheck.co.za and request your personal credit report for free. You will be automatically signed up for the monitoring service. TransUnion is offering the same service with a free alert service until December.
Currently, SAFPS has an option for protective registration. If you are concerned that your ID has been compromised, you can sign up for this service which then sends an alert to all credit bureaus and credit providers.
Van Schalkwyk says they are fast tracking their Secure Citizen initiative, which is a biometric protection service that will verify your identity using your photograph and details confirmed with Home Affairs. Within the next few weeks voice recognition will be added to the identification process.
This means if anyone attempts to open an account in your name, the service provider will receive an alert and will have to verify that the person standing in front of them matches the photograph on the SAFPS system. Once the voice recognition feature is available, all contracts made via phone will also be authenticated.
If you are concerned about ID theft you can register with the SAPFS at 0860 101 248, although keep in mind you will have to be verified each time you enter a contract.
Additional ways to protect yourself
- Sign up for your bank’s notification system so you are notified of any transaction that goes through your account.
- Change your passwords on sensitive information if you believe your information has been breached
- Check your credit record at all six credit bureaus and look for unusual activity or accounts you have not opened.
This article first appeared in City Press.