Remove yourself from white collar crime hit list – advice from experts

Violent criminal acts attract most attention, but in financial terms white collar crime is a lot bigger. And one of its fastest growing segments is Identity Theft where syndicates in South Africa use publicly distributed information to rake in over R1bn a year. Carol McLoughlin of the SA Fraud Prevention Service says reported cases of Identity Theft have trebled in the past three years. Also in this CNBC Africa Power Lunch interview, Sylvia Papadopolous of the University of Pretoria pointed out easy ways all-too-trusting South Africans can reduce the risk of becoming victims. For instance, I’ve just deleted the cell number on the sign-off at the bottom of my emails. – AH

ALEC HOGG: In South Africa, across the economy an estimated R1bn – well, it must be a lot more than that with new techniques and scams popping up weekly… Carol McLoughlin is the Executive Director of the South African Fraud Prevention Service and Sylvia Papadopoulos is a lecturer in the Department of Mercantile Cyber Law at the University of Pretoria. Carol, just to unpack what your organisation does (preventing fraud, clearly): who are your members?

CAROL McLOUGHLIN: Alec, we largely have the banks, retailers, telecoms, and insurance so it’s across all sectors of the industry, but predominantly the financial services industry.

ALEC HOGG: So when my credit card, which has been skimmed three times, I think… Would that be your organisation that would be involved there or would it be the banks who pick that up directly?

CAROL McLOUGHLIN: The banks would be involved directly and then obviously, with the assistance of SABRIC (S.A. Banking Risk Information Centre). SAFPS comes into play when the actual fraudster or perpetrator can be identified. That individual’s information would then be listed on the database, provided there is credible evidence proving what’s taken place.

ALEC HOGG: How many of those fraudsters are caught?

CAROL McLOUGHLIN: Not many in that type of case because you’re dealing with someone who is, essentially, a ghost. The scary part about it is that you don’t know who’s behind those particular scams/crimes etcetera. Our database predominantly has records of individuals who can be identified, and who have physically tried to create an organisation, becoming a victim of the attempts to be granted access to a loan, etcetera.

ALEC HOGG: So who would access that database? Who would have access to it?

CAROL McLOUGHLIN: You mean the companies… Once they’ve picked up an incident of fraud and they can identify the perpetrator, that individual’s information is listed onto the database.

ALEC HOGG: Do they have to have a criminal record?

CAROL McLOUGHLIN: No, it doesn’t have to go through the court as long as the evidence that they have on record is sufficiently credible and proves the actual incident that took place.

ALEC HOGG: Sylvia, as an academic, is that right…is it legal? It just sounds as though there could be a possibility of somebody who shouldn’t be there, getting onto the database.

SYLVIA PAPADOPOULOS: I speak under correction, but there’s probably quite significant security on the database, ensuring that it’s only authorised people who have access to that. We currently don’t have specific legislation in place (or that’s enforced yet) that would deal with that kind of database/information. We’re looking at POPI, which should come in within the next two years.

ALEC HOGG: POPI?

SYLVIA PAPADOPOULOS: Protection of Personal Information Act. It’s an Act already, but it’s not enforced yet because of certain regulatory features that need to be sorted out. For example, a regulator needs to be established. It provides a 12-month grace period before POPI becomes relevant.

ALEC HOGG: How is POPI going to change our lives?

SYLVIA PAPADOPOULOS: POPI is going to be quite significant. I would say that South Africans are very casual and sometimes naïve about our personal information. If we compare it to Europe for example, who’s had Data Protection legislation for almost 20 years, they’re very aware. As soon as somebody asks them anything about personal information, ‘why do you want to know? What do you need it for’, whereas we give rather freely. People don’t really give a second thought: listing your telephone number at the bottom of your email, contact details, qualifications on web page. It’s freely available. When you start putting it together, you have a very detailed profile.

ALEC HOGG: So it makes it easier Carol, for the fraudsters to get to work in this area of identity theft.

CAROL McLOUGHLIN: Alec, I think I should maybe elaborate a little bit on the listing of the individuals in that obviously, a thorough forensic investigation is undertaken. In our Code of Practice…

ALEC HOGG: We get that. Sylvia said you guys aren’t breaking any laws.

CAROL McLOUGHLIN: I just want to make sure that we’re not prejudicing the consumer.

ALEC HOGG: What about the issue of identity theft. If we as South Africans are naïve, are you finding that you’re seeing an increase in the number of people who are perpetrating these crimes (identify theft)?

CAROL McLOUGHLIN: Absolutely. For the past three years, I don’t know if it’s because there are generally greater awareness out there, because we’ve obviously been putting a huge drive forward to try to build that awareness and make sure that people understand the implications/pitfalls of sharing information so readily. The challenge we have is we’ve seen the incidents reported to SAFPS over the past three has almost trebled.

ALEC HOGG: Three years – trebled…

CAROL McLOUGHLIN: Yes.

ALEC HOGG: What numbers?

CAROL McLOUGHLIN: Last year we ended off on about 3800 – close to 3900 cases.

ALEC HOGG: How much did people lose in that respect?

CAROL McLOUGHLIN: It’s difficult to establish the exact amount was. R1bn was bandied around as the amount of loss that companies could potentially have incurred, but it’s very hard to put an estimate to that number because we only see what’s reported. We don’t know what’s happening out there that we’re not aware of.

ALEC HOGG: How do you protect yourself, Sylvia, apart from being naïve?

SYLVIA PAPADOPOULOS: A lot of it is common sense. If you’re asked to give personal information and something doesn’t feel right, don’t do it. It’s common sense. Don’t ignore it. We’ve seen incidents where it’s….I almost want to say ‘evolving’ from the initial 419 scams…’you’ve won U.K. lotteries’ to actual phone calls that sound and look very genuine, but it’s evolving. However, if you feel something isn’t right, don’t give out the information.

ALEC HOGG: What do they do with that information? Let’s just say I put something at the bottom of my emails, how is that going to prejudice me?

SYLVIA PAPADOPOULOS: Part of a wave we saw in the last year was the SIM-swap fraud. They needed your access to your bank account and they needed your passwords, but in order to do the SIM-swap, they need your name, your address, and your telephone number.

ALEC HOGG: That’s all.

SYLVIA PAPADOPOULOS: That’s all and that is readily available. If you’re going to fill in a form where the website isn’t properly secured or they don’t have a proper security system around it, your ID number is out there. We fill it in on forms and we fax it off. We don’t ever verify to whom we’re faxing it.

ALEC HOGG: Well, I’m sure Sylvia’s given us some tips there Carol, but do you think that South Africans are naïve? Do you agree with what she’s saying – that we are too trusting – from your experience?

CAROL McLOUGHLIN: Well, from my own personal experience, I got an SMS yesterday saying ‘the Fraud Department at Standard Bank needs you to contact them urgently. Reference number: FIZ’.

ALEC HOGG: Do you bank with Standard Bank?

CAROL McLOUGHLIN: I do. I looked at this and I thought ‘is it credible? Isn’t it credible?’ You can’t help but doubt everything that asks you to do anything that requires you to share any information.

ALEC HOGG: So where do we go to, from here. Are we going to become so untrusting?

CAROL McLOUGHLIN: I think it’s just a sign of the times. What can we do? I think it’s generally having these types of discussions. It’s making sure that organisations understand their role in educating consumers and I think they’re already doing a great job with that. However, the challenge is do you get to everybody in every which way you can? As you say, the actual scams look so authentic that you can’t really tell from the website address that you’re getting in a phishing scam or the SMS you’re getting from whomever. You can’t tell if it’s genuine or not.

ALEC HOGG: Organised crime is big business. Just to close off with, your database: if somebody gets onto your database and they might have rehabilitated – they went to jail and got themselves sorted. How do they get off the database?

CAROL McLOUGHLIN: That’s the point I wanted to make earlier. We don’t want to prejudice consumers. We have a dispute process in place. The individual can contact the company that listed them and if they have sufficient evidence to prove that they were innocent, they’ll obviously be able to be taken off.

ALEC HOGG: How do they know they’re on the database?

CAROL McLOUGHLIN: They will find out when they are… Once they’re listed: within 24 hours, we send a letter to them. Nine times out of ten, those letters come back because the information provided by the fraudster is usually false. However, if they do get the letter and they don’t accept… Quite often, we pick up victims in this way because we would send a letter to the victim saying ‘you have committed fraud’ and meanwhile, it was the fraudster who committed the fraud, by opening the account in the victim’s name.

ALEC HOGG: Carol, thank you for your participation today. Sylvia, it was nice to have you here as well. You educated me. No more telephone numbers on the bottom of my emails although I’m sure that’s the least that I need to do in order to protect myself. That was Carol McLoughlin, who’s Executive Director of the Southern African Fraud Prevention Service, and Sylvia Papadopoulos, lecturer in the Department of Mercantile Cyber Law at the University of Pretoria. Thanks for being with us today. That’s all we have for you in this edition of Power Lunch.

Visited 364 times, 1 visit(s) today