CYBERCRIME ABOUT TO TAKE OFF' IN SOUTH AFRICA
An initiative by Standard Bank to tighten the safety of online banking has failed, with fewer than one in seven customers bothering to use the security software. The bank launched its security pin pad feature after money was filtered out of accounts by using keystroke logging software, which records the personal identity number (PIN) typed in by customers.
The bank's solution in 2003 was to display a small picture of a keyboard on the log-in screen, so users could click on the relevant numbers to enter their PIN instead of typing it. But the feature has been removed because of apathy by the clients it aimed to protect. The apathy shows that while users expect online activities to be secure, they oppose any inconvenience or changes to their own habits.
The bank says its transactions are still secure as it has now made it compulsory to use a one-time password, where a unique code is delivered by SMS when a user initiates a banking session.
It has also redesigned its banking website, annoying some customers who claimed the new software made it impossible to get online last month. The bank denied that the new interface was at fault, and blamed Telkom line failures. Telkom denied having any problems that would keep people offline.
The bank's director of self-service banking, Itumeleng Monale, says the new site supports virtually all internet browsers, and final tests are being done to ensure it is compatible with less common browsers. "The required changes will be implemented as soon as this process is complete."
Online fraud has seen some of SA's e-commerce websites die an early death, says William Mellor, CEO of Bigtime Airtime. He says recent PIN security enhancements for MasterCard and Visa card transactions will further boost consumer confidence.
Bigtime sells cellphone airtime online, and customers have welcomed the stronger "Verified by Visa" and "MasterCard Secure Code" security, Mellor says. Their security developments have enabled companies like his to grow enormously in a very short time, he says.
Last week, SA's largest hi-tech distributor, MB Technologies, opened a new subsidiary focusing on security. NetDefense, headed by Guy Whitcroft, will supply hardware and software security products and is recruiting some of the country's top security experts. It will also train the staff of hundreds of technology resellers to give them stronger security skills.
A global lack of skilled security technicians is hurting companies almost as much as their overall carelessness and lack of awareness, Whitcroft says, as networks expand far more rapidly than the security measures to protect them.
He estimates that SA's market for network security is worth R1.2bn a year. That will hit R2bn when people take the issue as seriously as they should, he says, since SA is five years behind the UK in its attitude towards cybercrime. Thankfully, the cybercrime rate in SA is also behind the international norm, but that will change. "We have to act now before we get hit hard in this country. The crime rate here has been very low, but it's just over the horizon as it gets tougher for hackers in the US and Europe," he says.
In the US alone, identity theft cost companies $80bn and individuals $20bn in 2005, according to the Federal Bureau of Investigation. Gartner analysts estimate that 75% of all companies will have some of their computers compromised this year.
Up to 80-million computers are controlled by external hackers every day, and are mostly used to generate spam. Although people think they receive far too much spam, that is only 30% of all the unwanted mail flying through cyberspace, as filtering software catches 70% of the original traffic.
Software company McAfee says technology investments to protect sensitive data are undermined by staff putting their own businesses at risk by lax behaviour. Employees take out a massive amount of confidential data, with 132-million documents, including customer records and financial information, leaving UK offices each week on memory sticks, cellphones or by e-mail and instant messaging systems.