.png "Twitter")
Standard Bank’s Security Blunder: How My Account Was Debited Without Authorisation
 |
| Standard Bank branch |
When Standard Bank notified its customers on July 3 2024 that its fraud mitigation measures remained robust and continued to protect them from potential fraud on their accounts, I believed it.
Four months later, in November, the bank said it would take disciplinary action against an employee who copied client data, including limited personal and financial information, to their personal device. Again, I believed it.
Four months later in November, when the bank said it would take disciplinary action against an employee that copied client data including limited person and financial information to their personal device, I again believed them.
Here I was, thinking Standard Bank took data security seriously and would go out of its way to protect customers against fraudulent schemes and in the process beef up its – it now appears – weak internal controls.
The bank spoke out strongly, saying its fraud detection systems will continue to actively identify and block any suspected fraudulent transactions, and that it had a “zero-tolerance approach towards fraudulent activities”.
But as the saying goes, fool me once, shame on you; fool me twice, shame on me. Below is my personal experience of how Standard Bank handled my complaint regarding a fraudulent activity on my account.
On August 13, 2024, I received a quotation for car insurance from Auto&General via my Gmail. I paid no attention to the quote and did not even bother opening it to check the granual details. By the time it landed on my inbox, I had already made up my mind that I won’t be changing my current car insurance.
To my surprise, early this year I received a DebiCheck request on my Standard Bank App from some company I couldn’t make up. It was gibberish of two alphabets and a string of numbers, which I would later find out was Auto&General’s business department, for a lack of a better word.
I reject this debit request out of hand, but to my shock, on February 28 the said company, somehow, accesses my bank account – don't ask me who authorised them - and debits almost R2,000.
I get on the phone and call Standard Bank to enquire about this debit. A gentleman I spoke to over the phone confirms to me that Auto&General is on the “rejected list”, as per information on their system. This is the kind gentleman who told me Auto&General is the name of the company that debited my account.
To my surprise, however, this gentleman can’t explain a simple question I asked him: If this company is on the rejected list, then who authorised it to debit my account? Why did this unauthorised debit order, somehow, slip through the cracks?
To his defence, all he could say was that I must contact Auto&General and demand a full refund. Days later, an employee from Standard Bank’s social media desk – no doubt spurred by my social media post on the matter – calls and takes me through a process to cancel/suspend the debit order.
The bank spoke out strongly, saying its fraud detection systems will continue to actively identify and block any suspected fraudulent transactions, and that it had a “zero-tolerance approach towards fraudulent activities”.
But as the saying goes, fool me once, shame on you; fool me twice, shame on me. Below is my personal experience of how Standard Bank handled my complaint regarding a fraudulent activity on my account.
On August 13, 2024, I received a quotation for car insurance from Auto&General via my Gmail. I paid no attention to the quote and did not even bother opening it to check the granual details. By the time it landed on my inbox, I had already made up my mind that I won’t be changing my current car insurance.
To my surprise, early this year I received a DebiCheck request on my Standard Bank App from some company I couldn’t make up. It was gibberish of two alphabets and a string of numbers, which I would later find out was Auto&General’s business department, for a lack of a better word.
I reject this debit request out of hand, but to my shock, on February 28 the said company, somehow, accesses my bank account – don't ask me who authorised them - and debits almost R2,000.
I get on the phone and call Standard Bank to enquire about this debit. A gentleman I spoke to over the phone confirms to me that Auto&General is on the “rejected list”, as per information on their system. This is the kind gentleman who told me Auto&General is the name of the company that debited my account.
To my surprise, however, this gentleman can’t explain a simple question I asked him: If this company is on the rejected list, then who authorised it to debit my account? Why did this unauthorised debit order, somehow, slip through the cracks?
To his defence, all he could say was that I must contact Auto&General and demand a full refund. Days later, an employee from Standard Bank’s social media desk – no doubt spurred by my social media post on the matter – calls and takes me through a process to cancel/suspend the debit order.
There is not one but two debit orders from Auto&General, one for almost R2,000 (that went through) and another for almost R3,000 (that had my surname spelt incorrectly). This lady tells me that, despite having cancelled these debit orders, I must be on the lookout as they could still go through, despite being flagged.
My call to Auto&General would unearth a whole lot of confusion – from my side of course – about how a bank could effectively allow fraudsters to use their system for sinister acts.
The Auto&General employee I spoke to started off by asking me what I considered to be strange questions, about the “type of business I’m in”, among others. I tell the Auto&General agent that I’m a journalist and do not have any businesses to my name.
He then breaks the news to me that, according to information on their system, I run an e-hailing business. I would have laughed if it were not so serious, because I drive an old 2014 Volkswagen jalopy, which would not qualify to join the growing Uber or Bolt fleet in the country.
I again tell him that I don’t run any business and that I use my car solely for commuting between my home in Ekurhuleni and my workplace at 16 Empire Road in Parktown. After a while, the Auto&General employee tells me that this business account will be cancelled, and a full refund processed in seven to 14 days. I am told to email through my bank statement, before being transferred to yet another agent, who would confirm one or two things with me.
At the end of this call, I go back to the quote I had ignored, and I’m met with obvious red flags. The address on the quote is wrong and the cellphone number is not mine.
I continue scrolling down, and under “important information” it’s stated: “This document is for quotation purposes only and places you under no legal obligation.”
It is stated that the quotation is valid for 30 days from the quotation date. I read this to mean, after 30 days had lapsed, the quotation is rendered moot and of no force or effect.
It’s therefore had to comprehend why a lapsed quote would be used as means to launch an unauthorised debit on my account, let alone the fact that I never accepted the quote.
Curiously, it’s also mentioned in the quote that “Your monthly payment includes a broker commission of 12.50% for the motor section and 20.00% for the non-motor
sections of your policy. This broker also charges a broker fee of R 50.00”.
Could these figures be reason enough why some brokers would go rogue, throw ethics governing their profession out the window, to make a quick buck and/or meet targets?
I’ve got so many unanswered questions. The first, perhaps, would be to ask Standard Bank why its internal controls and fraud mitigation measures are so feeble? Whatever explanation it offers, it will do little to convince me this time around.
Comments
Post a Comment