THE DO’S AND DON’TS TO PROTECT BANK CUSTOMERS FROM FRAUD
There has been an increased risk of fraudulent activities in the Banking Industry in the last few years. As we are committed on safeguarding you from such activities we have decided to advise you on the Do’s and Don’ts of safeguarding your finances. We hope the following tips on protecting yourself from fraudulent activities will assist you.
- While collecting your cheque book from the Branch, please ensure you go through the cheque book teams and conditions that apply to its collection and use. The teams and Conditions are listed on the 1st page of the cheque book.
- Whenever you receive your cheque book, please count the number of cheque leaves in it. If there is a discrepancy, bring it to the notice of the Bank immediately.
- Ensure that you reconcile your accounts promptly and regularly. For business accounts, consider an independent review by the appropriate level of management of your firm or by yourself.
- If you hold business accounts, consider opening a separate account specifically for higher value cheques, so they can be easily monitored.
- Ensure that any spoiled cheques are destroyed. We recommend shredding.
- For business accounts, separate the cheque writing/electronic payments and account reconciliation functions.
- Limit the number of signatures to your account to ensure control.
- Ensure that your signature is not affixed to documents that can be accessed by the general public
- Keep your cheque book at a lockable secure location when not in use.
- If your cheque book is lost or stolen immediately contact your bank and inform the loss
- Mark all invoices as paid once a payment is made.
- Consider using electronic means of payment (if possible) for high value payments.
- Ensure that your mailbox is secure to protect your inward cheques.
- Do not sign blank cheques, only sign cheques after all details have been completed.
- Do not leave gaps in the completion of the payee’s name, amount in words and in figures.
- Avoid sending high valued cheques via mail.
- Avoid sending cheques in window fronted envelopes.
- Do not provide your banking details to external parties.
- Memorize and destroy the PIN provided for your own safety. You could change the PIN to a number preferred by you. When selecting a new PIN, always avoid the obvious, such as telephone number, date of birth or combination.
- Check statements and call your debit card issuer immediately if you see anything suspicious on your statement.
- Always sign your card with a ball point pen as soon as you receive it.
- Keep track of when new and re – issued cards should arrive, and call the debit card issuer if they don’t come on time.
- When using your card at any merchant establishment, ensure that all details have been entered correctly and completed before adding your PIN.
- Ensure that you sign only one receipt. If the merchant makes more than one copy for any reason, make sure all extra copies are destroyed, including the carbon copies.
- Keep your transaction slips for reconciliation with your statement at the end of each month. Inform the bank in writing immediately of any disputes within the stipulated time period for reporting disputed transactions.
- After completing an ATM transaction, remember to take your Debit Card and retain the transaction slip. If your Debit Card is stuck in an ATM machine, beware of any one offering help unless identified as a bank employee
- Always remember to get your Debit Card back after every purchase.
- If you are traveling abroad, please inform the Bank about your travel plan
- Do not keep your Debit Card and the PIN together or write the PIN on the card.
- Do not use the same PIN for all your cards, and don’t choose your birth date or other easily identifiable numbers that can easily be guessed.
- Do not let the Debit card out of your sight. Most frauds take place when the cardholder is not around. Whenever possible pay the bill at the cashier rather than handing it over to the waiter.
- Do not lend your Debit Card to anyone. You are the only authorised and acceptable holder and user of the card.
- Do not disclose your PIN to anyone whether it is to your Relationship Manager or even the police. You are the only person who should know it
- If you notice something suspicious about an ATM machine do not use it. Immediately contact the bank’s customer care center or help desk and inform the staff member and you may save many others from fraudulent activities.
- Store your personal data (ID, passport, driver’s license) at a safe place
- Report any loss or theft of documents such as driver license, Debit card or passport immediately.
- Keep tax records and other financial documents in a secure place.
- Cancel all unused or dormant accounts that you may have.
- Be creative in selecting Personal Identification Numbers and passwords for your email accounts.
- If regular bills fail to reach you, call the company to find out why
- Do not divulge your passwords to anyone.
- Don’t give out any credit card details, e mail addresses and other personal details to unknown persons
- Don’t make copies of your National ID cards/Bank cards / passport and leave them unattended.
- Don’t pre-print your driver’s license (The NTSA new generation Driver’s license contains a lot of information about you), telephone or other numbers (NSSF, NHIF) etc on your checks.
- If your bills include suspicious charges, don’t ignore them
- If you have a website, do not post your address in the HTML “mail-to” format
- Do not open spam mails. Be especially cautious of e-mails that:
- Come from unrecognized senders.
- Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
- Are not personalized.
- Try to upset you into acting quickly by threatening you with frightening information.
- Do not click on links, download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from an enterprise, you do business with. It is a good practice to call up the concerned to confirm in case the e-mail is unexpected.
- Communicate personal information only via secure web sites. In fact:
When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than a “http:” it is advisable to check if the website address is correct before conducting any transactions.
- Protect your computer by installing effective anti-virus / anti-spyware / personal firewall on your computer / mobile phone and update it regularly.
- Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.
- Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on e-mails/links from government bodies.
- Register for SMS alerts to keep track of your banking transactions.
- If you have to share your mobile with anyone else or send it for repair/maintenance;
- Clear the browsing history
- Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information.
- Block your mobile banking applications by contacting your bank. You can unblock them when you get the mobile back.
- Do not save confidential information such as your debit/credit card numbers, CVV numbers or PINs on your mobile phone.
- “Shoulder surfer” can peep at your PIN as you enter it. It is advisable that you stand close to the ATM machine and use your body and hand to shield the keypad as you enter the PIN.
- Press the ‘Cancel’ key before moving away from the ATM. Remember to take your card and transaction slip with you.
- While talking on phone never disclose:
- 4-digit ATM/IVR PIN
- 6-digit 3D secure PIN
- OTP password word
- Internet banking password
- CVV (Card Verification Value)
- Onscreen Keyboard: This would be the easiest way to protect your password from being recorded by key-loggers, especially at public terminals. All banks have this option available to input username and password.
- Random Passwords: Use a combination of random letters and numbers as words, names and phrases for your Password.
- Do Not Follow Links: Always type in the web address (URL) to access your bank’s website. Never click on a link from an e-mail you get.
- Be Secure: Keep your operating system and browser up-to-date with the latest security patches. Install these only from a trusted website.
- Keep your passwords, Personal Identification Number (PIN) and card numbers confidential.
- Look for the lock icon: Before entering personal information on a website, look for the “lock” icon in your browser. A closed lock or padlock indicates that the website you are on is secure.
- Use a firewall to protect your computer.
- Install Security Updates: You should download and install security updates regularly or configure your operating system to automatically check for new updates.
- Change your password regularly: For the first time you login to your internet banking account, you will need to use the password provided by the bank. However, you need to change this password in order to keep your account safe. In addition, keep changing your password at regular intervals. More importantly, keep the password confidential at all times.
- Do not share your details with anyone: Your bank will never ask for your confidential information via phone or email. Therefore, in the event you receive an apparent phone call from the bank or an email requesting your details, do not give out your login information.
- Keep checking your savings account regularly: Check your account after making any transaction online. Verify whether the right amount has been deducted from your account. If you see any discrepancies in the amount, inform the bank immediately.
- Always use licensed anti-virus software.
- Never leave your computer unattended once you have signed in to online banking.
- After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.
The fastest growing type of scams are known as authorised push payment fraud (APP fraud).
This scam usually works with a fraudster contacting you over the phone, by email or on social media pretending to be someone you trust, like your bank. And ends with the scammers convincing you to send them money.
We have outlined what these bank scams usually look like, how authorised push payment fraud works and how to protect yourself from fraud;
- You might have received a phone call claiming to be from your bank telling you there’s a problem with your account
- The phone call is usually something security related like telling you someone has hacked your bank account or you have been a victim of identity fraud
- The scammers will ask you to transfer the money into a ‘safe account’ until the problem is solved or open up a new account for you over the phone
- They might also have asked for personal information like your PIN, email password or 16-digit debit card number. They might know some personal information about you already. This is to establish trust
- The scammers might be rushing you to tell them these personal details or to make the bank transfer by repeatedly telling you your account is at risk. They also might say that you could lose all your money if you don’t move it immediately
- Don’t transfer any money and don’t give them any of these details: This is a scam!
How do these bank scams work?
Authorised push payment scams can be really effective as fraudsters can easily “spoof” phone numbers. This means calls or text messages look like they are coming from your bank, when it’s not actually your bank getting in touch.
Fraudsters can also use scare tactics to make you believe your money isn’t safe. They might’ve said there was a serious security issue with your account. To protect your money, you need to move it all to a ‘safe account’ or to a new account they’ve created for you by making a bank transfer immediately.
They give you the account details and insist you need to act urgently, or risk losing all your money. They could also have asked you to disclose personal details like your PIN, email password or the 16-digit number on the front of your debit card.
What should you do if this happens to you?
Don’t make any bank transfers. Authorised push payment fraud is an increasingly common kind of scam where someone tricks you into sending them money from your account.
Remember that your bank or the police will never:
- Call to ask you for your PIN or full banking password
- Ask you to withdraw or transfer money to any other account
- Send someone to your home to collect cash, a PIN number, cards or cheque books
Here are some important tips to help you avoid falling victim to a scam like this:
- Question who you’re talking to
Remember that fraudsters may know basic details about you, and can fake phone numbers, names and email addresses.
If someone claiming to be from your bank contacts you out of the blue, hang up the phone and get in touch with them directly using known contact details (you can usually find a bank’s contact details on the back of your debit/credit card).
- Take your time
Fraudsters will often try to scare you into sending money or revealing details, by saying that your account is under threat or they’ll involve the police if you do not comply.
An organization you trust will never try to panic you, stop you from talking to friends or family, or force you into making a bank transfer on the spot. If someone is pressuring you to send money over the phone, tell them you’ll think about it, hang up and call your bank using known contact details.
- Have the confidence to say no
Listen to your gut instincts and leave the conversation if something feels off.
A trustworthy person should not make you feel embarrassed or guilty. If you have any doubts at all, its always better to contact the bank using known details and asking them directly about the conversation you’ve had.
Do not just trust someone on the other end of the phone because they sound professional and say they work for your bank. Because once your money has gone, it’s often incredibly difficult to get it back.