In the vault

The South African Banking Risk Information Centre and its members and shareholders are working to protect the banking sector from crime

The South African Banking Risk Information Centre (SABRIC) is a non-profit company formed by SA’s four major banks to assist the banking and cash-in-transit industry combat organised bank-related crimes. SABRIC aims to be Africa’s trusted financial crime risk information centre, leveraging on strategic partnerships with its member banks and stakeholders, and it aims to be Africa’s first choice for financial crime information by 2020.

SABRIC, originally instituted by the then Banking Council, now, the Banking Association of South Africa (BASA) was officially created in 2002 by ABSA, FNB, Nedbank and Standard Bank as a separate company to combat bank-related crime. SABRIC is funded by its member banks and has, since its inception, forged sustainable relationships with appropriate stakeholders at local, regional and international levels to build crime-combating networks. These networks are managed to share current and emerging risks, threats and best practices with its stakeholders and partners to benefit its members.

SABRIC’s members comprise 18 banks, three cash-in-transit companies and one ATM provider. In addition, SABRIC also collaborates with its stakeholders – departments and organisations that include the SAPS, Directorate for Priority Crime Investigation (the Hawks), National Prosecuting Authority, Department of Communications, CSIR, SARS, PSI, Consumer Goods Council of South Africa, telcos and mobile service providers, among others, to fight banking crime.

SABRIC’s underpinning principles for success are based on it being the primary repository for banking and cash-in-transit industries crime data; the industry representative body on matters relating to crime and cybersecurity; the custodian of the inter-bank stakeholder relationships relating to banking crime and cybersecurity; and the co-ordinator of crime- and cybersecurity-related inter-bank activities or initiatives.

Bank crime falls into three priority areas, namely contact crime, digital crime and application fraud. In the past, contact crimes such as bank robbery and associated robbery dominated the crime landscape. However, the advent of the digital era has seen a rapid escalation of cybercrime. The evolution of banking has seen the emergence of platforms for bank clients to self-service without ever having to set foot in a bank branch. Bank clients can now digitally open new accounts, apply for new bank cards, access recent bank statements and more.

Digital platforms include banking apps (available from Google Play and Apple’s App Store), bank-specific online banking via the internet, and mobile banking, which utilises USSD (unstructured supplementary service data) and GSM (Global System for Mobile) communication technology used to send a text between a mobile phone and an application programme in the network.

Unfortunately, the convenience of these platforms continues to be marred by fraud committed by opportunistic criminals who constantly seek ways to exploit vulnerabilities. Criminals know that humans are the weakest link, and they rely heavily on social engineering techniques to harvest personal and confidential information using techniques such as phishing, vishing, smishing and business email compromise.

In addition to digital platforms, compromised bank card data can also be fraudulently used in what is known as ‘card not present’ fraud. This occurs without the physical card being present. Card details, which include the card number, cardholder name, expiry date and PIN are gleaned by criminals to make online purchases. One of the ways they do this is via vishing or ‘voice-phishing’, where the criminal phones a bank customer, leads them to believe that they are speaking to the bank or a legitimate service provider, and then uses social engineering tactics to manipulate them into disclosing their confidential bank card details, as well as other personal information.

To combat these crimes, SABRIC hosts a centralised crime data hub, a digital platform from which inter-bank information sharing is driven. As a repository for banking industry crime data, it utilises smart communication platforms to optimise information sharing about bank-crime incidents and modus operandi to uncover criminal syndicates and bank-crime trends. It is also the centre for multiple point-to-point connections between users and data suppliers and continues to evolve to further enable analytical capabilities to unpack and understand looming threats.

In contrast to SABRIC services that operate ‘under the radar’ for reasons of intel and security, SABRIC media and awareness does just the opposite – leveraging appropriate channels and platforms to empower bank customers with information about modi operandi, and tips on how they can protect their money.

As banks deploy robust, layered control frameworks to mitigate fraud risk, fraudsters will continue to exercise social engineering techniques more and more. Therefore, SABRIC’s awareness messaging now hinges on the tagline: ‘You are your money’s best protection’.

These messages are conveyed via the most appropriate channel for a particular modus operandi. For example, where cybercrime awareness targets digitally savvy audiences on digital platforms, such as Facebook and Twitter, associated robbery or ATM card fraud awareness
is better received via the airwaves on community
radio. SABRIC is always pushing the boundaries, constantly seeking novel ways to reach people, as opposed to merely ‘preaching protection’.

In addition to creating awareness, SABRIC initiates and maintains good relationships with the media. It responds to industry-related media enquiries; compiles proactive media statements to create crime awareness that align with member bank directives and priorities; and accepts media invitations to participate in radio and TV interviews to promote the interests of the banking industry and broadcast awareness messaging.

SABRIC prides itself on its agile culture and consistently ensures that adjustments to its service offering and operating model are seamlessly implemented to align with threats in the bank-crime landscape.

Building B, Hertford Office Park,
90 Bekker Rd, Vorna Valley,
Midrand, 1686
+27 (0)11 847 3000
Facebook: @SabricZA
Twitter: @Sabric