Card Safety
Card Skimming
Card skimming is the unlawful copying of information on the magnetic stripe of a bank card so that fraudsters can create a "cloned" card. This card can be used to access your account and therefore your money but only if they also know your PIN. The PIN is usually obtained by fraudsters or accomplices looking over the cardholder's shoulder (also called shoulder surfing) when they enter their PIN at a card machine or ATM. This is why you must never share your PIN and always shield the keypad whenever you enter your PIN.
How Cards Are Skimmed
Skimming devices come in different shapes and sizes. They can be small enough to fit in the palm of your hand. Once the fraudster has your card, he or she will quickly swipe it through the device to capture the magstripe information. This will be used later to create a cloned card.
Skimming devices can also be attached to the front of an ATM and disguised to look like part of the ATM! In these cases, the card is skimmed when the card is inserted. The PIN is often captured by a tiny hidden camera in the false front, usually through a small hole above the ATM's keypad.
Chip card technology greatly reduces the instances of card skimming as they offer far greater levels of security that are much more difficult to get around. However, the magstripe on a chip card is still vulnerable to skimming, which a fraudster could use at a device that is not yet chip-enabled.
How to Protect Yourself from Card Skimming
- Keep your card in plain sight at all times
- Restaurants or garages have portable card machines that can be brought to you. If none are available, insist on accompanying the salesperson, waiter or petrol attendant to another location so you can pay with your card. This doesn't mean that while your card is not in sight that your data is being stolen - the cause for concern, however, is the possibility, which could mean the future risk of unlawful transactions
- Register for SMS Update, which sends notifications to your cellphone for money-out transactions when your card is used
- Monitor your accounts and check that the transactions are valid
- Report suspicious card transactions to our 24hr Client Care Centre and change you PIN or stop your card as soon as you identify fraudulent transactions
Internet Banking Security
Internet Banking is a convenient service that allows you to manage your money any time or place. We have taken great care to offer you a secure online banking portal to safeguard your money using:
- secure design
- daily vulnerability assessments
- 2-factor authentication through your Internet Banking security token
Find out what you can do to access your account safely and securely from the Internet Banking sign-in page.
Username
This is the name you choose during registration to assign to your Internet Banking profile for identification purposes. As with all sign-in details, keep your username secret to make it more difficult for criminals to access your account and reduce the possibility of attempted identity theft. Note that if you call our 24hr Client Care Centre (0860 10 20 43) with a specific Internet Banking query, we may ask you for your username. We have to do this to correctly identify your Internet Banking profile before we can help you.
Password
Never share your password with anyone! We'll NEVER ask you for your password.
Your password is 6-18 characters long and contains letters and/or numbers. Choose a password that's hard to guess and not obvious to those who know you. Changing passwords often will stop others from accessing your account at a later stage should they see you typing it while you are signing in.
Security Token Password
Your security token is linked to your profile and generates unique passwords for authentication purposes during Internet Banking sessions. These security token passwords help keep your account/s and money secure, and are needed when you sign in to Internet Banking, pay or create beneficiaries, and update your profile details.
These passwords can be used once and only for a limited time, so they are useless to someone shortly after they've been generated and used. Unlike passwords sent by SMS, they can't be intercepted as long as the security token stays in your possession and you do not enter them anywhere else other than on the Capitec Bank Internet Banking site. During registration you'll need to choose the security token type that you prefer using.
Validating our Internet Banking Site
When you registered for Internet Banking, your service consultant took your photograph and linked it to your Internet Banking profile. Always check that the photograph displayed is in fact you and that it is consistent with the photographs displayed on your previous Internet Banking sessions. If your profile photograph has changed without your knowledge or you suspect that you are not on the Capitec Bank Internet Banking site, do not continue transacting. Please contact us immediately.
If you are in doubt as to whether you are on our Internet Banking website, ensure that the URL (address bar) is "https://direct.capitecbank.co.za/ibank/". You can verify the digital certificate and also check the padlock in the browser.
Internet Banking Safety
- Ensure that no one has unauthorised access to your computer and security token
- If you lose your security token (cellphone or keyring), report it immediately on 0860 10 20 43
- Don't open suspicious or unfamiliar emails and never click on attachments or links in unexpected emails
- Poor grammar and incorrect spelling is often an indication that any email you receive and/or website you visit should be treated with extreme caution
- Never access the Capitec Bank website through a link. Instead, always type in the address or save the address as a 'Favourite' once you're sure that you're on our website
- Avoid using public terminals like Internet cafes for Internet Banking
- Don't open other websites while you are signed in. Only have a single browser window or tab within the browser window open
- Install and use the latest antivirus software
- Ensure that your computer has the latest operating system and browser updates installed
- Check the digital certificate to verify the authenticity of the sign-in page
- A green indicator will be displayed in the address bar to confirm that you are visiting a secure website. This indicator varies for different browsers but will always appear in one form or another if the site is secure
- Keep your sign-in details secret. No Capitec Bank employee is allowed to ask you for this information
Third-party Applications Downloaded Onto Your Cellphone
You must fully understand how third-party applications, not endorsed by Capitec Bank, work before downloading them onto your cellphone. You need to be aware that third-party applications have the potential to access other messages on your cellphone (such as your account info) with or without your knowledge.
Mobile Banking Security
Mobile Banking is a convenient cellphone service that allows you to buy prepaid airtime and electricity and manage your money any time or place. Your money is protected by a unique Mobile Banking PIN.
Mobile Banking PIN
You choose your Mobile Banking PIN in one of our branches when registering for Mobile Banking. You will need to enter your Mobile Banking PIN when using Mobile Banking to confirm certain transactions. Keep your PIN secret to make it more difficult for criminals to access your account.
Mobile Banking Safety
- Keep your Mobile Banking PIN secret and never share it with anyone
- You must only enter your Mobile Banking PIN when using Mobile Banking
- No Capitec Bank employee will ever ask you for your Mobile Banking PIN
- Ensure that you do not save your Mobile Banking PIN anywhere on your phone
- We will never ask you to switch off your cellphone or make changes to your cellphone or SIM card as part of any upgrade to Mobile Banking
- We will never ask you to stop using an ATM or any other service for a period of time as part of any upgrade to Mobile Banking
- We will never ask you to stop using an ATM or any other service for a period of time as part of any upgrade to Mobile Banking
- Inform us immediately if your cellphone is lost or stolen
Identity Theft
Internet Banking
Mobile Banking
Phishing
Phishing is a form of electronic fraud where your personal details and banking info is collected and an attempt is made to access your account. Fraudsters can collect your info by telephone or electronic communication (e.g. email, SMS, MMS, fax, etc.) in the following ways:
- They might ask for your user information (especially your password, security token password and PIN)
- They might ask you to verify your user details or personal information (especially your password, security token password and PIN)
- They might try lure you to a fake Capitec Bank website using a link in an electronic communication
Remember
When you receive an email, the fraudsters don't necessarily know that you bank with Capitec Bank. They send thousands of emails to random email addresses. The fraudster pretends to be from a legitimate company/institution and usually asks you for your confidential banking and personal info (PIN, username, password, security token password, address, credit card info, etc.).
Smishing
Smishing is a form of phishing, with the exception that a fraudster sends you an SMS trying to collect personal information in different ways:
- The fraudster might advise you that a bank official will be calling you to confirm your info, including any of your PINs (we'll NEVER ask you for this info). A fraudster then calls you soon after sending the SMS
- The fraudster might ask you to respond by SMS with certain personal information
Remember
Don't be fooled into thinking that the person sending the SMS or calling you is a Capitec Bank employee, even if they happen to have some of your personal information. If you're in any doubt, call our 24hr Client Care Centre (0860 10 20 43).
How to Protect Yourself from Phishing or Smishing
We'll NEVER contact you and ask you to verify sensitive personal or account information, PINs and passwords especially. We'll only ask you to verify banking or personal info (never PINs or passwords) if you call us. Please remember the following at all times:
- Never give your personal details and banking information to anyone
- Treat emails and pop-up windows asking for your personal details with the same suspicion that you would of the person behind you in an ATM queue
- Treat emails that appear to be from Capitec Bank asking for personal details with suspicion
- Don't follow any links in emails to reach our Internet Banking website. Always type our website address (www.capitecbank.co.za or https://direct.capitecbank.co.za/ibank/) to connect to our Internet Banking website
- Never respond or reply to an email that:
- prompts you to enter your personal details directly into the email or submit this information in any other way
- threatens to close or suspend your account if you don't take immediate action by providing your personal details
- asks you to participate in a survey where you have to enter your personal details
- states that your account has been compromised or that there has been third-party activity on your account and prompts you to enter or confirm your account information
- asks you to submit your username, password, security token password, PIN or account numbers in an email or non-secure web page
- Asks you to confirm, verify, or refresh your account or address details
- Treat any SMS advising you that a Capitec Bank employee will be contacting you to confirm your personal details or banking information, PINs or a transaction with suspicion.
What to Do if You Suspect Phishing or Smishing
- Contact us immediately. The more information you can give us the better
- Forward the email that you received to phishing@capitecbank.co.za and we'll investigate
- Advise us of any smishing SMSs or phone calls requesting you to confirm personal details by calling our 24hr Client Care Centre (0860 10 20 43), visiting your nearest branch or emailing phishing@capitecbank.co.za. Provide details such as the number you received the SMS or call from and the date and time.
- By bringing these cases to our attention, you may assist us in preventing fraudsters from committing further illegal acts
Remember to be alert and stay vigilant. Fraudsters are clever and constantly change their methods to get hold of your personal details and PINs.
Keylogging or Key-stroke Logging
Fraudsters sometimes attach small devices called keyloggers to computers. To install this device, the fraudster must gain physical access to your computer. A keylogger logs or records everything that you type on your keyboard which means that they will most likely obtain your username and password.
Fraudsters also use sophisticated software called spyware to record the keystrokes on their victims' computers. This info is then sent to the fraudsters who analyse the data and identify possible username and password combinations.
How to Protect Yourself from Keylogging
- Make sure that no one has unauthorised access to your computer
- Don't open suspicious or unfamiliar emails. Never click on attachments that you were not expecting in an email
- Only install licenced software on your computer from reputable vendors
- Ensure that you have the latest version of antivirus software installed on your computer
- Don't visit high-risk websites on computer/s that you use to access Internet Banking. Examples of high-risk websites include pornographic and gambling sites, and sites where software can be downloaded which is not associated with major or reputable software vendors
What to Do if You Suspect Identity Theft
- Contact the South African Police Service (SAPS) and report the matter. Keep a copy of the police report because we may ask you to provide it
- Monitor your credit profile closely. Credit bureaus like TransUnion ITC allows you to access and review any changes in their credit profiles for a small fee, which includes email and SMS notifications if accounts are opened using your credentials
- If your ID book is stolen, it might be a good idea to close your existing accounts to prevent any further harm and open new accounts
- During the process of reporting identity theft: Keep copies of all documentation and communications. Take notes of telephonic discussions, including names, dates, times and comments. Ask all agencies you deal with to confirm the actions taken in writing
- Find out from the police how you can track any criminal records that are posted to your identity and what you should do to ensure that it gets cleaned out once identified