Warning Issued Over OTP Security After Spike in Banking Fraud
Speaking during an interview with eNCA, Fisher-French highlighted a recent case in which a reader became a victim of fraud after his mobile phone and wallet were stolen from his car. While he was out kite surfing, criminals broke into his vehicle, stole his belongings, and were able to complete online purchases using his bank cards—because the OTP messages were visible on his phone's locked screen.
'People don't realise that your SMSs, including OTPs, can show up even when your phone is locked,' she told eNCA. 'It's a serious security risk that often goes unnoticed.'
A Hidden Vulnerability in Plain Sight
In this particular case, the criminals never needed to unlock the phone. The OTP codes, displayed automatically on the lock screen, gave them direct access to complete transactions.
Fisher-French urged South Africans to adjust their phone settings to prevent SMS notifications from appearing unless the device is unlocked. 'I went straight to my phone and blocked OTPs from showing on the lock screen,' she said.
However, she acknowledged the trade-off many users face. 'I still want to see when there's activity on my account—so disabling all SMS notifications isn't ideal either,' she added.
Some newer mobile operating systems, such as iOS and Android 16, now offer more granular controls, allowing users to block OTPs specifically without turning off all alerts.
Call for Banks to Step Up
Fisher-French also appealed directly to financial institutions, urging them to help address the vulnerability by changing how OTPs are structured in SMS messages.
'I've asked banks to move the OTP down to the third or fourth line of the message,' she explained. 'That way, if it does flash on a locked screen, the actual code isn't immediately visible to anyone who picks up the phone.'
Vigilance is Key
The interview comes amid an uptick in phishing scams and digital fraud, with consumers being targeted through SMS, email, phone calls, and online platforms.
'I can't stress this enough—we have to be vigilant,' Fisher-French said. 'Don't click on suspicious links, don't share OTPs over the phone, and don't assume your phone is secure just because it's locked.'
She described the lock-screen OTP issue as just one of many vulnerabilities facing consumers in an increasingly digital banking environment.
'Fraudsters are becoming more sophisticated. We need to stay a step ahead—and that starts with understanding where we're exposed.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Citizen
24 minutes ago
- The Citizen
More suspects arrested for torching Germiston Home Affairs office
The ANC in Ekrurhuleni has called on law enforcement agencies to bring the perpetrators to book without delay. Home Affairs Minister Leon Schreiber has confirmed the arrest of two suspects in connection with the Germiston Home Affairs office fire. On Tuesday, residents from Pharoe Park took to the streets protesting against their eviction from their homes due to unpaid rent. Amid the protests, some protesters allegedly threw a petrol bomb into the Home Affairs offices and set it alight. Following the protests, Schreiber confirmed that a case had been opened and that Home Affairs was working with the South African Police Service (Saps) to provide all evidence and ensure swift arrests and convictions. 'Home Affairs is collating evidence and will open criminal charges against the anarchists who set a block of flats on fire in Germiston, which then spread to the neighbouring Home Affairs office. It is nothing less than an attack on our social infrastructure and cannot stand,' said Schreiber. 'Preliminary reports suggest that the office caught fire when protesters around the vicinity threw a petrol bomb into the office's first floor, leading to the disruption of operations. As a result, the department has deployed mobile offices to continue rendering services to clients.' ALSO WATCH: Couple's wedding goes up in smoke with Germiston Home Affairs fire Two people were arrested for the crime on Tuesday, with two more suspects added on Thursday. 'Four people have now been arrested for setting fire to their own Home Affairs office in Germiston. For those who jumped to conclusions designed to fuel another type of fire: all four are South Africans, who will be prosecuted because we are governed by law, not prejudice,' said Schreiber. 'Deliberate destruction' The ANC in Ekrurhuleni has called on law enforcement agencies to bring the perpetrators to book without delay. 'The deliberate destruction of such an important public office is tantamount to a violation of human rights and an attack on the state's capacity to deliver essential services to its citizens. Those who incite, organise, or participate in such acts must face punitive consequences,' said the party. 'We caution those who claim adherence to the rule of law while advancing their own misguided notions of how government should function; such rhetoric misleads citizens and fuels lawlessness. Public infrastructure belongs to the people, and its destruction robs communities of access to vital services.' READ NEXT: Home Affairs partners with banking apps to offer ID, passport applications
The Citizen
3 hours ago
- The Citizen
'We are the voice of the people,' Truecaller says amid probe over privacy
SA companies and individuals have lodged a complaint against Truecaller for violating Popia. Call screening app, Truecaller, has refuted claims that their app harms businesses, saying every individual has an 'inherent fundamental right to know who is calling them and the company enables their users to exercise it'. This comes after the Information Regulator confirmed it is investigating a complaint against Truecaller by several companies and individuals for violating the Protection of Personal Information Act (Popia). South Africans use the app extensively to identify unknown calls, especially from call centre agents. However, companies have complained that the Trucaller app harms their businesses because it flags their numbers and charges a fee to whitelist them. Truecaller responds However, the company has denied the allegations. An official Truecaller spokesperson told The Citizen that its mission is to 'empower users and make their communication safe and trustworthy.' 'We uphold the highest standards of data practices, whether it's about putting users in control of the information they share with us, minimising what data is processed through our servers or even the ability to completely remove themselves from Truecaller without any restrictions whatsoever. 'Truecaller is about providing users with safety in communication. The notion about whitelisting is completely false,' Trucaller said. ALSO READ: SA companies lodge complaint against Truecaller app for violating Popia Whitelisting The spokesperson added that businesses cannot pay Truecaller for any sort of whitelisting services. 'Truecaller does not offer any sort of whitelisting service to any person or business, in any region, regardless of any fee. If a business spams Truecaller users, and users report it as a spammer, it will be marked as a spammer. It is our job to protect people from unwanted communication, and we will always uphold that promise,' the spokesperson said. Patriotic While Truecaller is a call screening app, the company emphasised a patriotic stance reminiscent of a political party. 'We are the voice of the people and allow them to choose who is a spammer and who is not. The fee that Truecaller charges is for the 'Truecaller for Business' service, which allows them to verify their correct business name and include a logo with their Truecaller profile.' 'Upon validating their ownership of the given number with Truecaller, they also receive a verified business badge, the spokesperson said. ALSO READ: South Africa's Information Regulator acts against FT Rams over privacy law breach The spokesperson said this ensures users know that the number has been validated by Truecaller, and it belongs to the business to which it is attributed. This, it says, helps avoid scams and impersonation-type fraud. Trucaller offers three paid packages for its services, Premium, Family and Gold with subscriptions starting at R199 per year for Premium to R1 490 per year for the Gold package. Lawyers weigh in Werksmans Attorneys director Ahmore Burger-Smidt said the call screening app was at odds with several Popia provisions. However, law firm Norton Rose Fulbright's Rosalind Lake told The Citizen the Information Regulator would need to show a direct link that businesses have been affected by the Truecaller app. ALSO READ: Information regulator slaps DoJ with R5m fine for contravening privacy act
The Citizen
6 hours ago
- The Citizen
How Rosebank Mall is paying less for electricity and fighting outages
A new hybrid energy system to power Rosebank mall An innovative sustainable energy management system was unveiled at Rosebank Mall this week, giving South Africans a glimpse of how to cut costs and keep the lights on in a city plagued by power outages. A first of its kind The newly unveiled energy project at Rosebank Mall is the first of its kind in South Africa. Multiple components have been incorporated into a microgrid, which not only allows for the mall to be fully operational during load shedding but also maximises cost savings. It does this by purchasing energy at lower off-peak rates and utilising it during peak times through energy arbitrage. This provides Rosebank Mall with more energy independence than your average commercial space. Just the batteries can power up the whole mall for two hours. When incorporating the generators, the durations expand. The generators used in this system were upgraded to blend natural gas with diesel. This reduces fuel consumption by more than 50% cutting fuel costs as well. Strategic perspective Wally Webber of Utenergy said the project shows that sustainability and energy returns don't have to be opposites. National utilities manager of Hyprop, Jacques Vosloo, excitedly said, 'Today we're not just switching on a power system, we're unveiling a bold new way of managing energy in a retail environment'. He further emphasised how this project is one of the largest of its kind in South Africa. It promises to deliver not only financial returns and savings but also provide their tenants with the certainty that they will be able to trade uninterrupted, regardless of what the grid is doing. The general manager of Rosebank Mall, Muhammad Varachia, said it is a turning point in South African retail infrastructure. 'What we've activated here in Rosebank Mall is what we believe to be the largest hybrid system in the retail sector. It features a 7.2 megawatt power battery, a 4.5 megawatt inverter and a dual fuel generator. All seamlessly managed by smart controls that optimise everything in real time.' Varachia indicated that it's not just about the hardware but what it delivers. Amongst others, resilience and relief were the qualities he attached to the system. ALSO READ: Eskom adds more power to electricity grid as G20 summit approaches From blueprint to breakthrough One of the leading contractors, Energenic, described how this project was about doing something that had never been done before on the continent. Director Robert Eustace further explained that 'it was about proving a new way of thinking about energy. 'It's not just another generator installation, a standard solar battery fit-out, it was a custom-built techno-economic energy project.' This power plant is set to be a huge change-maker for the operation of the mall. 'Yes, it's green. Yes, it's resilient. But most importantly, it makes financial sense. This system actively reduces operating costs,' he said. Anthony English, chief director of lithium battery manufacturer Freedom Won, was also in attendance. He explained that the only challenge they faced was the timeline. 'From when they placed the order to when we had to deliver was only about eight weeks. To prepare the whole pipeline and all the components, get them into the production line, quality control, testing and then deliver them and install. It was a challenging project but ultimately very successful.' Energy utility Darius Booyens of Egoli Gas described the launch as a milestone for what's happening in the energy market. 'It is not just about supplying gas; there's a bigger picture that supports a greener future. 'The gas power allows us to reduce the carbon emissions significantly, and it is a solution that enables energy to be generated on demand. It also reduces carbon emissions and contributes to both resilience and energy support.' The system also uses AI-enabled technology to monitor and detect anomalies such as leaks and interference by third parties.
