Vodacom accused of blatant SIM-swap fraud
A Vodacom subscriber recently contacted MyBroadband regarding numerous SIM-swap request SMS notifications he received, which he said forced him to constantly close and reopen his bank account. Vodacom customer JC Nortje said he received constant SIM-swap notifications from 6 September 2016, all of which were not requested by him. Following the second SIM-swap request, Nortje said he signed a document with Vodacom stating that no SIM swaps should be allowed on his number unless he was physically present in a Vodacom store and requesting the swap.
Despite signing this document, he said he received three more SIM-swap notifications.
Call centre employees
The person requesting the SIM swaps reportedly knew the answers to all Nortje’s security questions and his contract details, and Nortje said he had to close his bank accounts on a number of occasions. He said a SIM swap eventually went through on his number on 15 January 2017, but he was not notified and only realised it had occurred when his device wasn’t working the next day. When enquiring about the source of the SIM-swap requests, Nortje said he was told by both a Vodacom help desk agent and her supervisor that the fraud was attempted by a staff member in the Vodacom call centre.
The supervisor reportedly told Nortje that nothing could be done about the SIM swap, as the staff were outsourced and not Vodacom employees.
Vodacom told MyBroadband it was investigating the issue and would take appropriate action pending the outcome. “In the case of Mr Nortje, we are conducting a thorough investigation into the matter and will take appropriate action pending the outcome of this investigation,” said Vodacom. “Without prejudicing this particular case, we have identified that his account was unlawfully and illegally accessed by an individual known to Vodacom.”
Vodacom said it has a dedicated forensic services team which investigates all cases of fraud and supports the SAPS with their investigations. MyBroadband also asked Vodacom what information its call centre staff have access to and whether customers could prevent SIM-swap fraud by signing a document requiring the customer’s physical presence for the swap to take place. Vodacom said that certain call centre functionality is outsourced and client-facing employees require customer information to attend to customer queries.
To access customer information, all agents have to log in to Vodacom’s system using their unique username and password. The company said this is done as an additional security measure to safeguard customer information and to prevent illegal activity. Vodacom said its priority is to protect its customers from illegal activity.
It added that the vast majority of SIM swaps processed on its network are legitimate, with an estimated 0.004% potentially involved in fraudulent activities.