After a Vodacom subscriber received numerous SIM-swap notifications, he decided to do some light investigation into the matter and what he found is very worrying.

Customer JC Nortje told MyBroadband that since September 6, 2016,  he had received notifications of multiple SIM-swap requests forcing him to constantly close and reopen his bank account.

[If he hadn’t caught on so soon, a video like this, but featuring him, would have probably appeared.]

However, despite signing a document with Vodacom stating that no SIM-swaps would be allowed on his number again unless he was physically present, he received three more SIM-swap notifications.

Here’s where it gets scary:

The person requesting the SIM swaps reportedly knew the answers to all Nortje’s security questions and his contract details, and Nortje said he had to close his bank accounts on a number of occasions.

He said a SIM swap eventually went through on his number on 15 January 2017, but he was not notified and only realised it had occurred when his device wasn’t working the next day.

When enquiring about the source of the SIM-swap requests, Nortje said he was told by both a Vodacom help desk agent and her supervisor that the fraud was attempted by a staff member in the Vodacom call centre.

The supervisor reportedly told Nortje that nothing could be done about the SIM swap, as the staff were outsourced and not Vodacom employees.

That’s just not lekker. I mean, we don’t need another reason to dislike call centres.

When MyBroadband approached Vodacom for comment, the service provider said it was investigating the issue:

In the case of Mr Nortje, we are conducting a thorough investigation into the matter and will take appropriate action pending the outcome of this investigation.

Without prejudicing this particular case, we have identified that his account was unlawfully and illegally accessed by an individual known to Vodacom.

Vodacom went on to say that they have a “dedicated forensic services team which investigates all cases of fraud and supports the SAPS with their investigations”.

When asked just what information these outsourced Vodacom employees are privy too, Vodacom said that certain call centre functionalities, like client-facing employees, require customer info so as to deal with queries.

However, on the plus side, to access this customer info, “all agents have to log into Vodacom’s system using their unique username and password” as an additional security measure.

And here I was thinking SIM-swaps were supposed to make things safer.

[source:mybroadband]