Guarding Against Identity Theft: Important Tips

Publication Date: 27/12/2024

What Is Personal Information, and What Is Confidential Information?

  • Personal information includes identity documents, driver’s licenses, passports, addresses and contact details among others.
  • Confidential information includes usernames, passwords and Personal Identification Number (PIN).

Modus Operandi

Criminals can use your personal information to steal your identity and open retail or bank accounts, or even commit fraud against your insurance and benefits. In some instances, they impersonate you, and using social engineering, access your bank accounts and do transactions. Since some personal information, like your identity number, is difficult to change and addresses are often hard to update, we recommend that you consider the following precautionary measures when you are required to provide personal information for security verification purposes:

  • Do not use any information that may have been compromised. Rather use other personal information that you have not used previously to confirm your identity in future.
  • Register a new email account. Implement dual authentication for all accounts and products, especially for financial services products.
  • Register for SMS notifications to alert you when products and accounts are accessed.
  • Regularly check your credit to see if anyone has used your personal information to apply for credit. If you find any unauthorized applications, inform the lender immediately.
  • Investigate and register for credit-related alerts offered by credit bureaus.
    Check your bank statements regularly.

Should you suspect that your data has been compromised, please follow these steps:

  1. Where can I check if my data has been compromised in a breach?
  • You can find out if your information has been compromised by visiting free data breach websites created by cybersecurity experts. These websites aggregate data breach information into a searchable format. All you need to do is check by entering in your email address or your username.

2. Is there somewhere where I can complain if I discover my data is compromised?

  • “The Protection of Personal Information Act, 2013 (PPI Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information”
  • If you think your personal information has been compromised, you can file a complaint with the Information Regulator at complaints.IR@justice.gov.za.

3. What legal obligations does the party who lost my data have towards me?

  • The party that lost your data must legally report the incident to the National Credit Regulator and the Information Regulator. They will be required to report the breach to law enforcement and initiate a formal forensic investigation. Failure to do so or delaying this could result in massive fines or penalties.
  • The party responsible is also obliged to tell you that your data has been compromised.
  • In addition, they must advise you of the potential risks of the breach as well as the actions that they are taking to mitigate these risks.
  • The Protection of Personal Information Act (POPI Act) establishes rules for responsible parties to legally handle individuals’ personal information in South Africa.
  • The POPI Act requires organisations to explain why they collect personal information and to share it only with authorised individuals.
  • At the moment, organisations are not yet liable to the POPI Act, as organisations have till 1 July 2021 to meet the Act’s various obligations.
  • However, when the POPI Act comes into force, businesses that don’t comply irrespective of whether it was intentional or accidental will face severe penalties. The Act makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach.

4. What do I do if I discover my identity has been used to create a bank account or subscribe to a service without my consent?

  • Immediately report the identity theft to the South African Police Service and the company, bank or financial institution where the fraud occurred.
  • If a bank account has been fraudulently opened using your identity, close your existing bank accounts and the bank accounts opened by the thief. Request new accounts and PINs.
  • Also, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which include banks and credit providers, that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can visit the SAFPS website – http://www.safps.org.za/ – under the “Fraud Prevention” Tab, click on “Apply for Protective Registration”, and “Register Now”.
  • If you have any concerns about your data, you can check your credit report by visiting any one of the following credit bureau websites: TransUnion, Compuscan, Experian, XDS and mycreditcheck. (The first report is for free).
  • If your username and password and for your online account has been breached, change these immediately. Use a strong password, and remember to also change your security questions and answers. Update usernames and passwords for any other accounts if they were similar to those that were breached as well.
  • Remember, never disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.