Zimpapers Logo

There have been a number of cases of what amounts to identity theft in recent months as Zimbabwean criminals move into the modern world, with someone hacking WhatsApp and EcoCash accounts and then conning the real owners’ acquaintances and someone else impersonating a lawyer to con others into fake car deals.

One interesting point is that those conned were ordinary people, not businesses.

This is because businesses have learnt to be suspicious, or at least have learnt that a couple of early checks will clear the honest and deter the dishonest. So they tend not to take everything at face value.

The lawyer went as far as asking the High Court for an order preventing his bank from running mobile banking services, which the judge refused to grant on the grounds that the lawyer did not have the standing to make the application, but in any case this is not the solution.

To suggest that all mobile or internet banking should be banned because conmen and thieves break into the system is on par with suggesting that no one should be allowed to live in a house because conmen and thieves can break into a house.

The house analogy suggests what we and banks should be doing. As householders we fit burglar bars, we fit decent locks on the doors, we are very reluctant to let in strangers until we have checked them out, with the more prudent even wanting to check those who present official identity cards by phoning the issuing authority.

We are all totally aware that there are thieves out there. We are all totally aware that there are conmen who pretend to be priests, municipal meter readers and others who we would normally welcome or permit to enter our premises if we knew them. So we take precautions.

Even in the “old days” before ICT systems became the norm, there were thieves and con artists operating and using other people’s identity.

Con artists would open a bank account in a fake name that they reckoned could inspire confidence, and sign cheques that were guaranteed to bounce. People would phone up pretending to be a friend of a friend, or some sort of neighbour or acquaintance, and offer a business deal. 

We had learned to be careful as children and were not too gullible, although there was a modest procession of such people moving through the courts on their way to the cells, so obviously some were not careful enough.

All the modern criminals are doing is using the same tricks and methods, but in an ICT environment, and the rest of us, the honest majority, need to be aware they are operating and take the same sort of precautions that we took, or our parents took, when everything was done on paper. 

Just because something is electronic does not mean it will work perfectly and work without criminals abusing it. We should not be distracted by newness or glamour.

Obviously those offering mobile phone services and mobile banking need to ensure they have the best software available to prevent hacking. Zimbabwe is hardly unique so these systems have been developed. The primary weakness is among users, people who get dubious links or emails or messages and open them, so opening their devices to hackers. 

Banks in fact go to some effort to warn their customers about precautions they need to take. 

While the lawyer case might have been built on a con artist presenting a fake or forged national ID, we also need to remember that very few of us have a unique name, especially when we limit ourselves to first name and surname. We discover this when we create private email accounts and find our name is already in use and have to add an initial or digits. 

And those of us with very common surnames have known this for years since we found someone with the same name at primary school.

Probably the most fascinating aspect of the two sets of con jobs was how they were uncovered. Those conned by the fake lawyer contacted the real lawyer to ask him about why their cars had not been delivered, and those conned by the hackers in foreign currency deals phoned the hacked person in their WhatsApp group, found the line was locked and then sought them out.

The point is that all the real people whose identity the thieves were assuming could be contacted without a lot of trouble, or at least it could be found that the owner of the hacked EcoCash account could not be contacted, which should have raised a bright red flag before money was spent.

If all these victims had made those simple checks before parting with a dollar, the real owners of the identities the thieves assumed would have been raising the alarm instantly and the police, the bank and the EcoCash management would have known very early on that something was wrong and been able to take immediate action before any damage was done and money was stolen. 

No one acting honestly minds a phone call or even a visit from a serious potential customer, and no criminal wants any contact whatsoever. And generally when a crime is uncovered in the early stages, it is far easier to hunt down and arrest the criminals. In any case warnings can be given and the stable door locked before the horse has bolted.

What is needed is for people to be prudent. Of course the bank and EcoCash are going to tighten up a bit more, and the lawyer suing the bank was quite right that more effort to know-your customer might have caught the thief in time. 

But that thief probably had good quality fake identity documents and a nice lawyer’s suit when he walked into a bank to open his account. He was obviously, as his subsequent actions showed, a smooth and plausible talker.

Nothing can be thief-proof. Robbers recently even used dynamite to open a school safe. But that does not mean we should ignore precautions and leave our doors unlocked and welcome every passing stranger into our homes. 

We need to think carefully when we carry or spend money, be aware that sometimes criminals are disguised, and take sensible precautions.