The Security Sangoma

<Source ITWeb>Vodacom has implemented additional security measures after a staff member was arrested on charges of fraudulently scamming R7 million from its clients by diverting one-time PIN SMSes. A Vodacom employee fraudulently created temporary dual SIM cards. The one-time passwords from the banks were then diverted to the duplicate SIM, after which the additional card was deleted.

Vodacom’s forensic division is working with the SA Banking Risk Information Centre and the SA Police Service to investigate the fraud. The staff member has been arrested and Vodacom has also laid criminal charges against him.

According to The Citizen newspaper, Vodacom employee Mbokodana Christopher Khoza and another syndicate member Mbusi Bhengu are alleged to have stolen R7 million from clients at banks such as Nedbank, Absa, First National Bank (FNB) and Standard Bank. They are believed to be part of a larger syndicate.

The Security Sangoma speaks:

So, once again we not only need to be vigilant with our own security processes but also keep a close eye on our third party relationships. Here is a simple checklist to follow:

- Ensure you firstly have the proper contracts / SLAs (with penalties) in place with all your key suppliers and that YOUR security requirements are clearly stated and agreed to
- Conduct a third party risk assessment at least once per year (remember to include the upcoming privacy requirements – how are they handling your sensitive personal info?)
- Perform random sample on-site assessments to validate results – its normally best to use an independent company to do these for you (or your internal audit teams if they have breathing space!)
- Have regular (quarterly?) contract review meetings with key suppliers to review performance / security according to the agreed contract / SLAs

Question - what happened to the second party (we always refer to third parties!) – give it some thought and comment