Standard Bank has responded to complaints by customers over money disappearing from their accounts and OTPs that they never authorised.
Image: Henk Kruger / Independent Newspapers
Standard Bank has defended its handling of fraud-related complaints after growing public scrutiny from customers who insist they never authorised disputed transactions despite the bank’s repeated reliance on one-time password (OTP) authentication records.
The response follows an earlier report by IOL detailing claims from several customers who accused the bank of dismissing fraud complaints with what they described as “template responses” centred around OTP verification.
In a detailed media response, Standard Bank spokesperson Ross Linstrom stated that the bank takes all fraud-related complaints seriously and assesses each matter independently.
“Each case is assessed on its own merits, guided by our empathy for impacted clients, regulatory safeguards, and a thorough review of available evidence,” Linstrom said.
At the centre of the latest dispute is a customer complaint involving Shyft, Standard Bank’s foreign exchange and international money transfer platform. According to the bank, the customer initially disputed the transaction as a chargeback matter between the client and the merchant before later alleging fraud.
The bank said the card scheme handling the matter declined the chargeback dispute, after which Standard Bank conducted its own investigation.
“We then conducted a further investigation, which confirmed that the transaction was an authenticated card-not-present purchase,” Linstrom said.
“Our records show that a one-time password (OTP) was generated and sent to the client’s device to approve the transaction.”
The bank further stated that the matter proceeded to arbitration, where the transaction was ultimately deemed legitimate.
“Later, the client revealed that their device was compromised, which did not change the outcome of the ruling given,” Linstrom said.
The response comes as frustration among banking clients continues to mount over digital fraud incidents, particularly cases involving alleged SIM swaps, phishing attacks, malware infections and remote device compromise.
Several clients interviewed by IOL in recent weeks argued that the existence of an OTP does not necessarily prove authorisation, especially in cases where fraudsters may have gained access to a victim’s phone, banking app or personal credentials.
Cybersecurity experts have increasingly warned that fraud syndicates are evolving beyond traditional password theft and now frequently exploit social engineering, malicious links, cloned banking interfaces and compromised devices to intercept or manipulate authentication processes.
Standard Bank acknowledged this growing threat landscape in its response.
“At the same time, fraudsters are increasingly sophisticated and often use tactics such as social engineering and malware to obtain legitimate credentials,” Linstrom said.
The bank also rejected claims that complaints are handled mechanically or without proper scrutiny.
“While some wording in our letters may be similar, each case is assessed on its own facts,” Linstrom said.
Standard Bank added that it continues to strengthen fraud prevention systems through “advanced detection tools, secure digital channels and new safety features such as TrustCall”.
The institution also highlighted customer awareness campaigns designed to help users recognise scams and suspicious activity.
However, the issue of accountability remains contentious among affected clients, particularly where investigations conclude that no fault can be attributed to the bank.
In a notable admission, Standard Bank confirmed that it sometimes provides “goodwill assistance” to clients even when investigations clear the bank of liability.
“In cases where no fault is found on the part of the bank, we may still consider discretionary goodwill assistance, based on factors such as the customer’s financial circumstances and relationship with the bank,” Linstrom said.
The Information Regulator is reportedly investigating an alleged data breach at Standard Bank, potentially involving unauthorised access to sensitive client information.
Image: Sora
“Such payments are not an admission of liability but reflect our commitment to supporting customers during challenging situations.”
That aspect of the response may further fuel debate around whether some disputed fraud cases contain unresolved grey areas, especially where vulnerable customers, including pensioners and digitally inexperienced clients, suffer significant financial losses.
Consumer advocates have long argued that South African banks need stronger mechanisms to deal with modern cyber fraud, particularly as digital banking becomes increasingly dominant.
One of the top law firms in the country has revealed that in the last few months, they have received a number of cases (across all major banks) “similar to what you have described in your article and which plainly points to the banks’ inability to proactively prevent and detect online banking fraud as well as their respective lack of accountability to long-standing, often vulnerable customers.”
The Banking Ombud remains one of the final escalation channels available to dissatisfied customers. However, that channel is also proving to be a bone of contention for customers. They have accused the organisation of always siding with the banks. Despite this, Standard Bank has urged clients unhappy with investigation outcomes to seek an independent review through the Ombud’s office.
For now, the battle over OTP evidence and digital fraud liability appears far from over, with customers continuing to challenge whether authentication records alone should be treated as conclusive proof of consent in an era of rapidly evolving cybercrime.
karabo.ngoepe@inl.co.za
IOL News