Standard Bank will not accept responsibility for a security breech that saw a Cape Town NGO scammed out of more than R90 000 last month.
The bank confirmed on Thursday that the NGO fell victim to a phishing attack.
Although the bank will not reimburse the total amount of money stolen, it will make a donation of R40 000 to the Novalis Ubuntu Institute.
"Despite the compromise of the client's details, the fraudulent transaction would not have been authorised, nor would the fraudster have been able to transact as we use a One Time Password," said spokesperson Ross Linstrom.
"One Time Password is a unique and secure code sent to a customer's cellphone every time certain transactions, like once-off payments, take place."
The fraudsters reportedly used a fictitious identity document so that cellphone service provider, MTN, would conduct a "SIM swap", thus allowing them access to the One Time Pin.
A SIM swap allows a cellphone user to replace a SIM card, whether through the damage, or loss of a cellphone, while keeping the same cellphone number.
Information regarding the organisation's banking details and the financial officer's cellphone number may have been obtained via the organisation's website, or via email.
"Many people email us and express an interest in making donations," said Anne-Lise Bure, chief financial officer of the organisation, whose cellphone number was used in the SIM swap.
"All of Standard Bank's security features prevented the fraud up until this point, the breakdown in the security procedure in this case lies with the mobile operator," said the bank's Linstrom, adding that all possible measures were taken by the bank to protect clients when they used online banking.
"Clients can view security tips on the website and are urged not to give out any passwords or personal information without verifying where the request is coming from."
Cape Town police confirmed that a charge of fraud was being investigated.
