Protect your members from two-pot withdrawal scams

 


The two-pot retirement system has finally gone live, giving South Africans access to a portion of their retirement savings to balance short-term financial needs with saving for retirement. However, the influx of expected withdrawals may increase the risk of fraud and cybercrimes. Here's how to protect your members.

Under the two-pot retirement system, withdrawal requests are expected to surge from 1% to over 50%. There will be a lot of money in circulation, with Sars forecasting a R5 billion boost to the fiscus from two-pot withdrawals. At the same time, some companies and retirement fund administrators may not be adequately prepared to deal with the influx of withdrawal requests and not had the time to rigorously test their systems and security controls. This scenario creates a ripe opportunity for scammers and fraudsters.

Criminals can exploit several opportunities in the withdrawal process, particularly the verification of ID numbers, cell phone and email addresses, and tax numbers. To process a withdrawal, the member's personal identification numbers and contact information must match across company, retirement funds, Sars, and bank records.

Here are some of the ways criminals can target members to get information that allows them to bypass verification processes:

  • Phishing attacks - They can send out fraudulent emails and messages asking members to click on links to update their personal or banking details.
  • Impersonating members or fund representatives - They may contact members pretending to represent the fund and ask for sensitive information and credentials. They may also contact the fund pretending to be members to change banking details.
  • Fraudulent websites and apps - They can create fake websites or apps that look like legitimate retirement fund platforms to trick members into sharing login details and other sensitive information.

Members who are less digitally savvy are at greater risk of falling victim to scams because they will struggle to recognise the warning signs of fraudulent activity, including phishing techniques and fake communications. They may also be less familiar with digital red flags and be inexperienced with security best practice, such as two-factor authentication. Members under financial pressure, who are eager to receive the funds quickly, may also be more susceptible.

Knowledge is power

Help your members avoid falling prey to criminals by giving them all the information they will need to make a withdrawal. Firstly, they will need to ensure their Tip credentials - tax, ID or passport, phone number - are up to date. Then, please share the updated information with the retirement fund monthly going forward to ensure smooth verification of withdrawal requests.

You will also need to ensure that members can log into their administrator's digital platforms to efficiently facilitate withdrawal requests as volumes surge. If your administrator does not have a straight-through digital process in place, find out the manual withdrawal requirements and communicate this to employees.

Make your members aware of possible scams. We have put together a handy one-pager on how to spot scams, which you can download and share with employees. Download it here (insert link). You should also give members clear guidance on how they can verify if communication from the retirement fund, whether it is an email, SMS or a call, is legit.

Sharing as much information as possible beforehand will help members understand the process and manage their expectations, helping them to avoid scams.

Straight-through withdrawals for visibility, ease and security

Over 70% of retirement fund members prefer the speed and convenience of a straight-through digital withdrawal process (Sanlam Benchmark Survey, 2022). Discovery has a robust straight-through withdrawal process that provides a fully visible and recoverable record of all member withdrawal transactions. Whether your members choose to withdraw on WhatsApp, our app, or the member zone, Discovery provides a 100% digital, technologically robust and intuitive process that prevents fraud. Members without a cellphone number can log in to our member zone (link to: Member Zone) and submit a withdrawal request using their registered email address.