How a lock screen loophole can expose your one-time passwords to criminals

PL

Paula Luckhoff

27 August 2025 | 20:12

Wendy Knowler has the lowdown on the problem, and how one bank client found out about it the hard way.

How a lock screen loophole can expose your one-time passwords to criminals

Mobile phone, typing on cellphone. Pexels/Kindel Media

Wendy Knowler talks consumer issues with Stephen Grootes on The Money Show.

We hear constantly of new scams that fraudsters perpetrate to fleece us of our hard-earned money.

As a result, most people are pretty aware when it comes to the security of information on their cell phones.

But, consumer journalist Wendy Knowler asks a very specific question that you might not even be aware of:

If your phone landed up in the hands of criminals, would they be able to access the One Time Pins they need to gain access to your bank account, even if they can’t bypass your phone’s security and 'get into' your phone?

The answer is yes - IF your phone’s settings allow for SMSs to scroll across your screen even when it is locked.

Knowler relates the nightmare experience of an FNB client who recently learned this truth the hard way.

 

"His bank cards, driver’s licence and cellphone were stolen from his locked car – parked at the Dolphin Beach parking lot (on the West Coast) - while he was kitesurfing."
Wendy Knowler, Consumer Journalist

Noud Durnez told Knowler his worst fears materialised - the criminals had cleaned out all his accounts within an hour after he went went kitesurfing. 

 

"There were still transactions coming off while I was on the phone to FNB’s fraud department.”
Noud Durnez

Noud's losses - mainly to betting sites – amounted to a whopping R118,000.

FNB offered him 10% of that amount, but he rejected this because 'it came with a ‘gagging order’.

“Getting the message out there that 'messages showing up as notifications on your phone are a risk, and banks will blame you for their poor security features' is more important.”
Noud Durnez

Knowler asked Absa if the bank ever warned its customers to disable that functionality in order to protect their bank accounts.

The response was that they had 'consistently promoted secure digital practices through our broader security awareness initiatives and Remote Banking Terms and Conditions'.

The consumer ninja's advice is, if someone calls you claiming to be with your bank’s fraud division, end the call and immediately call your bank.

Use a number you’ve sourced yourself, for example on the back of your bank card, to make sure if it was a genuine call and then act if it was.

To hear more detail, scroll up to the audio player at the top of the article

 

Get the whole picture 💡

Take a look at the topic timeline for all related articles.

Trending News