As incidents of banking fraud continue to rise in South Africa, personal finance expert Maya Fisher-French has urged consumers to take immediate steps to secure their mobile phones—starting with how one-time PINs (OTPs) are displayed.
Speaking during an interview with eNCA, Fisher-French highlighted a recent case in which a reader became a victim of fraud after his mobile phone and wallet were stolen from his car. While he was out kite surfing, criminals broke into his vehicle, stole his belongings, and were able to complete online purchases using his bank cards—because the OTP messages were visible on his phone’s locked screen.
“People don’t realise that your SMSs, including OTPs, can show up even when your phone is locked,” she told eNCA. “It’s a serious security risk that often goes unnoticed.”
A Hidden Vulnerability in Plain Sight
In this particular case, the criminals never needed to unlock the phone. The OTP codes, displayed automatically on the lock screen, gave them direct access to complete transactions.
Fisher-French urged South Africans to adjust their phone settings to prevent SMS notifications from appearing unless the device is unlocked. “I went straight to my phone and blocked OTPs from showing on the lock screen,” she said.
However, she acknowledged the trade-off many users face. “I still want to see when there’s activity on my account—so disabling all SMS notifications isn’t ideal either,” she added.
Some newer mobile operating systems, such as iOS and Android 16, now offer more granular controls, allowing users to block OTPs specifically without turning off all alerts.
Call for Banks to Step Up
Fisher-French also appealed directly to financial institutions, urging them to help address the vulnerability by changing how OTPs are structured in SMS messages.
“I’ve asked banks to move the OTP down to the third or fourth line of the message,” she explained. “That way, if it does flash on a locked screen, the actual code isn’t immediately visible to anyone who picks up the phone.”
Vigilance is Key
The interview comes amid an uptick in phishing scams and digital fraud, with consumers being targeted through SMS, email, phone calls, and online platforms.
“I can’t stress this enough—we have to be vigilant,” Fisher-French said. “Don’t click on suspicious links, don’t share OTPs over the phone, and don’t assume your phone is secure just because it’s locked.”
She described the lock-screen OTP issue as just one of many vulnerabilities facing consumers in an increasingly digital banking environment.
“Fraudsters are becoming more sophisticated. We need to stay a step ahead—and that starts with understanding where we’re exposed.”