If you own a bank card, then you are at risk of fraud. The prevalence of credit and debit card fraud continues to increase both locally and globally. The South African Banking Risk Information Centre (Sabric) has released the latest research on trends in bank card fraud on South Africa-issued cards, showing losses that amounted to close to R800-million in 2017 due to credit and debit card fraud. This problem has been of particular concern for South Africans recently as a spat of mysterious R99 debit order scams. Though the extent of this scam is still unknown, up to 750,000 bank accounts have been a victim of this scam.
Another frightening statistic comes from a survey conducted by Kaspersky Lab, where it noted that 53% of South Africans have had their banking credentials fall into the wrong hands, despite 97% of them being aware of financial cyber threats. Fraudsters are always changing their tactics to try stay ahead of security measures so it is important to be aware of the types of fraud that you may be exposed to. Sabric lists the following as the top trends in card fraud:
Lost and/or stolen card fraud
Sabric reports that last year fraud on lost and/or stolen debit cards accounted for 51.6% of the total fraud losses on debit cards. Gross losses stemming from lost and/or stolen credit cards increased by 44.5% from R17.8-million in 2016 to R25.7-million in 2017 and accounted for almost 6% of the total gross fraud losses on credit cards last year.
In many cases individuals become victims of fraud by being distracted by fraudster at ATMs offering unsolicited assistance. In this distracted state, the card and/or PIN number are obtained. Once the card has been obtained, fraudsters repeatedly use it at ATMs until the daily cash withdrawal limit is reached. From here, they will proceed to make high-value transactions with merchants.
Account-takeover and false-application card fraud.
Accounts are opened by falsifying a credit application. The common denominator here is access to the personal information of victims. Once fraudsters obtain client-specific information they proceed to impersonate the client and then applying for a replacement card.
There are a variety of ways in which these personal details are obtained such as phising, vishing, malware, and data breaches. Through phising scams that trick you into giving over personal information by presenting as legitimate organisation requesting you to verify details. Data dumps can also be used to obtain this information if companies have your information and they get hacked. This information is then sold to the highest bidder. You can read more about this in our article here.
Card-skimming via Point of Sale (POS) devices.
The first POS skimming devices were retrieved in South Africa in 2014, according to Sabric. Fraudsters steal legitimate POS devices from merchants and then convert them into skimming devices. In some instances, devices are swapped between different merchants to make it seem as if all devices are accounted for.
Big Banks Respond
To tackle the prevailing industry-wide problem of debit order scams Payments Association of South Africa (Pasa) has partnered with several big banks with a new system called DebiCheck.
DebiCheck will ensure that both consumers and banks know precisely what should be debited from bank accounts. With this new system, banks will require customers to electronically confirm debit order information with them directly at the start of a new contract with a user, before any collection can take place. Once the debit order is confirmed it will be stored within the bank’s database so it can be verified or monitored at any time.
How to protect yourself
The number one way to protect yourself from card fraud is to constantly be vigilant and aware of the trending scams. Here are a few other tips from Sabric:
- Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, or even email.
- Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names.
- Don’t use any Personal Identifiable Information (PII) as a password, user ID, or personal identification number (PIN).
- Don’t use internet cafes or unsecured terminals (hotels, conference centres etc.) to do your banking.
- Review your account statements on a timely basis and query disputed transactions with your bank immediately.
- When shopping online, only place orders with your card on secure websites.
- Do not send e-mails that quote your card number and expiry date.
- Ensure that you get your own card back after every purchase.
- Report lost and stolen cards immediately.
- If you have a debit, cheque and credit card, don’t choose the same PIN for all of them. If you lose one, the others will still be safe.
- While transacting always keep an eye on the ATM card slot to ensure that your card is not taken out, skimmed, and replaced without your knowledge.
- Should your card be retained by an ATM, contact your bank and block your card before you leave the ATM.
- Subscribe to your bank’s SMS notification services to inform you of any transactional activity on your account.