{"id":708620,"date":"2023-08-02T17:04:49","date_gmt":"2023-08-02T15:04:49","guid":{"rendered":"https:\/\/businesstech.co.za\/news\/?p=708620"},"modified":"2023-08-02T17:04:49","modified_gmt":"2023-08-02T15:04:49","slug":"warning-over-new-tap-and-go-banking-scam-in-south-africa","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/banking\/708620\/warning-over-new-tap-and-go-banking-scam-in-south-africa\/","title":{"rendered":"Warning over new tap-and-go banking scam in South Africa"},"content":{"rendered":"\n

The Ombudsman for Banking Services (OBSSA) has identified a new banking scam in South Africa that allows criminals to make fraudulent purchases via a digital wallet.<\/p>\n\n\n\n

The ombud said that the scam works by exploiting near-field communication (NFC) technology and tap-and-go payment systems.<\/p>\n\n\n\n

Tap-and-go or contactless payments – such as tapping your card or using your smartphone or smartwatch at a point of sale (POS) machine – are becoming increasingly popular due to their convenience, the ombud said.<\/p>\n\n\n\n

Although banks have developed fraud detection and prevention systems, such as SIM Swap detection, transaction monitoring, 2-factor authentication (2FA) and other customer identification methods, fraudsters are constantly devising new ways to bypass these systems, making it an ongoing battle for banks to stay one step ahead.<\/p>\n\n\n\n

The OBSSA said it is receiving hundreds of complaints and phone calls per month related to fraud, evidencing the evolution of techniques adopted by the fraudsters to bypass the vulnerabilities and loopholes, as well as consumers not being aware of the dangers and methods employed by the fraudsters.<\/p>\n\n\n\n

New scam<\/strong><\/p>\n\n\n\n

According to the OBSSA, the <\/strong>growing number of NFC tech scams involve fraudsters using stolen bank card information, such as the card number, expiry date and the CVV number (card data), to make fraudulent purchases via digital wallets.<\/p>\n\n\n\n

Reana Steyn, the Ombudsman for Banking Services, said that NFC\/digital wallet payments differ from typical card-not-present (CNP) fraud transactions. <\/p>\n\n\n\n

In CNP fraud, thieves use stolen card information to make online purchases, triggering a one-time password (OTP) to be sent to the legitimate cardholder’s registered phone number for each transaction.<\/p>\n\n\n\n

However, NFC\/digital wallet payments do not require OTPs for every transaction.<\/strong><\/p>\n\n\n\n

How it works<\/strong><\/p>\n\n\n\n

According to Steyn, stolen card information is used by fraudsters to link their smart devices (smartphones and smartwatches) to payment platforms such as Samsung Pay, Apple Pay, Garmin Pay, Google Pay, etc. <\/p>\n\n\n\n

Then, the fraudster\u2019s smart device performs fraudulent purchases on the victims\u2019 accounts without OTPs being sent to cardholders to validate the transactions.<\/p>\n\n\n\n

Steyn pointed out that for the fraudsters to be able to link their devices to the stolen bank card information of the legitimate bank customer, an OTP or a \u201cSmart inContact notification\u201d required to complete the linkage process is sent to the bank customer\u2019s registered number or Banking App. <\/p>\n\n\n\n

Only after the transaction\/registration\/linkage is approved via an OTP or approve-it authenticated is the fraudster\u2019s device linked to the bank customer’s bank card. <\/p>\n\n\n\n

After that, the fraudster’s device can be tapped at POS machines allowing transactions to take place on the card with no further verification required for the approval of the individual purchases from the bank customer.<\/p>\n\n\n

\n
\"\"<\/a><\/figure><\/div>\n\n\n

Based on the complaints the Ombudsman\u2019s office received and the patterns identified by banks whose clients fell victim to this fraud, it was evident that fake websites and emails purporting to be from legitimate businesses such as the South African Post Office, Courier Services, and VodaBucks are involved.<\/strong><\/p>\n\n\n\n

Through these fake website links and email addresses, the fraudsters could obtain all the details they required to approve the linking of their devices to the payment platforms.<\/p>\n\n\n\n

This type of fraud is on the rise <\/strong><\/p>\n\n\n\n

Steyn confirmed that approximately 124 NFC fraud-related complaints have recently formally been reported and investigated by her office. <\/p>\n\n\n\n

The losses suffered are in the millions of rands<\/strong>, with customers\u2019 accounts fraudulently drained through tap-and-go purchases<\/strong> made with smart devices in mostly foreign jurisdictions such as Dubai, France, and Spain while the legitimate cardholders were in South Africa. <\/p>\n\n\n\n

\u201cThis is a clear indication that an international crime syndicate is operating within this space and has South African consumers in its sights\u201d, said Steyn. <\/p>\n\n\n\n

She added that just one of the central banks in South Africa was confirmed to have received over 6,000 related complaints between January 2022 and 1 June 2023. <\/p>\n\n\n\n

The bank\u2019s stats show that between January and June 2022, about 553 customers fell victim to this fraud, with their losses amounting to approximately R427,487. <\/p>\n\n\n\n

This year the number of victims jumped to over 5,450, with combined monetary losses of over R6,5\u00a0million.\u00a0<\/strong><\/p>\n\n\n\n

Tips to prevent OTP fraud<\/strong><\/p>\n\n\n\n

Steyn outlined five tips to help banking customers avoid becoming victims.<\/p>\n\n\n\n