With a 23% year-on-year increase in card-skimming fraud in South Africa, from R366m to R453m recorded last year, according to the Hawks, it is becoming increasingly important for both consumers and establishments to be vigilant about this type of fraud, especially during the busy festive season. Due to each case being different, determining who is responsible for the loss can be challenging.

While most people may automatically think the bank handling the transaction is responsible for the loss, the bank is not necessarily liable if the consumer or merchant has not taken proper care. There are various factors that need to be taken into consideration when determining liability for card-skimming fraud.

Most of the fraudulent card-skimming machines are actually imported, and on the face of it look and feel exactly the same as any other mobile card machine. In order to clone a card, all the fraudster needs to do is clone the strip and take note of the three-digit card verification value (CVV) number on the back of the card. The fraudster uses these details to create a cloned card, which is then used elsewhere for fraudulent purchases. These machines also record the Pin number and the customer is simply advised that the machine does not work and the fraudster then processes the transaction on the correct machine, but by this time all the information sorted on the card has been copied and the cardholder’s security compromised.

To combat this type of fraud, and reduce the associated costs for the crime, various African countries, including South Africa, have begun to migrate to EMV (Europay, MasterCard and Visa)-compliant cards. These cards have a chip-and-Pin system. Every time an EMV-compliant chip card is used, a unique transaction code is created that cannot be used again, making it impossible to use the same code for a future fraudulent transaction. While it does not prevent data breaches from occurring, the EMV-compliant cards do make it harder for fraudsters to use the cloned card, although this is still possible if these cards are “exported” to territories which are not EMV Compliant.

It is important for merchants, such as restaurant owners, to ensure their employees are not involved in card-skimming scams, as the merchant can be held liable if they have not taken due care. If a consumer goes to a restaurant they expect proper service and their data to be secure.

In the same vein, it is important for consumers to be proactive and look for signs of card-skimming scams. If the machine does not work and does not produce a paper slip to prove the transaction failed for some reason (such as failed communication or lack of authorisation), it could be a sign that the machine is a fake. In this case, consumers should make sure they speak to the manager. The customer has the right to ask the manager if the machine belongs to the establishment. It is also a good idea to never let the machine or the card out of sight during transactions.

Unfortunately, it is usually only after a customer has left an establishment and fraudulent transactions are performed that the victim realises they have become a victim of card skimming. The bank will only flag the transactions if they seem suspicious after a few transactions have occurred. That is why it is beneficial to have the instant notification service activated, where the consumer receives communication in the form of an instant message once a transaction has occurred. This way they can flag possible fraudulent activities with the bank as soon as they occur.

Locating the venue where the card skimming occurred can be challenging. However, the advent of social media can make it easier to find the location if multiple people start complaining their card was skimmed and they find out other victims were at the same venue. Even after the location is determined, the injured party would still have to prove negligence on the part of the owner. As per all social media posts, people need to be very careful not to post statements which could be deemed defamatory.

Due to the various factors that come into play when determining liability for card-skimming fraud, it is vital that both consumers and merchants take the necessary precautionary measures to avoid becoming a victim.

Anton Meyer is executive head at SHA Specialist Underwriters

Follow TechCentral on Google News Add TechCentral as your preferred source on Google

Amazon ramps up satellite war with $11.6-billion Globalstar buy

Icasa’s infrastructure database plan raises national security alarm

The cameras behind Artemis II’s stunning lunar images

Uber in big pivot to autonomous robo-taxis

The case for unbundling SuperSport

Google poised to lose ad crown to Meta

Grand Theft Data – hackers hit Rockstar Games

UK PM Keir Starmer declares war on doomscrolling

Big Tech is going nuclear

Software rout deepens as AI fears grip investors

Africa switches on as Europe dims the lights

The biggest untapped EV market on Earth is hiding in plain sight

The R16-billion tech giant hiding in plain sight

The last generation of coders

Sentech is in dire straits

TCS+ | Vodacom Business moves to crack the SME tech gap

TCS | MTN’s Divyesh Joshi on the strategy behind Pi

TCS | Anoosh Rooplal on the Post Office’s last stand

Meet the CIO | Healthbridge CTO Anton Fatti on the future of digital health

TCS+ | Arctic Wolf unpacks the evolving threat landscape for SA businesses

The conflict of interest at the heart of PayShap’s slow adoption

South Africa’s energy future hinges on getting wheeling right

Apple just dropped a bomb on the Windows world

VC’s centre of gravity is shifting – and South Africa is in the frame

Hold the doom: the case for a South African comeback

Card skimming: who really is liable?

Avast Business and Avert IT Distribution rewrite the SMB cybersecurity playbook

The hidden risk in South Africa’s payment infrastructure

Metacom – the backbone of a billion meals