The Ombudsman for Banking Services South Africa (OBSSA) has warned that there has been a marked increase in fraud cases involving near-field communication (NFC) technology that allows consumers to tap their phone at a point of sale.
Tap to pay became popular around the world, including in South Africa, during the Covid-19 pandemic, as it meant not having to touch surfaces potentially infected with the virus.
“The new scam involves fraudsters using stolen bank card information such as the card number, expiry date and the CVV number to make fraudulent purchases via the digital wallet,” said Reana Steyn, the ombud for banking services, in a statement.
“Unlike with other card-not-present fraudulent transactions where fraudsters use stolen card data to make online purchases in a way that would prompt an one-time Pin (OTP) to be sent to the cardholder’s cellphone, NFC/digital wallet payments do not require [two-step authentication via OTP],” Steyn said.
The fraudsters link stolen bank information to a smart device and then to a digital payments platform such as Google Pay or Apple Pay. Once linked, transactions from the device do not require an OTP, although a Pin is required for the initial linkage step. According to the complaints received by the ombudsman, customers are fooled into entering OTPs into fake websites from e-mails claiming to be from legitimate businesses like the Post Office, courier services and telecommunications companies.
Steyn advised that people read any messages that ask them for an OTP very carefully. She also stressed the importance of “not completing an authentication transaction they did not initiate”.
The scale of this type of fraud has the ombudsman particularly concerned. One hundred and twenty-four cases were recently reported and investigated, and the “losses suffered are in the millions”. One of the banks told the ombudsman they had 6 000 such cases between January 2022 and June 2023.
“Accounts were fraudulently drained through tap-and-go purchases made with smart devices in mostly foreign jurisdictions such as Dubai, France and Spain while the legitimate card holders were in South Africa. This is a clear indication that an international crime syndicate is operating within this space and has South African consumers in its sights,” said Steyn. – © 2023 NewsCentral Media