TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentral TechCentral
    NEWSLETTER
    • News

      Management shake-up at TymeBank – including a new CEO

      24 May 2022

      Standard Bank CEO apologises for weekend downtime

      24 May 2022

      South Africa fifth in Africa for blockchain funding

      24 May 2022

      Hein Engelbrecht to lead Mustek on interim basis

      24 May 2022

      Datatec in talks over Analysys Mason unit

      24 May 2022
    • World

      Terra collapse triggers $83-billion DeFi slump

      24 May 2022

      Zuckerberg sued in personal capacity over Cambridge Analytica

      24 May 2022

      Is the end of the bitcoin winter nigh?

      24 May 2022

      Zoom leaps higher on upbeat forecast

      24 May 2022

      Michael Dell becomes kingmaker in Broadcom, VMware deal

      23 May 2022
    • In-depth

      Bernie Fanaroff – the scientist who put African astronomy on the map

      23 May 2022

      Chip giant ASML places big bets on a tiny future

      20 May 2022

      Elon Musk is becoming like Henry Ford – and that’s not a good thing

      17 May 2022

      Stablecoins wend wobbly way into the unknown

      17 May 2022

      The standard model of particle physics may be broken

      11 May 2022
    • Podcasts

      The rewarding and lucrative careers to be had in infosec

      23 May 2022

      Dean Broadley on why product design at Yoco is an evolving art

      18 May 2022

      Everything PC S01E02 – ‘AMD: Ryzen from the dead – part 2’

      17 May 2022

      Everything PC S01E01 – ‘AMD: Ryzen from the dead – part 1’

      10 May 2022

      Llew Claasen on how exchange controls are harming SA tech start-ups

      2 May 2022
    • Opinion

      A proposed solution to crypto’s stablecoin problem

      19 May 2022

      From spectrum to roads, why fixing SA’s problems is an uphill battle

      19 April 2022

      How AI is being deployed in the fight against cybercriminals

      8 April 2022

      Cash is still king … but not for much longer

      31 March 2022

      Icasa on the role of TV white spaces and dynamic spectrum access

      31 March 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Editor's pick»SA banks in massive data breach

    SA banks in massive data breach

    Editor's pick By Duncan McLeod15 October 2013
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    credit-card-640

    South Africa’s banks have suffered tens of millions of rand in losses due to a major breach of customer card data by criminal syndicates that infected electronic point-of-sale (POS) terminals using a variant of malicious software called Dexter.

    It’s not known exactly how many POS terminals were infected by the malware, but the problem is believed to have been widespread in the fast-food industry. It’s understood from a source with knowledge of the situation that chicken fast-food chain KFC has been particularly hit hard by the Dexter infection.

    The South African Police Service (SAPS), Interpol and Europol are all involved in a multinational investigation to bring the syndicate or syndicates responsible for the data breach to book. South Africa’s banking risk intelligence centre, Sabric, is managing the forensic investigation and working with the SAPS, where a case docket has been opened. No South African suspects have been arrested so far.

    Payments Association of South Africa CEO Walter Volker confirms to TechCentral that the breach, which affects most of South Africa’s card-issuing banks, is significant — running into tens of millions of rand — and is at least on a par with an incident last year involving payments company PayGate, in which thousands of cards were compromised. The Dexter incident, however, affects a “broader environment”, Volker says.

    South Africa’s banks first noticed “unusual levels of suspected fraud” starting to occur at “certain fast-food outlets” earlier this year, Volker explains. “This highlighted reasons for concern, although the numbers were still low.”

    However, a forensics company was appointed to begin analysing “some of these incidents”. An incident response committee was created, consisting of all the affected, card-issuing banks, as well as global payments companies Visa and MasterCard. The committee has worked “through 99% of the issues” and is now in the process of “cleaning up and keeping a list of possible new incidents”.

    “It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up,” Volker says. “This one was a variant that was changed to [avoid detection] by the antivirus software.”

    He explains that the infection came from overseas, possibly involving a syndicate based somewhere in Europe. “That’s still part of ongoing investigation.” He’s also reluctant to disclose how the breach occurred until the investigation has been concluded.

    Specialist security firm Foregenix was commissioned to investigate and develop antimalware software to deal with the Dexter variant. This software was provided to all of the fast-food outlets suspected of using infected POS devices, says Volker, leading to a rapid decline in the number of reported incidents after it was deployed.

    Volker explains that when a bank customer presented their card at a fast-food outlet and it was swiped, malware hidden in an infected POS terminal would read the customer’s card number and send this to an international syndicate. Typically in these situations, the syndicate then sells the numbers to another syndicate, which then produces plastic cards that can be used in physical stores. Because the “card verification value” security numbers on the backs of the cards were not compromised, criminals were not able to use the cards to buy online goods and services.

    Volker says authorities have already picked up incidents of South African card numbers, compromised by the Dexter variant-infected POS terminals, being used to make in-store purchases in the US. This has led to arrests.

    But he says South African banking customers should not panic. “All the fast-food retailers have been cleaned out as far as possible,” he says. “We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket [as the banks will honour losses].”

    Banks won’t necessarily replace compromised cards, Volker adds, saying that they’ll simply be closely monitored for fraudulent activity. Banks will be alerted automatically if transactions take place outside the country and customers queried immediately as to whether they’ve made the purchase or not. “We haven’t had anyone making fraudulent cards domestically based on this. At this stage, the thing is really well under control,” he says.

    “I don’t think there’s any reason for concern, but obviously if you detect something on your statement that you don’t recognise, you should contact your bank immediately,” he says. “And any person who doesn’t have a chip card should ask their bank to replace their mag-stripe card with a chip card.”

    It’s “very difficult” to estimate how many cards have been compromised, but Volker says it’s “certainly not in the millions”.  — (c) 2013 NewsCentral Media

    Dexter Dexter malware KFC Pasa PayGate Payments Association of South Africa Sabric Walter Volker
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleHTC closes its SA office
    Next Article Datatec points finger at SAP system

    Related Posts

    Management shake-up at TymeBank – including a new CEO

    24 May 2022

    Standard Bank CEO apologises for weekend downtime

    24 May 2022

    South Africa fifth in Africa for blockchain funding

    24 May 2022
    Add A Comment

    Comments are closed.

    Promoted

    Generalists tend to outperform specialists when the going gets tough

    24 May 2022

    Vodacom champions innovation acceleration in Africa

    23 May 2022

    Kyocera answers top 10 questions on enterprise content management

    23 May 2022
    Opinion

    A proposed solution to crypto’s stablecoin problem

    19 May 2022

    From spectrum to roads, why fixing SA’s problems is an uphill battle

    19 April 2022

    How AI is being deployed in the fight against cybercriminals

    8 April 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.