Following a report by the Banking Ombud about lost or stolen tap-and-go bank cards being at risk over the festive season, IOL reached out three major South African banks to see if they have received complaints and to offer advice to customers.
The report from the Banking Ombud said that contact-less payments like tap-and-go bank cards which do not require a PIN for purchases up to R500 are a what criminals are looking for going into the festive season.
Nerosha Maseti, the Lead Ombudsman for the Banking Division said that her office has been receiving complaints relating to tap-and-go transactions done with customers' cards after they have been lost or stolen.
Contactless payments
According to projections from Juniper Research, Global contactless purchases are expected to grow to more than $10 trillion by 2027 and the growth will mainly be driven by payment-enabled mobile devices, like smartphones and smartwatches.
Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 AFRICA said: “Contactless payments have soared in popularity, transforming the way we pay for goods and services. With the tap of a card or a smartphone, consumers can complete transactions quickly and effortlessly.”
What the banks have to say
Capitec said that they are aware of isolated instances where clients reported transactions on lost or stolen cards after they had been stopped.
“We’ve thoroughly investigated each case and continue enhancing our systems to prevent unauthorised use. Factors can sometimes include pending transactions or instances where merchants’ systems take time to process the card status update,” the bank said.
Standard Bank has received complaints about lost and stolen cards being used after the fact which is largely due to customers not immediately reporting the lost/stolen card allowing fraudsters more time to transact.
Standard Bank said: “The affected customers would therefore seek to claim the lost funds which the Bank unfortunately cannot cover as the incident was not reported in time.”
According to Ulrich Janse van Rensburg, Chief Fraud Strategy and Analytics Officer at Absa Everyday Banking, in some instances criminals will get the card without customers knowing
“Having stood just behind you and having seen your pin criminals will use the to tap to make purchases. This is the common trend that the industry is noticing amongst stolen cards,” van Rensburg said.
Transactions under R500
Van Rensburg said that when Covid-19 happened customers wanted contactless payments so they don’t have to put in a pin.
Therefore banks accelerated the NFC (Near-field communication) service so consumers could tap instead of inserting the card.
Banks have capped that R500 and a maximum transaction volume of three transaction, according to van Rensburg.
“Once customers have moved past R500 as an aggregate or three transactions, the bank will insist that you insert your card or a pin must be entered when the card is tapped,” van Rensburg said.
“This was introduced to mitigate the risk of stolen cards being used for tap and go.”
Criminals may try to do as many transactions under the R500 because if the transaction is more than than R500 it will require a pin.
People are urged to be more vigilant with Capitec recommending that clients use the Tap-to-Pay feature wisely.
Capitec said: “For added security, clients can adjust their limits to R0 or below R500. We’ve also made it easier for clients to stop their cards immediately through various channels, including our banking app, WhatsApp, or contact centre.”
The reason transactions below R500 go undetected is due to the tap functionality on the card that permits a tap and go transaction below R500 without the customer having to enter a PIN, according to Standard Bank.
Standard Bank said: “To avoid unsolicited transactions, customers are urged to always be in the know of where their card is at any given time. Customers can switch off the tap and go function on the mobile app should they wish to not have this function for their card.”
Smart devices
According to Capitec, there has been a notable decrease in complaints regarding using smart devices for payments this year compared to last due to enhanced security measures, better user education, and ongoing technology updates.
Standard Bank said that fraudsters use smart devices to take advantage of their clients.
Fraudsters will call customers posing as Standard Bank and tricking them in to compromising their card details. The fraudster would then use the same information to register on a mobile device and proceed to fraudulently transact.
“Should a customer wish to register their card on the mobile wallet, they would have to call the Bank and even then, the only details required would be the last four digits of the specific card following in app authentication,” Standard Bank said.
Protect yourself
Here are tips to help people protect themselves from tap-and-go fraud this festive season.
Turn it off
If customers are worried about tap-and-go, they can switch off the tap-and-go payments function on their cards.
Customers can also switch off additional functions such as card not present transactions (online purchases) can be disabled. Customers can also lower their card’s tap-to-pay limit to enhance security.
Personal information
Customers advised to never share their card details with anyone unless it is on a secure payment platform. This includes ensuring that never allowing your card out of site when making payments at merchants such as restaurants and fuel stations.
They should also avoid unsolicited messages or calls asking for personal information.
Report your card
Customers should report their lost or stolen card immediately to the bank where their card will immediately be deactivated, and a new one issued.
Stolen device
Should a customer lose or have their mobile device stolen they should call the bank immediately or log on to internet banking to deregister their profile to protect fraudsters from hacking their phone and app and utilizing funds through the app.
Customers should ensure that their smartphones and payment devices have the latest security updates.
IOL Business