Subscribe

Beware of festive fraudsters

Nicola Mawson
By Nicola Mawson, Contributor.
Johannesburg, 24 Nov 2011

The South African Banking Risk Information Centre (Sabric) is seeing an increase in online fraud perpetrated by criminals who use consumers' illicitly obtained credit and debit card details to shop.

As the festive season approaches, card-not-present fraud is expected to pick up as consumers move online to avoid lengthy queues. Web sites such as EasyPay have come under attack by criminals, who use other people's card details to buy items such as electricity.

In September, big four bank Absa temporarily halted transactions on EasyPay, because one in three deals was discovered to be fraudulent. The site has since stopped selling airtime online, because of the risks involved.

Banks and sites such as EasyPay are clamping down on fraud, yet ITWeb has received two reports of consumers who have fallen prey to criminals, and had thousands debited from their accounts.

In the past few weeks, there have also been several reports of fraudulent transactions on consumer complaint Web site Hellopeter.com.

The exact extent of fraud perpetrated through Web sites is unknown, but at least R500 000 in illicit transactions via EasyPay has been reversed so far this year, by just one bank. Sabric is expected to publish these statistics next month.

Growing risk

Sabric CEO Kalyani Pillay says the association has seen an increase in card-not-present fraud, with EasyPay being only one example. She adds phishing attacks are “still rife”.

“The festive season is generally characterised by an increase in economic activity which the criminals commonly try to take advantage of.”

Pillay adds the sector has improved monitoring controls for the online environment. “Solutions like Mastercard's 3D secure and Verified by Visa are in place at merchants today with an aggressive rollout to have clients registered on the products. “

Standard Bank spokesman Ross Linstrom says there has been an increase in card-not-present fraud in general. In addition, as more retailers move online, the gradual shift of fraud into this channel is imminent, he adds.

Linstrom says the bank takes these issues seriously and continuously strives to create a safe haven for banking by introducing detection and prevention systems to combat any attack vectors.

As financial activity scales up over the festive season, “the expectation for increased fraud is logical”, says Linstrom. He says shoppers may want to avoid queues in busy shopping malls and go online instead.

According to World Wide Worx's 'Online Retail in SA 2011' study, consumers spent more than R2 billion online last year - a 30% gain on 2009 - and this figure is expected to continue growing.

MD Arthur Goldstuck says “this dramatic rise in online retail comes in the wake of an ongoing increase in the number of experienced Internet users in South Africa”. In 2010, there were 3.6 million people who had been online for five years or more, which will reach 6.8 million by 2015, he says.

Nedbank's head of card risk services, Rene De Villiers, says fraud has declined in the past few weeks, although most of the recent cases have been from online purchases. “Nedbank has reversed all transactions where we have received a valid dispute from a client.”

Absa's card executive, Cowyk Fox, says the bank is monitoring fraud activity and responding through its normal anti-fraud activities. The bank does everything possible to protect its customers' investments, he adds.

FNB Card CEO Jacques Celliers says fraud losses year-on-year are declining as a result of initiatives such as chip and PIN, and “very strong fraud detection and prevention capabilities”.

Not safe

However, EasyPay, owned by JSE-listed Net1, argues that banks are not doing enough to protect these consumers from fraud.

Net1 CEO Serge Belamant has said banking security has not fundamentally changed in 50 years. All that has happened is that holes have been plugged, but this creates more problems than it stops, he says. “It's not a simple problem; it needs to be addressed, it's getting out of hand.”

A letter to consumers on EasyPay.co.za, after Absa shut off payment channels, says the site adheres to all the required security measures. It argues that fraud happens because credit card numbers, expiry dates and three-digit verification codes are being compromised.

It says any banks' refusal to process transactions from the site is “simply an attempt to reduce the fraud they are experiencing”. The letter adds: “This does not address the root cause of the fraud; namely the security loopholes of the national payment system.”

Net1 VP of investor relations Dhruv Chopra says fraud through the site is the “unfortunate outcome of the legacy card systems”. EasyPay moves between four million and five million transactions through its site every day.

Chopra says fraud through its site has declined since it stopped selling airtime online. This was one of the major targets by criminals, he adds.

Last week, the site launched VCpay, Net1's own mobile virtual card technology, and Easypay guarantees no fraud will happen if this system is used, says Chopra. “This product is a game changer.”

Share