Cape Town - The Ombudsman for Banking Services, Reana Steyn, has sounded the alarm over digital wallet payment fraud after the office received hundreds of complaints and phone calls from people who have been defrauded of millions of rand through such methods.
OBS Reana Steyn said that as convenient contactless payments such as tapping your bank card or using your smartphone or smartwatch at a point of sale (POS) machine have become increasingly popular, the technology has brought with it new fraud challenges.
Steyn said the theft involves the use of near-field communication (NFC) technology which allows two devices, such as your smartphone and a payments terminal, to talk to each other when they’re close together.
Steyn said based on the complaints the ombudsman’s office received as well as the patterns identified by some of the banks whose clients fell victim to this fraud, it was evident that fake websites and emails purporting to be from legitimate businesses were being used.
Steyn confirmed that about 124 of the NFC fraud-related complaints have recently formally been reported and investigated by her office.
She said that the losses suffered are in the millions, with customers’ accounts fraudulently drained through tap and go purchases made with smart devices in mostly foreign jurisdictions such as Dubai, France, Spain, etc. while the legitimate cardholders were in South Africa.
Steyn said that just one of the major banks in South Africa confirmed to have received over 6 000 related complaints between January 2022 and June 1, 2023.
The said bank’s stats show that between January and June 2022, about 553 customers fell victim to this fraud with their losses amounting to about R427 487.
This year the numbers of the victims jumped to over 5 450 with the combined monetary losses of more than R6.5 million.
Steyn said in NFC/digital wallet payment fraud the stolen card information is used by the fraudsters to link their smart devices, such as smartphones and smart watches, to payment platforms such as Samsung Pay, Apple Pay, Garmin Pay, Google Pay, etc.
“The fraudster’s smart device is then used to perform fraudulent purchases on the victims’ accounts without one-time-pins or OTPs being sent to cardholders to validate the transactions.
With the NCF fraud matters received, Steyn said many of the complainants had received messages containing their bank card number and/or OTP, the stolen information, requesting them to complete an authentication process which they never initiated.
She said: “Should you receive such a message in instances that you never initiated any transaction with your bank card, as the Ombud we advise bank customers to immediately report the incident to their banks.”
In the past year, identity theft has skyrocketed. A report from earlier this year showed that consumers are looking for more security from their banks: 56% want more security measures for non-routine transactions, and 47% want more even for routine transactions.
Co-founder of fintech enablement partner Ukheshe Paul Carter-Brown said security, and especially identity security, must be constantly re-evaluated and updated.
Carter-Brown said: “Fraudsters are always on top of their game and consumers don’t and can’t always keep up with the latest phishing and fraud tactics.”