A software bug in Absa’s systems has been identified as the cause of multiple fraudulent charges on a customer’s account, following an investigation into the matter.
A MyBroadband reader contacted us after his Absa cheque account was hit by numerous fraudulent transactions, deducting thousands of rand each time.
The client, who asked for his name to be withheld, said he first noticed a problem when his wife said she saw a fraudulent transaction on their Absa cheque account.
This took place on 21 February 2018, with R4,800 transferred to a PayPal account.
After contacting the bank , it cancelled her bank card to prevent further fraudulent transactions.
On 9 May, however, R5,200 was transferred to what appeared to be the same PayPal account.
Another concern for the client was that despite not having an overdraft facility, the fraudulent transfer took the account into a negative balance.
The couple was reportedly told by Absa that its cheque accounts have a “shadow overdraft” facility. This allows limited overdrawing based on a client’s credit risk profile and history with the bank, he was told.
The couple was then hit by multiple R5,200 transactions from their Absa account to the same PayPal account, on 10 May and 11 May.
After this, they froze their Absa account, but on 12 May and 13 May, two more transactions went off, taking the cheque account to -R24,000.
Single transaction which re-posted
Absa previously told MyBroadband that in this case, the customer was hit by a single fraudulent transaction which re-posted to the account multiple times after Absa’s attempts to recover the funds from the acquiring bank were rejected.
Neil Thompson, Chief Operating Officer: Absa Card and Payments, said the customer’s account was corrected and was being closely monitored.
Thompson said the fraudulent transaction was made on PayPal using the cardholder’s account details.
Savings account next
Unfortunately, the Absa client contacted MyBroadband soon after our initial article on the matter ran – their savings account had been hit by a fraudulent transaction for R5,200 to a “PayPal” account.
The cheque account, initially hit by the fraudulent transaction, and savings account were linked in the same online banking profile, and were both registered under the same client name.
In addition to this, the savings account had also been drawn into an overdraft, despite the savings account not having an overdraft facility, he said.
This was a similar scenario to what took place on the cheque account with its “shadow overdraft”.
Absa’s software change
Absa told MyBroadband that is has now found the cause of the issue which resulted in the fraudulent charges.
As it stated previously, the cause was a single fraudulent transaction on the customer’s account which incorrectly re-posted to the account several times.
Thompson said the root cause of the errors was tracked to a change in Absa’s software used to manage the chargeback of Visa transactions – which was implemented at the start of May.
“The represented transaction in relation to [the client’s account] was one of the first transactions processed on the newly-deployed software. Through our investigations, we detected a bug which caused the transaction to erroneously post back to the customer’s account over a number of days,” said Thompson.
“We have since resolved the software issue that resulted in the transaction errors and the customer account has been corrected.”
Thompson said the client held a Visa debit card, which was linked to their cheque and savings account.
After the first fraudulent charge was made using the debit card in February, the customer was refunded in March.
“Under Visa scheme rules, we have the option to attempt to recover the money – called a chargeback – for the bank from the company that processed the transaction, if we felt that the rules had not been followed and we were able to do this on this transaction.”
The merchant also has the option to reject this request, which happened in this case.
The transaction should have gone into a suspense account for manual review, but this did not take place.
Instead, the transaction was erroneously posted back to the customer’s cheque account multiple times, and then the savings account on 16 May.
“These errors were a result of a software issue as outlined above,” said Thompson.
On the matter of the shadow overdraft, Thompson said the facility is a credit limit over and above the agreed customer cheque overdraft limit.
“The facility is offered to customers with approved overdraft limits only, and based on the customer risk profile and behaviour,” he said.
“A shadow overdraft allows the customer to, in certain instances, exceed their agreed overdraft facility, depending on the amount and the rules around whether to pay or not pay a transaction.”
“This customer did not have an overdraft at all and therefore there was no shadow overdraft limit.”