Major change at toll gates in South Africa
The South Africa National Roads Agency (Sanral) has said that its decision to stop accepting magnetic stripe (magstripe) payment methods at certain toll plazas this December is part of a greater effort to completely phase it out by July 2026.
This is according to Sanral spokesperson Vusi Mona, who told Cape Talk that while major toll plazas nationwide now only accept contactless card payments, others will still accept magstripe payments.
“The change will effectively phase out what is known as a magnetic stripe-based payment method, and only contactless-enabled debit and credit cards will be accepted at some toll plazas,” Mona said.
“The fleet, garage, and petrol cards will still be accepted temporarily, but the mass transition to contactless payments will occur by 1 July 2026,” Mona said.
The tolls that will only accept contactless payments are those of the N3 and N4 toll routes and Chapmans Peak. Cash and e-tags will still be accepted.
Mona said that the move away from cards that do not facilitate contactless payments is a decision made by South African banks due to increased card fraud.
He said that in the past, one would have had to hand their card to the operator in the toll booth, which created suspicion of card cloning.
Toll plazas have been identified as card fraud hotspots, which has led banks to roll out contactless payments at tolls.
MyBroadband recently reported a flood of complaints from mostly FNB and Standard Bank customers that huge sums were being deducted from their cards with “FACEBK” in the description.
The transactions went through without users authorising them through a 3D Secure multifactor authentication challenge, leading to speculation that there had been a security breach.
However, the banks explained that merchants could choose not to implement 3D Secure by assuming all the risk for potential fraud.
It is understood that platforms like Facebook and Amazon do this to reduce card payment processing costs and minimise friction on their platforms, making it easier for customers to pay for goods and services.
While the banks said very few customers were affected, it does raise the question of where the fraudsters obtained people’s card information.
One popular theory is card cloning at toll gates.
Within days of the FACEBK fraud making headlines, FNB told customers that they would no longer be able to swipe their cards at toll booths along several popular holiday routes.
However, the timing was a coincidence.
BusinessTech reported that Trans African Concessions announced last month that motorists would no longer be able to swipe their cards to pay for tolls along the N4 from December.
Shortly after, FNB and Visa announced they were rolling out contactless card payments at tollgates along the N3, N4, and Chapman’s Peak.
Mona said that contactless payments ensure the motorist’s card does not leave their sight.
“With the new system, the card does not leave your possession,” he said.
“While transacting may take longer, it will be safer for motorists at toll plazas.”
Card-not-present fraud
The above-mentioned “FACEBK” incident is an instance of card-not-present (CNP) fraud, where a payment is made using a debit or credit card without the physical card being used in the transaction.
According to the South African Banking Risk Centre’s 2023 annual crime statistics report, CNP accounted for over 68% of all card fraud committed in South Africa.
To counter these crimes, online merchants must implement advanced security measures to ensure the customer has their card at hand when making a payment, such as asking for the CVV number.
Despite these security measures, South Africans lost R764.4 million to CNP fraud in 2023. Most of this was stolen using debit cards — R425.9 million, while credit cards were used to steal R338.5 million.
CNP fraud has increased by roughly 18% since 2022.
It was also found that 63.1% of CNP fraud perpetrated using South African-issued credit cards was committed outside the country.
Similarly, 57.7% of CNP fraud using South African-issued debit cards was committed in a foreign country.
The countries where these fraudulent transactions occurred were the UK, UAE, US, Spain, Netherlands, Luxembourg, Ireland, Hong Kong, Estonia, and Cyprus.
Sabric found that the most prominent merchant groups where CNP fraud was perpetrated with credit cards were travel agencies, advertising services, electronic sales, and supermarkets.
On the other hand, those perpetrating CNP fraud with debit cards preferred dating services.