Banking3.12.2024

South Africans hit with major “FACEBK” card fraud

South Africans with credit cards issued by First National Bank (FNB), Standard Bank, Nedbank, Capitec, and Absa are complaining that fraudulent transactions processed by Facebook are draining their accounts.

Several customers from FNB and Standard Bank have contacted MyBroadband, complaining that large amounts have been deducted from their cards. They all said that the transaction description contained the contraction “FACEBK”.

One Absa customer also reported that they were targeted, but that the bank blocked the fraud attempt before the money went off.

However, others said they weren’t so lucky. One said they had 19 transactions go off against their account, while another said they had to report the fraud when they received an SMS for the transaction.

Many of the complaining customers do not have their cards linked to a Facebook account and have never made any purchases on the social media platform.

A search of social media sites like Twitter/X and Reddit reveal dozens of customers complaining about being defrauded.

Odd amounts were deducted across multiple transactions, including charges for R941.67, R1,596, R2,997.72, and R9,262.06.

Standard Bank also experienced a brief outage on Monday, leading to speculation that the incidents were related or that it had been hacked.

However, MyBroadband has established that this recent spate of card fraud is not limited to Standard Bank or FNB and is impacting people worldwide.

Posts on Reddit indicate that bank customers as far afield as the Philippines have been hit by the same fraud.

Based on the facts at hand, cybercriminals are using stolen credit card information to purchase Facebook advertising credits.

MyBroadband previously reported about an epidemic of Facebook hacking in South Africa that appears to originate from Vietnam, where attackers use compromised accounts to advertise various scams.

Therefore, a likely purpose for fraudulently purchased advertising credits is to promote scams and other cyberattacks on Facebook.

Bank customers have expressed alarm that these transactions went through without 3D Secure triggering, which would require them to approve transactions via their app or another multi-factor authentication mechanism.

This is because larger merchants like Facebook can elect not to use 3D Secure to speed up card transactions. However, they then assume any fraud risk.

Therefore, anyone who was defrauded should be able to get their money back — however, not all banks will make claiming easy.

It remains unclear how people’s credit card details were compromised.

One Twitter/X commenter who identifies himself as a retired banker speculated that SANRAL toll booths were likely culprits.

“I received a new credit card from FNB. The only time it was out of sight for a few seconds was at the two toll gates between Sasolburg and Bloemfontein on the N1 last month,” said Duncan Geach.

“My suspicions lie with SANRAL’s toll operators, who may have cloned my card behind that window.”

However, it should be noted that people’s card details could have been compromised through an as-yet-unknown breach at a payment processor, or possibly through several different leaks.

Chris Boxall, Head of FNB Card Transact and Fraud

FNB’s Head of Card Transact and Fraud, Chris Boxall, confirmed that they had identified fraudulent attempts that seemingly emanated from false Facebook merchants.

Boxall said the fraud impacted a limited number of customers.

“In this case, merchants may have opted to avoid 3D Secure authentication in order to speed up the checkout process,” he explained.

“As a consequence they are fully liable to accept the fraud risks, thereby impacted customers will be refunded by these merchants once the fraud case has been finalised.”

He assured that FNB uses world-class risk management processes to detect and mitigate its customers’ exposure to fraud.

“Considering this, the bank has already responded and introduced rules to mitigate these fraudulent attempts,” he said.

Boxall advised that customers should use FNB’s virtual card with a dynamic CVV number to help protect them from fraud like this.

“For in-store purchases, the virtual card can also be registered as a digital wallet on a smart device for customers to tap at a point-of-sale machine, while protected from possible fraud through the virtual card’s layered security features,” he said.

Standard Bank said it would investigate every fraud complaint on its individual merits, and the outcome communicated directly to the impacted client.

It confirmed that fraudsters exploit online channels to perpetuate schemes involving false advertising.

“They may use stolen or fraudulent card numbers to purchase advertising space online, promoting deceptive products, fake offers, or phishing scams designed to steal personal and financial information,” Standard Bank said.

“These ads can appear very legitimate, making it difficult for consumers and even advertising platforms to detect the fraud until it’s too late.”

To prevent this, Standard Bank said businesses and advertising platforms must employ stringent verification processes for advertisers.

These include vetting payment methods and monitoring ad content for signs of fraud.

“Combining this with robust payment security measures such as tokenization, multi-factor authentication (MFA), and machine learning-powered fraud detection can significantly reduce risks,” the bank stated.

Capitec said it actively monitors fraud linked to “FACEBK” transactions and has not observed a recent spike among its clients.

“If transactions are not securely authenticated on the App or with an OTP, we swiftly take action to assist our clients with the chargeback process,” a spokesperson told MyBroadband.

Capitec said if the transactions are securely authenticated, then the client is referred to the merchant for a resolution.

“We’re continuously improving our ability to detect and curb sudden spikes in scams, and are working with other banks to share insights. Protecting our clients remains our top priority,” it said.

Absa and Nedbank preventing some FACEBK fraud, Facebook silent

MyBroadband asked Absa how much of the fraud it was able to automatically detect and block.

Absa said it would only release anonymised statistics through the South African Banking Risk Information Centre.

Understandably, the bank did not wish to provide details about its anti-fraud systems.

“We continuously make substantial investments to safeguard our customers from fraud,” Absa’s Executive: Fraud Solutions at Absa Everyday Banking, Ally Mafunzwaini, told MyBroadband.

“This safeguard allows us to proactively identify potential fraudulent transactions and confirm such with customers, which was the case in this instance.”

Mafunzwaini said Absa monitors suspicious transactions through these tools and has a team of fraud experts who are dedicated to mitigating the risk of fraud.

Nedbank said it was aware of the complaints, and said its fraud detection system managed to prevent a large percentage of these transactions.

“However, there are also large volumes of legitimate Facebook advertising purchases which cannot be automatically blocked,” said Nedbank.

“All customers who fall prey to this fraud are reimbursed through the normal chargeback process. Nedbank will only refer a customer back to Meta if the customer does not dispute the purchase of the advertising, but only disputes that they had received the service they paid for.”

MyBroadband asked Facebook for comment and it did not respond by publication.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter