Security9.12.2024

Card skimming warning for South Africans

While non-contact payment methods are becoming increasingly popular, South Africans using physical cards to make in-person transactions stand at risk of having them cloned.

South Africans lost R22 million to counterfeit card fraud in 2023, according to the South African Banking Risk Centre’s (Sabric) 2023 annual crime report.

Most of this — R12.6 million — was stolen using counterfeit debit cards, while R9.4 million was stolen using counterfeit credit cards.

While still a substantial sum, this was a significant decrease from 2022, when South Africans had R42.8 million stolen using counterfeit cards.

A counterfeit card is an illegitimately manufactured bank card using compromised data from the magnetic strip of a legitimate card.

This occurs through card cloning or skimming using a skimming machine that can capture card details, including the card number, cardholder’s name, and expiry date.

These skimming devices are often placed over areas where one would insert a card, such as an ATM or card machine.

Skimming devices can also capture a cardholder’s PIN by placing a fake keypad over the ATM’s keypad or installing a camera to record people entering their PINs.

Once attackers have this information, they can use it to make counterfeit cards, sell it online, or make fraudulent purchases online — known as card not present fraud.

While contactless payments are decreasing the threat of card skimming, in many cases, physical cards are still required to draw cash, which is still the dominant means of payment in South Africa.

This is why card skimming is prevalent at ATMs. The best way to mitigate the risk is to stay vigilant and watch out for skimming devices when using ATMs and card machines.

A visual and physical inspection can help to identify such devices when using an ATM.

One way to do so is to check the card reader’s alignment with the attached panel.

Card skimming devices are placed on top of the actual card reader to dupe users. If the card reader does not seem to be attached flush with the machine, it is most likely a skimming device.

Card skimming can also occur at a merchant’s point of sale using tampered devices.

Card fraud perpetrators often provide retail outlet personnel, such as waiters and cashiers, with handheld skimming devices.

The PIN is either stolen by peeking or using thermal technology when the victim enters it.

One possible red flag for a tampered meter is if you insert the card and it does not leave enough room for your thumb to remain entirely on it. If this happens, you should not enter your PIN.

While card skimming has come to be understood in the physical sense, it is also possible to skim a digital card when the owner is making an online transaction.

In this case, attackers will use a fake website to deceive users into attempting to make a purchase, harvesting their information, which they then sell or use in card-not-present fraud.

This recently occurred with a website that attempted to replicate a Checkers online store, luring potential victims with significant discounts on tech products.

These websites will often be advertised on social media as scammers attempt to reach as many people as possible.

However, there are ways to tell if a website or payment portal is fraudulent.

“As consumers, we must just be very vigilant of what we’re looking at. If it’s too good to be true, then it is,” Nclose co-founder and business development director Stephen Osler warns.

If still in doubt, users should pay attention to the URL to see whether it matches the site.

Similar to phishing emails, differences in the URL may be almost unnoticeable.

Therefore, it may be advisable to type in an e-commerce platform’s address manually or call a smaller, lesser-known business to ensure it exists and is safe.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter