Fast food outlet KFC is investigating the credit card scam that cost South African banks \u201cmany millions of rands\u201d and targeted the fast food industry.<\/p>\n
Doug Smart, MD of KFC South, said in a short statement that the company is taking the issue very seriously and cannot comment on a statement by Walter Volker<\/a>, CEO of the Payments Association of South Africa (Pasa<\/a>) that the industry was vulnerable to an international criminal syndicate because it was not fully compliant with security measures.<\/p>\n If this is indeed the case, some of the banks that incurred losses might try to reclaim it from the errand retailers.<\/p>\n \u201cOur first priority is to make sure that the impact on our customers remains minimal. In the unlikely event that customers believe they may have been impacted by the malware, they should immediately make contact with their own bank to investigate and resolve queries on their accounts. We are working with the Payments Association of South Africa (PASA) as well as our own banks in their on-going investigations\u201d, Smart said.<\/p>\n Volker earlier confirmed that South African banks have lost \u201cmany millions of rands\u201d as a result of a sophisticated scam in which criminals abroad accessed the card data of clients who bought fast food at several outlets in the country.<\/p>\n This was first reported by TechCentral describing how a custom-written variation of the Dexter malware caused \u201cone of the worst breaches of customer card data in the country\u2019s history\u201d.<\/p>\n \u201cThe industry has taken immediate and pro-active steps to identify the extent of the potential exposure, clean up confirmed sites with effective custom anti-malware software and carefully monitor transactions on the cards involved in order to detect possible unusual activity\u201d, says Volker.<\/p>\n Customers suffered no loss, apart from the inconvenience of sorting out unauthorized overseas transactions on their card accounts, says Volker.<\/p>\n He says \u201cvery clever people\u201d troll the internet to find vulnerable systems where security systems have been compromised or not adhered to. In this case they found those conditions in sections of the fast food industry and launched their attack.<\/p>\n The malware infiltrated the back office computer system of the particular outlets, copied the data from cards used to purchase fast food and sent it to criminals abroad. There it was sold to other parties who used it to issue fraudulent cards in Europe and America, where they were used for in store purchases.<\/p>\n Volker says mostly credit and cheque cards were affected. They were mostly not chip enabled and typically required a signature. Pins were never compromised.<\/p>\n No fraudulent cards were issued or used in South Africa as a result of the scam. \u201cIt is clear, if it is not the customer\u2019s fault, he won\u2019t suffer the loss, says Volker. Typically a client would see suspicious overseas transactions on his card account or be notified of such. Since it is not his fault, the issuing bank would reverse the transaction. If the client\u2019s bank is convinced that the loss his none of his doing, but has been caused by a problem on the side of the outlet\u2019s payment system, he can reclaim the loss from the bank backing that system. That bank can reclaim from the outlet if it is found that the outlet did not comply with the security measures contained in its contract for payment services.<\/p>\n Volker says the attack was very sophisticated and is \u201conly the second reasonably big incident\u201d after the PayGate issue last year that also affected cards.<\/p>\n He says the on-going cost of security to stay one step ahead of sophisticated and technically savvy criminals is enormous. \u201cPASA is working with the banks and the card schemes to implement immediate measures to block the potential exposure of card data and bring merchants to a state of full compliance to the Payment Card Industry Data Security Standards (PCI DSS).\u201d Full compliance will limit the risk to all concerned considerably, says Volker.<\/p>\n He says cardholders who have concerns or are suspicious of any transactions appearing on their card statements or of which they are alerted to by their banks should contact their bank directly and immediately.<\/p>\n According to TechCentral the South African Police Service (SAPS<\/a>), Interpol and Europol are working together to bring the syndicate to book.<\/p>\n Source: Moneyweb<\/a><\/em><\/p>\n
\nIt is not clear how many client transactions were compromised, says Volker. It was widespread across fast food brands, he says. Pasa has commissioned the development of antimalware software and this has already been used to clean up the affected systems. \u201cThere is no reason to be concerned,\u201d says Volker.<\/p>\nMore on fast food card scam<\/h3>\n