South African Banks Hit by Card Fraud

South African banks have lost millions of dollars this year in the biggest-ever payment card fraud to hit the continent’s wealthiest economy, according to the country’s financial transactions body the Payment Association of South Africa (PASA).

A syndicate of fraudsters believed to be based in Europe hacked into the server of point-of-sale (PoS) systems of retail shops, restaurants and fast-food eateries. “The fraud losses run in the region of tens of millions of rand [ZAR],” said Walter Volker, chief executive officer (CEO) of PASA. “It was quite substantial.”

The attackers used a variant of malware software known as Dexter to attack servers and steal data, which was then used to clone cards. “This category of data compromise is the biggest that we have experienced in the card industry in South Africa,” said Volker.

The attack was first detected early this year following unusually high levels of fraud. Forensic investigations discovered the malware inside the retail systems. The systems have now been cleaned at all affected sites, Volker confirmed.

Data was only stolen from magnetic strip cards and “no chip cards were compromised and no personal identification numbers [PINs] were compromised and none of the card verification value [CVV] numbers were compromised,” Volker added. Although he declined to identify retailers affected by the fraud, local media cited chicken fast food chain KFC as among the victims.


Related reading