Card Fraud South Africa

Similar documents
Card Fraud SOUTH AFRICA

CARD FRAUD BOOKLET Protect your card and information at all times PAGE: 1 // 42

- Overview of ATM transactions (cash withdrawals) in credit card fraud (2016)

protect fraudulent against transactions your business Introduction What is a fraudulent transaction? Merchant Responsibilities Card Present

minimise card fraud in your business.

2017 annual fraud update:

Your Guide to. Credit Card Skimming: How to Spot and Avoid Fraudulent Charges

January to June 2016 fraud update: Payment cards, remote banking and cheque

Your Merchant Facility and Managing Risk

Payment Fraud Statistics

Payment Fraud Statistics

BOQ MERCHANT FACILITY

Year-end 2016 fraud update: Payment cards, remote banking and cheque

Merchant Business Solutions.

Protect your business.

General Information for Cardholder s on PIN & PAY

Merchant Business Solutions. Protecting business against credit card fraud.

Card and Account Security. Important information about your card and account.

Fraud Prevention for Merchants. Protecting business against credit card fraud

Fraud Prevention for Merchants

CONSUMER FRAUD GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Get the most out of your membership

SCTEM. Preventing Fraud and Misuse in Your Card Program. Presented By: Gonca Latif-Schmitt, Managing Director Citi

Hume Bank Limited ABN AFSL & Australian Credit Licence No Conditions of Use. Hume Value, Clear and Business credit cards

card fraud business Helpful information for Merchants Avoiding card fraud

Experience business banking with more control.

Focused on card fraud prevention

How to combat card fraud. A guide to detecting and preventing card fraud

CONDITIONS OF USE FOR VISA CREDIT CARD

ADCB Merchant Services - Business Solutions

Why your PSP should be your best defence against fraud

ATM/Debit. Terms and Conditions

Bank of Ireland is regulated by the Central Bank of Ireland. Contactless R.6 (01/18)

Financial Crime: Awareness & Prevention. Jon Jarosinski

Recognizing Credit Card Fraud

Account means your designated account with ANZ through which Card Transactions are settled.

Visa s Approach to Card Fraud and Identity Theft

FNB Global Accounts. Terms & Conditions

Divided we fall: Fighting payments fraud together

Financial Transactions and Fraud Schemes

WHEN BAD THINGS HAPPEN TO YOUR GOOD NAME

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security

Ball State University

Product Disclosure Statement Spriggy Parent Wallet

CHARGEBACK GUIDE.

How to guard against fraud

Terms and Conditions Booklet for the. EBS Teen Savings Account

Overview of Card Regulations, Disputes, & Fraud. Tina Giorgio, President & CEO ICBA Bancard Inc.

Administration and Department Credit Card Policy

Debit Card User Guide

ARC s Guide to Travel Agency Payment Card Acceptance, Risk Mitigation and Chargeback Management

Negozju Card Conditions of Use

State of Card Fraud: 2018

Business Day means any day other than a Saturday, Sunday or national public holiday on which banks are open for business in Gibraltar and the UK.

Customer Protection Policy (Unauthorized Electronic Banking Transactions)

Visa Debit Conditions of Use

EMV Chargeback Best Practices

CUA Credit Cards. Conditions of Use and Credit Guide

Provided with permission to Mauch Chunk Trust Company Source: Security Breaches & Identity Theft Consumer Survey presented by RateWatch

Debit MasterCard. Conditions of Use. These are the conditions of use that apply to your Rabobank Debit MasterCard. You must read and retain them.

RETAIL SPECIFIC NEWS Keeping you in the know

CONTENTS INTRODUCTION ABBREVIATIONS/ACRONYMS

Managing Chargebacks. April 2016

PCI Training. If your department processes credit card information, it is CRITICAL that you understand the importance of protecting this data.

Debit Card User Guide

TERMS AND CONDITIONS FOR THE ISSUANCE AND USE OF A DEBIT CARD

Debit Card. Terms and Conditions of Use

A report showing the merchant s settlement. The acquirer settlement report is generated by the acquiring bank at the end of every billing cycle.

BANKING PROCEDURE AND CONTROL OF CASH

Suncorp Bank EFTPOS. Terms and Conditions for a Suncorp Merchant Facility

personal credit cards terms and conditions

Payment Card Industry Data Security Standards (PCI DSS) Initial Training

3D Secure Frequently Asked Questions

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

CREDIT CARDS CONDITIONS OF USE

GENERAL TERMS AND CONDITIONS FOR THE USE OF VISA AND/OR MASTERCARD CARDS

Nordea Debit Nordea Electron. Cardholder s guide

CUA Credit Cards Conditions of Use and Credit Guide

Suncorp MPOS. Terms and Conditions for a Suncorp Merchant Facility

Debit Card Conditions of Use

Episteme: an online interdisciplinary, multidisciplinary & multi-cultural journal. Bharat College of Commerce, Badlapur, MMR, India

Procedure guide. For a smoother operation

Westpac Low Fee Platinum Card.

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

D A T A S E C U R I T Y, F R A U D P R E V E N T I O N A N D P C I C O M P L I A N C E. May 2015

Selected Terms & Conditions for Wells Fargo Business Debit, ATM and Deposit Cards

TERMS AND CONDITIONS FOR THE ISSUANCE AND USE OF A CORPORATE CARD

Chart 1 How Fraudulently Used Consumer Information is Obtained M A Y

Hang Seng Credit Card Benefits Directory

ANZ COMMERCIAL CARD TERMS AND CONDITIONS

The Stark Reality of Synthetic ID Fraud How to Battle the Leading Identity Fraud Tactic in The Digital Age

CREDIT CARD SKIMMING BY DAN HARPOOL PRESIDENT AND CEO COMPLETE COMPUTING, INC

Debit Card Interchange Fees and Routing

FOLLOWING GLOBAL TRENDS, OR LEADING AN INDUSTRY LOCALLY?

Westpac Business Debit MasterCard. Conditions. Effective date: 25 August Your future is our future

SUPPLIER REGISTRATION & ACCREDITATION FORM. Registered name: Trading as name of business: Products &/ services offered:

TERMS & CONDITIONS FOR THE ISSUANCE AND USE OF A ČSOB CREDIT CARD

International Prepaid Card. These are your International Prepaid Card Terms and Conditions.

GE N E RA L C A RD T E RM S A N D C O N D IT IO N S F O R PRIV A T E C US T O M E R S

Personal Danske MasterCard Credit Cards Terms and Conditions

Transcription:

Card Fraud South Africa 2011-2012

Table of contents Summary 3 Qualification of information 4 National overview of credit card fraud (2006 to 2012) 5 SA-issued credit card fraud per fraud type (all countries) 6 Where does the fraudulent expenditure occur? 7 Credit card fraud loss (all countries) 8 How does SA compare internationally? 9 Credit card fraud loss in SA 11 Geographical distribution 13 Breakdown of fraud types Card not present credit card fraud 14 What is card not present fraud? 15 Counterfeit credit card fraud 17 What is counterfeit card fraud? 19 Lost and/or stolen credit card fraud 20 What is lost and/or stolen card fraud? 21 False application credit card fraud 22 What is false application card fraud? 23 Account takeover credit card fraud 24 What is account takeover fraud? 25 Not received issued credit card fraud 26 What is not received issued card fraud? 27 Debit card fraud 28 Card skimming What is card skimming? 30 Card skimming with handheld devices 31 What does a handheld skimming device look like? 33 Card skimming with ATM-mounted devices 34 What does an ATM-mounted skimming device look like? 35 Industry measures to prevent card fraud Protection of client data 36 Chip and PIN 36 Improvement of internal systems and processes 37 Sharing of information 37 Dedicated card workgroup 38 Directorate for Priority Crime Investigation reaction teams 38 Crime awareness 38 Future threats 39 PAGE 2 Card Fraud 2012

Summary The gross fraud loss due to credit card fraud has decreased by 18% from January to September 2012, compared with the same period in 2011. Counterfeit credit card fraud gross losses decreased by 45% in 2012 and contribute 38% of the overall credit card fraud gross loss. Altogether 61% of the counterfeit credit card fraud occurs within SA. Card not present (CNP) fraud contributed 51% to the credit card gross fraud losses in 2012 and increased by 16%. CNP fraud was the biggest contributor to fraudulent expenditure on SA-issued credit cards in SA and in other countries during 2012. In 2012 the gross fraud losses on SA-issued credit cards used inside SA decreased by 32%. Credit card fraud gross losses on SA-issued credit cards used outside SA increased by 10%. In 2012 45% of the gross fraud losses occurred outside SA. Counterfeit card fraud outside SA decreased by 12% and CNP fraud increased by 27%. Credit card fraud occurred in all provinces in varying degrees, with Gauteng, KwaZulu-Natal and Western Cape being the provinces with the highest frequency of card fraud in SA. These provinces account for 90,9% of recorded losses. Debit card fraud gross losses decreased by 7% during 2012. The majority (97%) of the fraudulent transactions were counterfeit debit card fraud, of which 83% can be linked to cash withdrawals at ATMs. Special thanks to Nedbank Limited Editorial and Language Services (Enterprise Governance and Compliance) for their contribution in editing this document. PAGE 3 Card fraud 2012

Qualification of information This report utilises credit and debit card fraud information as provided by Absa, First National Bank, Standard Bank of SA, Nedbank, Investec, Virgin, American Express, Diners Club, Capitec Bank, Mercantile Bank, Bidvest, UBank, Bank of Athens and African Bank. Cheque card fraud is included in the credit card fraud figures. Reporting covers the period of 1 January 2012 to 30 September 2012. For the comparative analysis the abovementioned period will be compared with the similar periods in previous years, with greater focus on 2011 to 2012. The information set used is all credit and debit card fraud losses as reported to SABRIC up to 25 October 2012. All fraud losses mentioned in this booklet refer to gross fraud losses and do not necessarily relate to losses suffered by the banking industry. PAGE 4 Card fraud 2012

National overview of credit card fraud (2006 to 2012) The banking industry s financial gross losses due to SA-issued credit card fraud decreased by 18%, from R367,4m in 2011 to R300,6m in 2012, for the first three quarters of the year. CNP fraud increased by 16% during the reporting period. Counterfeit card fraud decreased by 45% in 2012, which can be attributed to industry initiatives to upgrade risk detection and prevention systems, the rollout of chip and PIN credit cards as well as proper law enforcement and good work by the banking industry in identifying and arresting perpetrators. The fraud figures in the graph below show the total gross industry fraud loss on SA-issued credit cards irrespective of the geographical location of the fraudulent transaction. Card fraud losses on SA-issued cards (all countries) (Jan to Sept 2006 to 2012) R400 R350 R300 Millions R250 R200 R150 R100 R50 R0 R178,3m R278,4m R367,9m R291,7m R186,9m R367,4m R300,6m 2006 2007 2008 2009 2010 2011 2012 PAGE 5 Card fraud 2012

SA-issued credit card fraud per fraud type (all countries) Fraud Type 2006 2007 2008 2009 2010 2011 2012 Lost and/or stolen Not received issued False application fraud Counterfeit card fraud Account takeover fraud CNP fraud R66,2m R4,2m R29,8m R53,5m <R1m R22,3m R117,5m R5,1m R18,2m R94,7m <R1m R40,7m R117,5m R10,4m R11,1m R157,1m R1,6m R65,8m R65,7m R8,8m R5,4m R145,7m <R1m R63,1m R25,8m R1,7m R1,8m R92,7m <R1m R64,2m R18,3m R1,3m R4m R207,7m <R1m R133,4m R15,6m <R1m R13,3m R113,9m R1m R154,7m All figures in R millions.

Where does the fraudulent expenditure occur? R300 Card fraud losses on SA-issued cards (Jan to Sept 2006 to 2012) Millions R250 R200 R150 R100 R50 R0 R48,18m R130,16m R65,06m R213,4m R95,52m R272,4m R78,26m R213,45m R72,86m R114,05m R 123,56m R 243,93m R 135,85m R 164,83m 2006 2007 2008 2009 2010 2011 2012 Transactions not in SA Transactions in SA PAGE 7 Card fraud 2012

Credit card fraud loss (all countries) Credit card fraud losses on SA-issued credit cards used inside SA decreased by 32% in 2012. Credit card fraud losses on SAissued credit cards used outside SA increased by 10% during 2012. This is a substantial reduction when compared with the 70% increase seen from 2010 to 2011. In 2012 45% of the losses suffered by the banking industry occurred outside the borders of SA. Counterfeit card fraud losses outside SA decreased by 12% and CNP fraud increased by 27%, while CNP fraud (64%) was the biggest contributor of fraudulent expenditure on SA-issued credit cards in other countries in 2012. Criminals are increasingly using counterfeit SA-issued credit cards in neighbouring countries, such as Namibia, Botswana, Zimbabwe, and other African countries, such as Kenya, Zambia, and Mozambique. These transactions are mostly fraudulent cash withdrawals at ATMs. The following shows the top five countries in which SA-issued cards are used internationally. Top five countries with the highest recorded financial losses due to CNP and counterfeit card fraud on SA-issued credit cards during 2012. CNP COUNTERFEIT United Kingdom United States United States Italy Germany Brazil China Namibia France United Kingdom PAGE 8 Card fraud 2012

How does SA compare internationally? 350 Card fraud losses on UK-issued cards (Jan to June 2007 to 2012) 300 250 Millions 200 150 100 50 0 263,6m 304,2m 232,8m 186,8m 169,8m 185m 2007 2008 2009 2010 2011 2012 Source: The UK Cards Association, press release of 27 September 2012. PAGE 9 Card fraud 2012

According to Financial Fraud Action UK, fraud losses on UK cards increased by 9% from January to June 2012, compared with the same period in 2011. CNP fraud is the highest loss category, responsible for 62,5% of total losses. Lost and/or stolen card fraud (15,14%) increased by 9% and is the second highest loss category, followed by counterfeit card fraud at 10,92%. The UK banking industry implemented various initiatives to make it more difficult for criminals to commit high-tech frauds, including skimming and counterfeit card fraud. However, criminals are reverting to more basic forms of fraud, such as stealing cards and PINs and using scams to coerce clients into handing over their cards and PINs, hence the increase in lost and/or stolen card fraud in the UK. In SA the prevalence of card skimming incidents is still very high, resulting in a significant portion of fraud losses still being linked to counterfeit card fraud. Australian card fraud losses increased by 50%, with 71% of all reported fraudulent transactions being attributed to CNP. Debit card fraud, especially counterfeit card fraud related to skimming, decreased by 18% during 2011, mainly attributable to the rollout of chip and PIN debit cards. PAGE 10 Card fraud 2012

Credit card fraud loss in SA Credit card fraud on SA-issued cards used in SA decreased by 32%, from R243,9m in 2011 to R164,8m in 2012. The main contributing factor to this decrease was the 56% improvement in counterfeit card fraud (R157,8m in 2011 to R69,8m in 2012). Lost and/or stolen credit card fraud losses decreased by 15% in 2012, and the impact of chip and PIN and other successful banking industry prevention strategies is clearly visible. The changes in business processes linked to chip and PIN card deployment have necessitated criminals to change their modus operandi, resulting in an increase in CNP fraud. CNP fraud committed within SA increased by 4% from R64,5m in 2011 to R67,1m in 2012.

R160 Card fraud split by card type (year-on-year, Jan to Sept 2006 to 2012) R140 R120 R100 R80 R60 R40 Millions R20 R0 2006 2007 2008 2009 2010 2011 2012 Not received issued Account takeover False applications Lost/Stolen Counterfeit Card not present PAGE 12 Card fraud 2012

Geographical distribution Gauteng, the Western Cape and KwaZulu-Natal account for 91% of total credit card fraud losses in SA, with the highest number of skimming devices also being recovered in these provinces. The remaining provinces account for 9% of fraud losses. Gauteng with 54%, the Western Cape with 28% and KwaZulu-Natal with 8% accounted for the majority of credit card losses reported during 2012. However, some of the other provinces had significant increases in credit card fraud. The two provinces with the highest increases in credit card fraud were the Eastern Cape with 84% and Mpumalanga with 60%. Provincial geographical distribution Eastern Cape Free State Gauteng Kwazulu-Natal Limpopo Mpumalanga North West Northern Cape Western Cape 2006 2007 2008 2009 2010 2011 2012 R1,9m R1,6m R67,8m R16,3m R1,5m R2,7m R1,4m <R1m R11,3m R4,8m R3,3m R91,9m R34,3m R2,7m R6,1m R4,3m <R1m R26,4m R4,9m R4,3m R117,5m R41,4m R3,5m R7,2m R5,2m <R1m R29m R2,1m R2,3m R85,9m R27,9m R2,1m R4,9m R2,6m <R1m R27m R1,3m R1,1m R49,4m R16,7m R2,2m R1,9m R1,4m <R1m R12,8m R1,9m R1,1m R73,6m R23,7m R2,4m R1,4m R1,8m <R1m R29,3m R3,6m R1,3m R73,9m R10,9m R2,7m R2,3m R2,1m <R1m R39,1m All figures in R millions PAGE 13 Card fraud 2012

Breakdown of fraud types (SA-issued credit cards used within and outside SA) Card not present credit card fraud CNP fraud increased by 16%, from R133,4m in 2011 to R154,8m in 2012, and contributed 51% of the total credit card fraud losses in 2012. Currently the vast majority of SA-issued credit cards are enabled by chip and PIN technology. The increases in CNP fraud seen over the past few years are a clear indication that SA credit card fraud trends are similar to those in other EMV-compliant countries such as the UK and Australia. 'Card not present' fraud (Jan to Sept 2006 to 2012) R180 R160 R140 R120 R100 R80 R60 R40 R20 R0 Millions R22m R41m R66m R63m R64m R133m R154,7m 2006 2007 2008 2009 2010 2011 2012 PAGE 14 Card fraud 2012

What is card not present fraud? CNP fraud involves a fraudulent transaction where neither the card nor the cardholder is present when conducting the transaction. CNP transactions can be conducted under the following circumstances: Orders for goods placed telephonically. Purchases conducted via the internet, mail order or fax. During such transactions retailers are unable physically to check the card or the identity of the cardholder, resulting in the card user becoming anonymous and being able to disguise his or her true identity. Fraudulent CNP transactions are generally concluded with fraudulently obtained card data and personal information. The card details are normally compromised without the cardholder s knowledge, sourced from discarded receipts or previous CNP purchases, or obtained from the cardholder. In recent years syndicates also obtained client card details through bulk data compromises, such as the Sony Play Station compromise in 2011. While the three- or four-digit card security code on cards (referred to as the CVV2 or CVC2) can certainly assist with the prevention of fraud in cases where card details have been illegally obtained, it does not prevent fraud where the card itself is stolen or intercepted, or where the cardholder willingly supplied the information to a criminal during a specific transaction. The banking industry continues to enhance its detection and prevention capabilities. The development of neural networking systems that monitor client transactions in real time can, for example, flag certain countries or merchants when irregular spending patterns are identified. Merchants offering internet transactions are advised to use transaction authentication software such as 3D Secure to protect themselves and their clients or customers. PAGE 15 Card fraud 2012

Bank clients are urged to protect their card information and make use of the online security products offered by card associations or their relevant banks. Clients are urged only to use online merchants that conform to this standard. It is also important for clients to review their bank statements regularly to identify irregularities and notify their banking institutions immediately should irregularity be detected. SMS notifications when transactions are conducted on bank accounts are also a useful tool for detecting unauthorised transactions.

Counterfeit credit card fraud R250 'Counterfeit card' fraud (Jan to Sept 2006 to 2012) R200 R150 Millions R100 R50 R0 R54m R95m R157m R146m R93m R207,7m R113,9m 2006 2007 2008 2009 2010 2011 2012

Counterfeit card fraud decreased by 45% in 2012 and contributes 38% of overall credit card fraud gross losses. Syndicates using counterfeit SA-issued credit cards are mainly operating within SA. Altogether 61% of all counterfeit credit card losses occurred within SA. However, counterfeit credit card fraud losses within SA decreased by 56% during 2012 (from R157,8m to R69,8m). The SA Police Service in collaboration with the SA banking industry regularly arrest perpetrators of counterfeit card fraud, including those in possession of skimming devices. The banking industry, law enforcement authorities and other relevant stakeholders are coordinating joint investigations and operations to ensure successful arrests and prosecution. Skimming of cards (with handheld or ATM-mounted devices) is currently the preferred modus operandi of criminals for obtaining cardholder information. Clients are urged not to let their cards out of their sight when making transactions. It is also important that bank clients familiarise themselves with their bank s ATMs in order to identify any foreign or suspicious objects attached to the ATM. PAGE 18 Card fraud 2012

What is counterfeit card fraud? Counterfeit card fraud involves fraud arising from a card that has been illegally manufactured using information usually obtained from the magnetic strip of a genuinely issued card through card skimming. In some cases lost and/or stolen cards and/or old cards are reencoded with information stolen from a genuine card for purposes of committing counterfeit card fraud.

Lost and/or stolen credit card fraud R140 'Lost and/or stolen card' fraud (Jan to Sept 2006 to 2012) R120 R100 Millions R80 R60 R40 R20 R0 R66m R118m R118m R66m R26m R18m R15,6m 2006 2007 2008 2009 2010 2011 2012 Lost and/or stolen credit card fraud decreased by 15%, from R18,3m in 2011 to R15,6m in 2012. The impact of the rollout of chip and PIN cards and other successful banking industry prevention strategies are clearly visible. The banking industry embarked on various awareness initiatives, such as alerting clients to the importance of keeping their cards safe and notifying the bank immediately if one of their cards is lost and/or stolen. PAGE 20 Card fraud 2012

What is lost and/or stolen card fraud? Lost card fraud involves a fraudulent transaction that occurred on a valid issued card after a cardholder has lost his or her card, with the card no longer being in his or her possession. Stolen card fraud involves fraud as a result of a fraudulent transaction that is performed on a valid issued card that has been stolen from a legitimate owner.

False application credit card fraud 'False application' fraud (Jan to Sept 2006 to 2012) R35 R30 R25 R20 Millions R15 R10 R5 R0 R30m R18m R11m R5m R2m R4m 2006 2007 2008 2009 2010 2011 2012 R13m Credit card fraud loss associated with false applications for credit cards accounts for 4% of overall credit card losses. During 2012 the gross fraud loss increased by 226%, from R4,1m to R13,4m. Although the impact of false applications on credit card fraud losses is minimal, SA banks are not complacent and continuous improvement strategies for fraud detection and prevention measures are in place. PAGE 22 Card fraud 2012

What is false application card fraud? False application fraud occurs when a fraudulent transaction is carried out on an account where the card has been acquired by falsifying a credit application.

Account takeover credit card fraud 'Account takeover' fraud (Jan to Sept 2006 to 2012) R1 800 R1 600 R1 400 R1 200 Thousands R1 000 R800 R600 R400 R200 R0 R447 987 R310 923 R1,6m R781 198 R611 941 R255 355 2006 2007 2008 2009 2010 2011 2012 R1m Losses related to account takeover fraud increased by 38%, from R0,8m in 2011 to R1,1m to in 2012, however, the number of fraudulent transactions related to losses decreased by 33%. Although the percentage increase is high, the associated loss is relatively low. The banking industry constantly improves its internal systems to ensure the early detection of account takeover fraud. The industry is also continuously involved in making clients aware of the importance of protecting their personal information, such as identity books, bank account details, payslips, municipal bills and other statements. PAGE 24 Card fraud 2012

What is account takeover fraud? Account takeover fraud takes place when an existing account is taken over by someone posing as the genuine accountholder. The impostor then uses the account for his or her own benefit while pretending to be the genuine accountholder. The common denominator for both account takeover fraud and false application fraud is the fraudsters access to the personal information of their victims. In many instances the criminal will obtain personal or client-specific information and pretend to be the client in order to apply for a replacement card, which once received is used fraudulently.

Not received issued credit card fraud R12 'Not received issued card' fraud (Jan to Sept 2006 to 2012) R10 R8 Millions R6 R4 R2 R0 R4m R5m R10m R9m R1,7m R1,4m <R1m 2006 2007 2008 2009 2010 2011 2012 Not received issued card fraud decreased by 64%, from R1,4m in 2011 to R500 000 in 2012. Improved bank processes, eg the collection of cards from the branch and PIN codes received separately from the card, contributed to this improvement. Many of the banks also allow their clients to choose a PIN in the branch, further reducing the risk. Clients are urged to respond quickly to calls to collect replacement cards. It is also very important that bank clients contact their banks if replacement cards are not received within a reasonable time. PAGE 26 Card fraud 2012

What is not received issued card fraud? Not received issued card fraud relates to the interception of a genuinely issued card before it reaches the authentic client, with impostors using intercepted cards fraudulently.

Debit card fraud Debit card fraud gross losses amounted to R204m in 2012, compared with R219,9m in 2011 (7% decrease). Altogether 97% of these transactions constituted counterfeit debit card fraud, with 83% occurring at ATMs. Criminals need both the magnetic-strip information and the PIN of the debit card for transacting successfully. Most counterfeit debit card fraud can be directly linked to card skimming. Debit card fraud losses on SA-issued cards (all countries) (Jan to Sept 2011 to 2012) 48% 52% 2011 2012 PAGE 28 Card fraud 2012

The distribution of debit card fraud within SA follows a fairly similar pattern as that of credit card fraud. The majority of fraudulent transactions during 2012 took place in Gauteng (43,7%), KwaZulu-Natal (18,6%), the Eastern Cape (9,4%) and the Western Cape (9,3%), making these the top four positions. The other provinces together account for 19% of the gross fraud losses on debit cards. Province Eastern Cape Free State Gauteng KwaZulu-Natal Limpopo Mpumalanga North West Northern Cape Western Cape Percentage of debit card fraud losses per province (Jan to Sept 2011 to 2012) 2011 2012 17,9% 9,4% 3,1% 3,3% 42% 43,7% 18,8% 18,6% 2,6% 3,9% 4,6% 6,2% 3% 5,2% 0,4% 0,3% 7,5% 9,3%

Card Skimming What is card skimming? Card skimming involves the illegal copying of encoded information from the magnetic strip of a legitimate card by means of a card reader with the intention to use the data for encoding counterfeit, lost, or stolen cards for fraudulent purposes.

Card skimming with handheld devices The use of handheld skimming devices is one of the major contributors to the increase in counterfeit card fraud. From 2005 to September 2012 a total of 1 092 handheld skimming devices were retrieved, with 177 of these being seized from January to September 2012. 250 Retrieved handheld skimming devices (2005 to 2012) 200 150 100 50 0 44 48 90 143 206 190 194 177 2005 2006 2007 2008 2009 2010 2011 2012 Jan-Sep PAGE 31 Card fraud 2012

In 2012 the highest number of handheld skimming devices was retrieved in Gauteng (74), Western Cape (38) and KwaZulu-Natal (26). Mpumalanga showed an increase in the retrieving of devices during 2012, namely 16 compared with seven in 2011. Provincial distribution of retrieved handheld skimming devices (Jan to Sep 2012) 21% 8% 2% Eastern Cape Free State 2% Gauteng KwaZulu-Natal 9% 42% Limpopo Mpumalanga 2% 14% North West Western Cape Cards can be skimmed at ATMs or at points of sale and therefore bank clients are urged not to accept assistance from anybody at ATMs and not to let their cards out of sight when transacting. PAGE 32 Card fraud 2012

What does a handheld skimming device look like? The images below are examples of handheld skimming devices. Although there are many variations to these instruments that are used to copy card data from genuinely issued cards, handheld skimming devices are usually small objects that can easily be hidden in a pocket or handbag. The public is urged to report any individuals using these devices to the police. PAGE 33 Card fraud 2012

Card skimming with ATM-mounted devices Between January and September 2012 a total of 27 ATM-mounted skimming devices were retrieved by the banking industry and law enforcement authorities. The graph below gives an indication of the number of devices seized over the period from 2007 to September 2012 (a total of 128 devices). Retrieved ATM-mounted skimming devices (2007 to 2012) 60 50 40 30 53 20 10 1 2 9 36 27 0 2007 2008 2009 2010 2011 2012 Jan-Sep ATM-mounted skimming devices were retrieved in four of the nine provinces from January to September 2012. The highest number of devices retrieved was in Gauteng, with 19 devices, and the Western Cape, with five devices. ATM clients are encouraged to be on the lookout for foreign objects attached to ATMs and are urged always to conceal their PIN when transacting. PAGE 34 Card fraud 2012

What does an ATM-mounted skimming device look like? This device is difficult to recognise as it is manufactured to match the look and feel of the ATM. Always inspect the ATM and cover the PIN pad with your free hand when entering your PIN. PAGE 35 Card fraud 2012

Industry measures to prevent card fraud Protection of client data SA banks subscribe to PCI DSS standards as set by MasterCard, Visa and local legislation to protect client information, including cardholder data. Banks also urge their clients to become PCI aware as data security is of utmost importance. Chip and PIN Before the rollout of chip and PIN cards all credit card transactions relied on the information stored on the magnetic strip on the back of the card, which could easily be compromised. With the rollout of chip and PIN technology the banking industry replaced the magnetic strip with new technology, with credit card data embedded in a microchip and authenticated automatically using a PIN. The account information on the microchip is encrypted and cannot be stolen in the same manner as the information encoded on the magnetic strip. On chip-and-pin-enabled cards users are required to enter a PIN known only to themselves in order to validate card transactions. In Europe and countries such as Australia the implementation of chip and PIN technology helped the banking industry effectively to reduce counterfeit and lost and/or stolen card fraud. The reduction in counterfeit and lost and/or stolen credit card fraud on SA-issued cards can also be attributed to the successful rollout of chip and PIN technology in SA. Bank clients are, however, alerted to the fact that the magnetic strip on chip and PIN cards still contain data and that they should remain equally vigilant to avoid falling victim to skimming of the magnetic strip PAGE 36 Card fraud 2012

Improvement of internal systems and processes The SA banking industry invests in sophisticated IT programs to assist with the detection, prevention and reduction of bank card fraud. The following are some of the internal system improvements instituted by SA banks: Transaction monitoring, both the card issuing and acquiring platforms. SMS confirmation of transactions. Authorisation parameters and thresholds unique to the cardholder. Implementation of floor limits and the manipulation thereof for specific high-risk merchant groupings. Forensic investigations. Card fraud awareness training for merchants. Sharing of information SABRIC provides the industry with a national industry view of crime threats and trends and facilitates a collective approach to prevention, while the banking industry is provided with a platform for working together with private-public stakeholders, such as the SA Police Service and the National Prosecuting Authority, to reduce bank crime. PAGE 37 Card fraud 2012

Dedicated card workgroup The banking industry established a dedicated card fraud workgroup consisting of representatives of the Commercial Crime Unit of the SA Police Service, National Prosecuting Authority, Asset Forfeiture Unit, SARS, other stakeholders and the banking industry. Among others the card workgroup is responsible for the following: Industry threat assessment and analysis. Developing card fraud prevention measures. Mutual sharing of information and assisting the SA Police Service with operations. Detection, retrieval and imaging of skimming devices, and training of identified merchants. Directorate for Priority Crime Investigation reaction teams The introduction of the Directorate for Priority Crime Investigation reaction teams (Hawks) in provinces where card fraud is high has had a significant impact on curbing fraud. Crime Awareness SABRIC and the banking industry regularly partner with the media to alert bank clients to new scams and schemes and also provide crime prevention tips. PAGE 38 Card fraud 2012

Future threats Threats include: Counterfeit card fraud, especially through the skimming of cards, will remain a threat to the banking industry. CNP fraud will continue to increase, as seen in European countries where chip and PIN cards were introduced. As the SA market, and markets in other countries, reach saturation levels with regard to chip and PIN cards, criminals will have to find alternative measures for harvesting card information. In recent years syndicates obtained client card details through bulk data compromises, such as the Sony Play Station compromise in 2011.

Sabric (Association incorporated under section 21) Company Reg No: 2002/017376/08 90 Bekker Street cnr Allandale Road Building B Hertford Office Park Vorna Valley MIDRAND 1685 Tel: 011 847 3000 Fax: 011 847 3001 www.sabric.co.za

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback