In the review of the first quarter of 2019, the Ombudsman for Banking Services has seen an alarming increase in credit card fraud.
Credit card fraud is theft involving a payment card – either debit or credit – as a fraudulent source of funds in a transaction. The fraudster buys goods or has access to funds using the details of a legitimate credit card holder.
“Credit card fraud related complaints increased from 12,2% at the beginning of January 2019 to an alarming 19,47% as at end March 2019. It is of great concern that the elderly are more vulnerable to this kind of banking fraud,” says Reana Steyn, CEO and Ombudsman for Banking Services .
Statistics gathered in March indicate consumers aged between 61-70 make up 21% of the credit card fraud complaints: and those aged between 71-80 26%, while pensioners older than 81 accounted for 11% of the total.
“The types of fraud identified range from vishing, phishing, fraudulent on-line purchasing, and bank reward programmes used to purchase merchandise,” Steyn says. Scammers obtained credit card information fraudulently and utilised it without consumers realising what was happening or without their consent.
The following case summaries provides some insight into the type of complaints the OBS deals with regularly:
Joe Bloggs received a call from a fraudster pretending to be from the bank. The fraudster advised Joe that they had detected fraudulent online transactions in his name and asked him if knew about them. Joe had no knowledge of them and made it clear that he was concerned, believing he was talking to a legitimate bank clerk.
The fraudster advised that they would reverse the transactions, when Joe provided the SMS reference numbers to reverse the ‘fraudulent transactions”. Joe repeated the SMS reference numbers to the caller - thus enabling the fraudster to transact on his (Joe’s) account – the very thing he thought he was preventing.
Analysis: This is the modus operandi of a fraudster to lure a bank customer into believing that they are attempting to reverse transactions which have not yet taken place. They advise the customer that they will send reference numbers) to their phones which must be read back for the transactions to be reversed. This is t the “One Time Password” which authorises the transaction.
A fraudster made contact with Linda Dube supplying her with enough personal information (including account details) to convince her he was from her bank.
The fraudsteradvised Linda that the bank would like to convert her rewards points into cash. They requested a previously received OTP, to complete the transaction. Linda complied.
Upon receiving further similar calls, Linda realised that something was amiss, and reported the matter to the bank the same day. By this stage she was already defrauded out of R11 200.00.
Analysis: The modus operandi of fraudsters in this instance is commonly known as “vishing”. A customer is led to believe that they are being contacted by a legitimate bank employee regarding existing services. This is how the fraudster gains the client’s trust.
“Credit card fraud is a growing concern as banking systems increase in speed and efficiency,” says Steyn. At the same time, fraudsters apply more sophisticated tactics to defraud and rob customers of their hard-earned money and savings.. All bank customers, and particularly the elderly, need to be knowledgeable and vigilant about their preferred banking channels.”
- Review your account statements regularly; query disputed transactions with your bank immediately.
- When shopping online, only place orders with your card on a secure website.
- Do not send e-mails that quote your card number and expiry date.
To prevent “vishing” fraud:
- Never share personal and confidential information with strangers over the phone.
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
To prevent “phishing fraud” – fraudulent emails to obtain the customers’ confidential internet banking access codes and passwords, pay attention to email addresses that may seem genuine, and with what appears to be banking identification.
- Do not click on links or icons in unsolicited emails.
- Do not reply to these emails. Delete them immediately.
- Do not believe the content of unsolicited emails. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
- Type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.
- Check that you are on the authenticwebsite before entering any personal information.
- If you think your device might have been compromised, contact your bank immediately and request that your account be blocked.
- Create complicated passwords that are not easy to decipher and change them often.
How to complain?
- Lodge a formal, written complaint directly with your bank's dispute resolution department. For details please refer to our website.
- Ask for a complaint reference number from your bank.
- Allow the bank 20 working days in which to respond to your complaint
- Obtain a written response from your bank and if you are not satisfied with the outcome, please log the complaint with the Ombudsman for Banking Services.