Criminals are targetting ‘tap to pay’ in South Africa – what you need to know
A recent security video in South Africa shows how criminals are targetting bank cards with the tap-to-pay functionality to steal from victims.
Tap-and-go or contactless payments – such as tapping your card or using your smartphone or smartwatch at a point-of-sale (POS) machine – are becoming increasingly popular due to their convenience.
However, although banks have developed fraud detection and prevention systems, such as SIM Swap detection, transaction monitoring, 2-factor authentication (2FA) and other customer identification methods, fraudsters are constantly devising new ways to bypass these systems, making it an ongoing battle for banks to stay one step ahead.
One such tactic was illustrated in a security video on social media platform X.
Shared by Crime Watch’s Yusuf Abramjee, a security video of an unknown store shows how card scammers clone banking card information using the tap-to-pay function.
In the video, the criminals place items they intend to “buy” at the point of sales desk while talking to the cashier, before telling the victim to go in front of them for some reason.
The victim then goes ahead of the criminals to pay for their goods. However, when they pay using their card, the criminal gets close enough to use his smartphone to scan the card using software that likely clones the card’s details.
This all happens without the victim’s knowledge or notification that their card has been scanned.
The video can be viewed below.
Tap-Tap!!! Be careful of Card Scammers.
— Yusuf Abramjee (@Abramjee) March 12, 2024
The victim had no clue that her card was being cloned or that she was being scammed. #CrimeWatch pic.twitter.com/TWXJ9BIGpO
According to the Ombudsman for Banking Services (OBSSA), this scam works by exploiting near-field communication (NFC) technology and tap-and-go payment systems.
NFC technology scams involve fraudsters using stolen bank card information, such as the card number, expiry date, and CVV number, to make fraudulent purchases through digital wallets.
The OBSSA noted that fraudsters use stolen card information to link their smart devices, such as smartphones and smartwatches, to payment platforms like Samsung Pay, Apple Pay, Garmin Pay, and Google Pay.
It added this type of fraud is becoming popular among criminals because NFC/digital wallet payments do not require OTPs for every transaction – much like when you don’t receive an OTP when purchasing through tap-to-pay, albeit at a certain limit.
The Ombudsman confirmed hundreds of NFC fraud-related complaints have recently formally been reported and investigated by her office.
The losses suffered are in the millions of rands, with customers’ accounts fraudulently drained through tap-and-go purchases made with smart devices in mostly foreign jurisdictions such as Dubai, France, and Spain while the legitimate cardholders were in South Africa.
