The digital era has brought both advantages and concerns to the financial sector. Being able to conduct banking transactions whenever and wherever one happens to be is very convenient. Moving such sensitive data around the internet is a worry for most.
The future of finance is digital, and the measures institutions put in place to secure this connected world raise more than a few questions. Now that contactless payment has made its way to South Africa, consumers can be forgiven for wondering just how secure their details are.
According to Hector Rodriguez, VisaNet’s regional risk officer for Eastern Europe, the Middle East and Africa, this consumer knowledge gap is something financial institutions are keen to plug.
“Consumer education is critical from our perspective,” says Rodriguez. “In the last 10 years we’ve been trialling very successful card security in the South African market.
“Really, it’s about communicating the basics on consumer protection and consumer awareness for card-holders,” Rodriguez continues. “It’s about educating consumers [to] make sure your connection is secure before you conduct business.”
A lot of best practice to prevent credit card fraud should be obvious to consumers: don’t share your PIN with anyone, sign any cards issued by your bank immediately, and make sure you keep your card in view when making any purchases. But criminals in the connected world have become more savvy and devious in their efforts to obtain sensitive information.
Stats vary, but PwC reckons that cybercrime is the fourth most-reported financial crime in South Africa already, and as many as one in 14 emails sent in South Africa is part of an attempted scam. Cybercriminals routinely target both individuals and corporations with malware attacks, hoping that a lapse in judgment will grant them access to information, or entire systems.
South Africa was an early adopter of chip&PIN protection for credit and debit cards, but card fraud is still on the up – especially when it comes to “card not present” transactions. Traditional payment cards have a weakness in that, even though the chip is encrypted and cannot be cloned, anyone who has the card number, expiry date and three-digit CVV number from the back may be able to spend money online or over the phone.
Card companies are looking into ways to fight this. Gemalto and Oberthur Technologies, two French companies which manufacture smartcards, have independently developed “dynamic CVV” (DCVV) systems, through which the CVV number is updated every few minutes. This can be done either by requiring the customer to generate CVV codes with a mobile app, or by building a small LCD screen onto the back of cards themselves.
A few banks around the world have tested these super-smartcards, but none have the full system in place. In the meantime, the challenge is more straightforward.
“I would say we tend to spend more time in consumer education programmes in Africa than we would in, say, North America,” says Rodriguez. “Phishing is rife, as is social engineering, so we tailor our solutions to each region.”
According to a study released by the South African Banking Risk Information Centre (SABRIC), credit card fraud is steadily on the rise and is believed to cost South Africans in the region of R600-million a year.