Nicolette Dirk, finance writer, justmoney.co.za
From 1 January next year businesses in South Africa, that utilise card payments, will be required to draw up a current diagram to indicate how cardholder data flows throughout their system. This new regulation, stipulated by the PCI Data Security Standard (PCI DSS), was announced last month.
According to the South African Banking Risk Information Centre (Sabric) this change specifically addresses many typical security breaches, as credit card fraud in South Africa is still high.
Andrew Kirkland, regional director of Trustwave Africa said the key points that a card transaction goes through will be tracked down using this diagram. This tracking process, from user to bank, will take milliseconds.
At present the safety chip and pin is one of the few technological safety measures used in the combat card fraud.
But Kirkland said there are plans to implement a system where your information will be tracked by your bank using encrypted information sent to them whenever you make a transaction.
How bad is card fraud?
Sabric recently published their annual card fraud campaign where statistics show how much card fraud is costing the country.
Credit card fraud losses have increased by 22% from R300.6m in 2012 to R366.8m in 2013. Card Not Present (CNP) fraud, which is a major loss category, increased by 16% during the same period, from R154.7m in 2012 to R178.7m in 2013.
In 2012, 45% of credit card fraud losses occurred outside the borders of South Africa and this figure has increased to 60.1% for the period under review. Credit card fraud losses on South Africa issued credit cards used inside South Africa decreased by 11.4% in 2013. Counterfeit card fraud remains high.
“Criminals are progressively using counterfeit South African issued credit cards in neighbouring countries such as Namibia, Botswana and Mozambique and these transactions are mostly related to fraudulent cash withdrawals at ATMs,” said Sabric CEO, Kalyani Pillay.
Protect yourself against fraud
• Always cover your screen when typing in your pin at any point of sale.
• Never respond to emails appearing to be from your bank that request your personal details. Remember that no bank will ever ask you to confirm or update your account details via email.
• Never follow a link on a mail to access your bank’s webpage. Always access the webpage by physically typing the name of the web address that you were given when you signed up for Internet Banking in your browser and confirm that you are on a secure site by looking for the little ‘lock’ icon on your browser before logging on.
• Never provide your online ID, password or PIN to anyone and never write them down or share them- not even with a bank official.
• Do not save your Internet Banking password on your desktop.
• Do not make your passwords too personal- rather create passwords that have letters and numbers that cannot be attributed to you.
• Do not leave your computer unattended after you have entered your Internet Banking password.
• Always log off or sign off at the end of a session.
• Avoid doing Internet Banking in public areas such as Internet Cafes, or any computer that can be accessed by people you do not know.
• Change your PIN and passwords frequently.
• Place sensible transaction limits on your accounts.
• Ensure that you have the latest anti-virus software applications loaded on your computer, and make sure that you download all security patches for your operating system in a timely fashion.
For more safety tips go to Sabric's website or call Sabric on +27 11 847 3000.