October 2013 Issue

The 'Newsletter on Financial Fraud' from CustomerXPs is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space. 

This will help you stay abreast of all the latest happenings in the banking fraud space.

South African banks in massive data breach


South Africa’s banks have suffered tens of millions of rand in losses due to a major breach of customer card data by criminal syndicates that infected electronic point-of-sale (POS) terminals using a variant of malicious software called Dexter.

The South African Police Service (SAPS), Interpol and Europol are all involved in a multinational investigation to bring the syndicate or syndicates responsible for the data breach to book. South Africa’s banking risk intelligence centre, Sabric, is managing the forensic investigation and working with the SAPS, where a case docket has been opened. No South African suspects have been arrested so far.


Payments Association of South Africa CEO Walter Volker confirms that the breach, which affects most of South Africa’s card-issuing banks, is significant — running into tens of millions of rand — and is at least on a par with an incident last year involving payments company PayGate, in which thousands of cards were compromised. The Dexter incident, however, affects a “broader environment”, Volker says.

He explains that the infection came from overseas, possibly involving a syndicate based somewhere in Europe. “That’s still part of ongoing investigation.”

Volker explains that when a bank customer presented their card and it was swiped, malware hidden in an infected POS terminal would read the customer’s card number and send this to an international syndicate. Typically in these situations, the syndicate then sells the numbers to another syndicate, which then produces plastic cards that can be used in physical stores. Because the “card verification value” security numbers on the backs of the cards were not compromised, criminals were not able to use the cards to buy online goods and services.

Banks won’t necessarily replace compromised cards, Volker adds, saying that they’ll simply be closely monitored for fraudulent activity. Banks will be alerted automatically if transactions take place outside the country and customers queried immediately as to whether they’ve made the purchase or not.

Source: Tech Central

5 ways to deter credit card fraud


Credit card fraud, particularly "card-not-present" fraud where the crook uses stolen data to buy things over the phone or via the web, is soaring.

Overall credit card fraud incidents jumped 17 percent between January 2011 and September 2012.

Consumers are generally held liable for no more than $50 in fraudulent transactions, and most banks won't hold you liable for a fraudulent charge if it's reported promptly. But if a fraudulent transaction gets past your bank, you've got to spot it to get it reversed. Consumers would be wise to employ a few simple measures to protect themselves to prevent getting ripped off.

Check your statements. It takes just a few minutes to look over your credit card charges each month. If there's a charge you don't recognize, call your credit card company and ask what it is. It may be a corporate name for a company you regularly do business with. If so, you're likely to remember that and not waste your time calling again. But if the representative identifies the company and you still don't recognize the charge, the same person can tell you how to dispute the charge and potentially have it reversed.

Password-protect your phone. Consumers do a lot of things to save time, including saving passwords and authorizing automatic sign-ins at third-party sites like Facebook, email, and often bank and brokerage accounts. If you're among the growing number of people who bank by phone, this time-saving device can make you vulnerable to having your bank account cleaned out by an enterprising crook. Since phones are commonly forgotten in cabs, left unwatched on counters and desks while charging, and, of course, frequently stolen, make sure your phone (and iPad and office computer) is password- or fingerprint-protected so your accounts can't be easily purloined by a crook.

Vary passwords. Think you are safe from bank fraud because you don't bank by phone? If you use the same passwords for your email, Facebook, Twitter and other accounts as you do for your bank accounts -- or if you provide hints to your passwords by posting too much information on social media sites -- you make yourself almost as vulnerable as the person who leaves an unprotected phone lying around. Make sure that your financial accounts don't use the same passwords as your social media accounts. And watch what you share publicly.

Install security software. If you don't have security software on your computer, a visit to a malicious site could allow criminals to watch every move you make, including logging your every keystroke when you enter passwords for your bank and credit card accounts. If you use your phone to go to financial sites, the phone needs security software, too.

Beware "spear phishing." The latest criminal trend is to take personal information that you share on Facebook, Instagram or Twitter and use it to "spear-phish." This refers to crooks who send a personalized contact via email or social media that urges you to sign-in or click on a link to a malicious site. Naturally, if you bite you've just given the crook keys to your financial life. Because spear-phishers use your name and other personal data to make the contact appear more credible, it's easy to be fooled.

The simple advice is to never click on a link that you don't recognize, and certainly never "sign in" to any account from a link sent to you via email or social media. If you think the contact might be legitimate, go to the relevant site and sign in.

Meanwhile, if the link is attempting to take you to a malicious site, your security software should warn you before you get there. Don't be fooled into overriding that warning. If you think a friend sent a link to a funny site, message that friend independently and ask.

Source: Money Watch

Bad news for online fraud victims


As many as 41% of users who have lost their money as the result of financial cyber-fraud have failed to get a single cent returned to them.

This is according to the Kaspersky Consumer Security Risks Survey, a global study conducted by B2B International and Kaspersky Lab.

The survey shows that only 45% of users who suffered through online fraud were fully compensated.

A further 14% recovered part of the stolen sum, but the remaining 41% of victims were left with nothing.

According to the reports of 33% of victims, the money was most often irretrievable if it had been stolen during an e-payment operation. In 17% of cases, the money disappeared during e-banking sessions, 13% of the victims were the customers of online stores.

Banks and online stores return money to their customers more often than, for example, e-pay systems.

In general, only 12% of online customers received full compensation for losses incurred from malicious attacks, but for banking customers the figure climbs to 15%.

One in ten respondents were lucky enough to get all their money back. There is also a noticeably high level of ‘bad debt’ – 6% of online stores customers, 4% of online banking clients and 4% of e-pay systems users reported irretrievable loss of money.

Nearly half (45%) of respondents believe the bank is responsible for paying back any money lost during online operations and 42% of those surveyed think the bank should provide free security tools to safeguard money transfers.

Source: My Broadband

Bank card fraud 'highest since 2009’


Card fraud hit its highest half-yearly level since 2009 as fraudsters tricked consumers into handing over details.

Some £216m on credit and debit cards was lost to fraudsters in the first six months of the year, a 17% increase on the same period in 2012.

Financial Fraud Action, which represents the financial services industry, said this was still well below the peak of £304m in 2008.

Some con-artists have posed as police officers to gather vital information.

Others have posed as bank fraud investigators to deceive people into handing over their cards or four-digit Pin.

Shoulder surfing

The figures show a 23% rise in the level of fraud on telephone, online and mail order shopping, as the trend of buying over the internet continues.

Meanwhile, ID theft has risen by 24% and counterfeiting was up 15% when people's cards were cloned or skimmed.

In June, Financial Fraud Action warned about "shoulder surfing", when thieves look over a person's shoulder while they key in their number at cash machines and then distract them as the card comes out of the ATM, enabling the thief to snatch it.

Source: Financial Fraud Action UK

Related Blogs and Posts

Subscribe to Our Monthly Newsletter

Get insights & updates from the world of financial crime management in your inbox. Be on our newsletter mail list.

Subscribe Newsletter


©2017. CustomerXPs® Software