This post takes a closer look at card fraud losses in South Africa during the last few years. According to a SABRIC report, the banking industry card fraud losses increased by 22% in nine months in the year 2012 -2013. South Africa is the third most targeted country for cyber crime after China and Russia. This is because the country is not protected enough and organisations often leave doors open to criminals.
Card fraud can happen in different ways. Listed below are the main methods of card fraud in South Africa.
- Card Not Present (CNP) can be identified as payment made when the card is not present, so over the phone or over the internet, by email or fax. CNP card fraud losses increased by 16% during the period of 2012 – 2013.
- Counterfeit card fraud performed with a card that has been cloned using information stolen from magnetic strip. Counterfeit card fraud losses increased by 27% during 2012 – 2013.
- Card stolen or lost is when the cardholder is no longer in possession of their card and criminal use it on their behalf. Lost or stolen credit card fraud increased by 102.4% during 2012 to 2013. This table details the biggest card fraud losses by fraud type over the past 8 years.
All figures are in R millions — Source: Card Fraud – SABRIC
According to the 2012 Norton Cybercrime Report, the financial impact of card fraud losses in South Africa amounted to R3.7 billion. In 2012, 2.39 million, or 64% of the population have experienced cyber crime. The majority of fraudulent card transactions for 2013 occurred in Gauteng (42.8%) followed by KwaZulu Natal (16.7%) and Eastern Cape (8.5%). Together, these cities account for 86.1% of all card fraud losses.
There is no doubt that cyber criminals are changing their hacking ways and consumers and organisations may be less aware of how to protect themselves. Card fraud losses, as well as the costs of card fraud among organisations in South Africa, are increasing dramatically.
Whether you are a merchant or a service provider, one way to reduce the likelihood of card fraud is to comply with the Payment Card Industry Data Security Standard (PCI DSS). Compliance with the Standard is mandatory for organisations that process, transmit or store cardholder data.
Why not have a look at “PCIDSS: A Practical Guide to Implementing and Maintaining Compliance, Third edition” which provides a flexible and tailorable route to achieving compliance with the PCIDSS that is ideal for organisations of all sizes and sectors.