- The SA Banking Risk Information Centre released its 2020 crime statistics on behalf of the country's banking industry.
- Gross losses due to fraud on debit cards issued in SA increased to more than half a billion rand.
- This was mainly due to shifts in consumer behaviour, which created more opportunities for scammers.
Gross losses due to fraud committed on South African-issued debit cards amounted to R520.5 million in 2020 - an increase of 26.5% compared to 2019.
This is according to 2020 crime statistics released by the SA Banking Risk Information Centre (Sabric) on Wednesday.
The impact of Covid-19-related work and lifestyle changes created new opportunities for scammers in the debit card space. Digital crime incidents increased by 33% in 2020 compared to 2019.
Financial uncertainty prompted people to rather use debit cards as opposed to buying on credit, as they were more comfortable spending money they already had. Buying behaviour also shifted as consumers opted more for online platforms due to the Covid-19 lockdown restrictions. Debit cards were, therefore, enabled to allow for e-commerce transactions.
This is further reflected in credit card fraud having decreased by 27% in 2020 compared to 2019, according to the report.
"The large-scale move to remote working [led] to unprecedented technical vulnerabilities related to network security and the uptake of online collaboration platforms. Social vulnerabilities resulting from fear and confusion caused by the pandemic and adjusting to lockdowns were also exploited by criminals. The Covid-19 lockdown itself resulted in an increased uptake and use of the digital banking channels by the public as they were limited in their ability to visit a physical branch," states the report.
For example, debit card fraud amounting to R1.6 million was accomplished by using account takeovers; R4.8 million using false applications; R278 million using a "card not present" method; R193 million due to lost or stolen debit cards; R39.5 million due to counterfeit debit cards; and R484 983 due to non-receipt of issued debit cards.
Almost half of the card fraud took place outside of South Africa. Top countries where debit card fraud took place were Canada, the US, UK, Germany, Luxembourg, India, Indonesia and Australia.
Social engineering remains the primary method used by criminals when targeting victims. This involves the use of deception to manipulate an individual to provide confidential or personal information. Phishing is the use of a fraudulent email, which looks legitimate, to try and obtain personal information including passwords and card numbers. Vishing is the use of fraudulent phone calls or SMS phone messages for the same purpose - including to try and obtain one time passwords.
One of the ways criminals used was spoof emails offering Personal Protective Equipment (PPE) like masks, sanitiser, or vaccines. Links in these emails led people to phishing websites which prompted them for banking credentials, which were then harvested by criminals to transact without authority.