While the digital era ushered in conveniences to simplify our lives, it also opened the doors for criminals to exploit the vulnerabilities of near-field communication (NFC) technology.
Recently, the Ombudsman for Banking Services in South Africa warned of new NFC scams doing the rounds, used by fraudsters to steal bank information.
Here’s what you need to know.
NFC technology utilises a data exchange between devices; it’s the tech that enables you to pay for your purchases via Samsung Pay, Apple Pay, with virtual cards on your phones, etc.
Unlike the traditional card-not-present (CNP) fraud transactions that require one-time pins (OTPs), NFC payments bypass this added security layer.
Reana Steyn, the Ombudsman for Banking Services, says once criminals obtain your card information, it can be used to link their smart devices to Samsung Pay, Apple Pay, and the like.
And once their phone is linked to your card, they can use it for point-of-sale (POS) transactions in stores, with you being none the wiser.
In order to set up the link, they need an OTP or a Smart inContact notification sent either to your registered number or a banking app.
They set this up via phishing, using deceptive emails or fake websites to impersonate legitimate businesses and vendors.
You may think that link you clicked on took you to a company’s official website, while in reality, you are inadvertently authorising the fraudster to set up the link between their device and your data.
The figures are staggering. The ombudsman investigated approximately 124 NFC fraud-related complaints, with financial losses in the millions.
One South African bank reported more than 6 000 related complaints between January 2022 and June 2023, with victims’ losses amounting to over R6.5 million.
Steyn said most fraudulent purchases were made in foreign jurisdictions, and she said this is a clear indication of an international crime syndicate targeting South African consumers.
Prevention remains the best defence against OTP fraud.
Steyn highlights the importance of caution when accessing unsolicited links, understanding how OTPs messages are sent, and never being pressurised into sharing your OTPs.
She also reminded bank customers to be vigilant and not too trusting with card information, especially OTPs.
Other essential tips include:
Download our app and read this and other great stories on the move. Available for Android and iOS.