Criminals are continually finding new and more advanced ways to target motorists in South Africa, even when a person stops at a petrol station ATM or a toll booth.
One popular method is to steal money from victims by cloning their bank cards at busy locations, which gives scammers access to the individual’s bank account.
Luckily, it is fairly easy to avoid these criminals by doing one simple trick – use your card’s tap-to-pay function rather than insert it into a machine.
Card cloning at petrol stations and toll gates
Today, nearly all bank cards are issued with a Europay, Mastercard, and Visa (EMV) chip, which make them much more difficult to tamper with or clone compared to older, chip-less cards, according to MyBroadband.
However, many cards still have a magnetic strip, rendering them vulnerable to cloning or skimming.
The terms cloning and skimming refer to when criminals steal a person’s debit or credit card information to create counterfeit cards that can be used to spend money from your account.
This is most commonly done when a card is inserted into a machine such as an ATM or a point-of-sale reader, which has been illegibly modified with some form of skimming device.
A few examples of these devices include:
- Overlay skimmers — Placed on top of the actual card reader on ATMs or payment terminals
- Internal skimmers — Installed inside the card reader to make it more difficult to detect
- Wireless skimmers — Mobile skimmers fitted with wireless communication capability to relay information to criminals nearby, typically using Bluetooth
Scammers can also use keypad overlays, fake card readers, and hidden cameras to record when a person enters their PIN, which is necessary for when they attempt in-person transactions.
Two of the most common places that fraudsters will attempt to clone a person’s card include ATMs at service stations and card readers at toll gates.
Other targeted locations include supermarkets, liquor stores, and restaurants, according to data from the South African Banking Risk Information Centre (SABRIC).
How to avoid it
The easiest and safest way to avoid having your bank cards cloned is to use a form of payment that doesn’t involve inserting it into a machine.
Most cards now support tap-to-pay, and oftentimes these payments do not even require the card to make contact with the device as they use radio frequency identification (RFID) and near-field communication (NFC) technologies.
This means that the cards with EMV chips can generally be detected within 4cm of a payment device.
Another good practice is to link your bank card to an NFC-enabled device such as a compatible smartphone or smartwatch with apps like Apple Pay, Garmin Pay, Google Wallet, or Samsung Wallet, which add an extra layer of security.
These digital wallets still require an authentication method such as a PIN, a fingerprint scan, or facial recognition before they will allow any funds to be transferred, which prevents criminals from stealing funds with a contactless device or accessing your account in the event your phone or watch is stolen.
As a general rule, you should also set a limit on your bank app which caps the amount of money that can be tapped before it asks for a PIN.
SABRIC notes that many South Africans are skeptical of the tap functionality for good reason, as criminals are demonstrating that they are becoming increasingly tech-savvy.
However, it is actually quite rare for fraudsters to be successful with these tap-to-pay scams, as registering an NFC payment device involves a rigorous vetting process by the issuing bank, including the mandatory submission of Know Your Customer documentation.
Banks also monitor merchant transactions and conduct site visits, and any funds obtained through contactless payments will go to the merchant’s account, which the bank can see.
It’s also not a high-paying method, as it only works for low-value transactions limited to a predetermined number of times on any given day before a PIN is required.
Holding a reader near a person’s wallet will only reveal the card’s number and expiry date, but not the CVV or PIN which are needed to make online purchases.
Join the discussion