There has been an alarming rise in fraudsters targeting unsuspecting motorists when they’re paying for fuel at service stations in South Africa.
Head of cybersecurity at Armata, Richard Frost, said that criminals are increasingly using smartphones and other devices with Near Field Communication (NFC) capabilities to steal money from individuals who use the “tap-to-pay” (TTP) feature to pay for their fuel.
As the motorist taps their bank card on the service station’s machine the thief walks by in close proximity and taps their phone simultaneously, and the money comes off twice.
“It’s an incredibly easy scam to perpetrate, all you need is a credit card machine in your pocket and you can take any amount you want from someone’s card,” said Frost.
“By the time the consumer gets the two notifications from their bank that the money has come off twice, the person has disappeared, along with the funds.”
Alarmingly, he notes that many users do not have limits on their bank cards that block them from spending above a certain amount, allowing the fraudsters to steal thousands of rands at a moment’s notice.
Changing habits to stay safe
To protect oneself from the payment scam it is important to use the TTP feature sparingly and to set up spending limits should you be targeted by these thieves.
The best way to stay safe is to completely disable the TTP functionality on your bank card and revert back to punching in your PIN every time you have to pay for something.
If you can no longer live without TTP, the best option is to use your mobile phone with a virtual card, or one of the digital wallet payment services like Google Pay or Apple Wallet.
“Your mobile phone has more security and when you tap it, the phone will only allow the amount to come off once. After that, any additional taps will fail which will prevent this type of fraud from happening,” said Frost.
“There’s also a time limit on your phone which means that the window of opportunity for someone to come up and tap your phone is significantly smaller.”
For an added layer of protection, you can also invest in a protected wallet that does not allow any NFC signals to travel through it.
In the worst-case scenario, Frost recommends using a private folder on your phone to hide your banking apps.
“There have been cases where people have been held at gunpoint and forced to do an EFT, so don’t have your account visible,” he said.
“Consumers should consider using their chip and pin function in their cards for expensive purchases, their mobile devices for quick tap and go purchases, and to remain aware of their surroundings at all times. It’s advisable to avoid making payments in a crowded space and to opt into payment solutions that require some form of authentication.”
Join the discussion