In April, Kenyans woke up to the news that as they were busy celebrating the long Easter weekend, some fraudsters were burning the midnight oil as they emptied Sh11 million from four of Barclays Bank ATMs.
According to preliminary reports, the fraudsters used a high-tech technique known in cybercrime lingo as ATM jackpotting.
Jackpotting is said to have been used to steal more than Sh100 million in the US over the last year.
As fraudsters devise new means of accessing people’s hard earned cash, it is important that the public is informed of emerging financial gambits in order to be alert and avoid losing money to con men.
It has been five years since Kenyan banks adopted the Chip and PIN technology as the industry-wide standard for payment cards.
This saw a massive reduction in card fraud through card skimming. Before the introduction of the technology, most payment cards stored customer information on the Magstripe or the magnetic black stripe at the back of the card.
However, fraudsters had contrived skimming devices, which could easily read customer information stored in the Magstripe leading to untold losses by customers at ATMs and point-of-sale. To counter this, the Kenya Bankers Association adopted the Chip and PIN technology in 2014, making Kenya the third African country to do so after South Africa and Nigeria.
However, fraudsters are always a step ahead of the game. Once access to customer information via the Magstripe was blocked, they went back to the drawing board and are back with new ways to circumvent the PIN and Chip safeguard.
The new platform for card fraud has moved to online transactions. Unlike ATM and point-of-sale transactions, online transactions do not require the entry of the customer’s PIN number to complete a transaction and this is the weak link that fraudsters have capitalised on.
Online transactions come in different forms. They can be purchases on online stores such as Amazon, iTunes, Jumia or e-Bay.
For an online transaction to be successful, all a user needs are the full card number, the card’s expiry date and the Card Verification Value (CVV) number, a three-digit number displayed at the back of the card. Unfortunately, all these details are openly displayed in all cards and once a fraudster has these details they are good to go.
This means that if you lost your card and someone gets it or if someone has access to the details necessary for an online transaction, they can do online purchases and transactions without necessarily knowing your card’s PIN number or having the card with them. It is for this reason that banks insist that once you lose your card get in touch with your bank to have the card blocked.
So how do fraudsters get the details on your card? The first and most obvious way is through lost and stolen cards. However, fraudsters have gone a step further to get their hands on customers’ card details and this is where vigilance is required of cardholders.
Most cardholders give this information willingly to fraudsters without even knowing it. Have you ever tried to pay for any service with your card and the attendant decides to go out of your view with your card for an alleged approval or confirmation with their senior? It could be a supermarket, a petrol station or a book store. When paying for anything with your card, never allow the attendant to go with your card out of your sight.
They might give an excuse that the customer service manager needs to approve one thing or the other but that is never the case. Once out of your sight, all one needs to do is record your card details and use it for transactions online.
Another ingenious method fraudsters have devised to get hold of your card details is by conniving with attendants at state or private corporations where people need to leave copies of their documents to get some service such as applying for a job, a driving licence or a business permit. Once they have a copy of your ATM card, the requisite details to carry out an online transaction would be at the fraudsters’ disposal to carry out online transactions as they please.
To beat this, most banks are in the process of acquiring the 3D secure authentication system, which aims to beat online fraudsters. Through the 3D Secure authentication, online transactions can only be completed by keying in a code sent to the customer’s phone via SMS once the online transaction is initiated.
Otiato Opali, a communication specialist.