First National Bank (FNB), the oldest bank in South Africa, has issued a warning regarding the sophisticated phishing techniques that cybercriminals are increasingly employing to deceive users of digital wallets. The bank clarified that these nefarious activities are not taking advantage of any inherent security flaws; instead, the criminals are using deceptive methods, known as “phishing” and “smishing,” to manipulate individuals into divulging their confidential information. This information includes sensitive card details such as the card number, expiration date, and the card verification value (CVV), which the criminals then use to add the victims’ physical card details to their own digital wallets.
The bank shed light on the observation that criminals have recognized the similarities between the process of adding a debit or credit card to a digital wallet (like Apple Pay, Google Pay, Samsung Pay, and SwatchPay) and making an online payment with these cards. Both procedures necessitate entering card details on an online platform and confirming the action by submitting a one-time password (OTP).
Christopher Boxall, who leads the bank’s card transactions and fraud detection efforts, emphasized that fraudsters are exploiting these procedural parallels to mislead users. He pointed out that there has been a rise in incidents where individuals are duped into providing an OTP under the guise of fraudulent activities. Although the language used in OTPs for online purchases differs from that used for adding cards to digital wallets, users often fail to notice this difference.
As a result, the fraudulently obtained OTP is used to authorize the addition of the victim’s debit or credit card to a digital wallet controlled by the criminal. The victims are then tricked into using their biometric data to authenticate transactions on the compromised device, unaware that they are facilitating fraudulent activities.
Boxall stressed the importance of stringent security measures for personal and private information as a critical defense against malicious cyber attacks. He pointed out that all payment technologies necessitate the use of private information that should be known exclusively to the individual conducting the transaction. This underscores the need for users to stay alert and proactive in protecting their sensitive data and securing their digital identities. Vigilance in safeguarding this information is essential to thwarting the efforts of cybercriminals and preventing them from exploiting digital payment systems.
The South African bank has made it clear that virtual cards are not susceptible to the same security issues, despite utilizing technologies akin to those used in digital wallets. The bank explained that virtual cards are designed with heightened security and privacy in mind, particularly for conducting online transactions or managing subscriptions. In contrast, digital wallets offer customers the convenience of registering both physical and virtual cards, allowing them to make payments using their electronic devices. The distinction lies in the purpose and security features of virtual cards, which are intended to provide an additional layer of protection for online financial activities.
