Following the discovery of what is already being described as the country’s biggest breach of credit card data, the Payments Association of South Africa (PASA) has reacted swiftly to reassure cardholders that they “have no need for concern”.
PASA says that international card schemes Visa and Mastercard, and South Africa’s major banks are aware of the data compromise allegedly perpetrated by international syndicates using a variant of Dexter malware loaded into the POS systems of a number of the country’s restaurant chains and fast-food franchises. SAPS and Interpol are also believed to be involved in investigations.

It adds that immediate and proactive steps have been taken to secure the relevant systems and to prevent further leakage of card details, as well as identify the extent of the potential exposure. This includes cleaning-up confirmed sites with effective custom anti-malware software and carefully monitoring transactions on the cards involved – to detect possible unusual activity.

“PASA is working with the banks and the card schemes to implement immediate measures to block the potential exposure of personal card data and bring the merchants to a state of full compliance in relation to the Payment Card Industry Data Security Standards (PCI DSS),” says Walter Volker, CEO of PASA.

“There is no need for concern by cardholders. Rather, it is important to be aware of the fact that the issuing and acquiring banks in the South African payments environment all have very well developed and sophisticated fraud and risk management systems in place,” says Volker.

“Additionally, the monitoring of any heightened levels of potential fraud, which might result from this card data exposure, would not require additional systems.”

PASA and the South African banks have been working actively with the merchant industry to ensure that all companies that process card transactions implement and comply with the PCI Data Security Standards (PCI DSS).

“However, it is the responsibility of the cardholders’ banks to decide whether they will be contacting their customers with a view to replacing any cards that might have been exposed, or placing these cards on a heightened level of monitoring before any action is taken,” adds Volker.

“There was no need for undue concern by cardholders, however, and we urge card users to report any suspicious transactions to their banks for urgent investigation.

“What is important to understand is that should fraudulent transactions be perpetrated on any cards, as a result of the data compromise, cardholders will not be exposed to any losses – as is the case under normal circumstances,” says Volker.

Cardholders who have any concerns or are suspicious of any transactions appearing on their card statements, or of which they are alerted to via their SMS/ email ‘in contact’ services, should contact their bank directly and immediately, Volker adds.