Industry-level Card Data Exposure
The Payments Association of South Africa (PASA), international card schemes (Visa and MasterCard) and South Africa’s major banks are aware of a data compromise at a number of South Africa’s restaurant chains/franchises. As a result of the compromise, card details were accessed by an unauthorised international organisation through custom-written virus software. Immediate steps have been taken to secure the relevant systems and to prevent further leakage of card details.
The industry has taken immediate and pro-active steps to identify the extent of the potential exposure, clean up confirmed sites with effective custom anti-malware software and carefully monitor transactions on the cards involved in order to detect possible unusual activity.
"PASA is working with the banks and the card schemes to implement immediate measures to block the potential exposure of card data and bring merchants to a state of full compliance to the Payment Card Industry Data Security Standards (PCI DSS). There is certainly no need for concern by cardholders. It is important to be aware of the fact that the issuing and acquiring banks in the South African payments environment all have very well developed and sophisticated fraud and risk management systems in place and that monitoring of any heightened levels of potential fraud which might result from this would be a normal activity with no need for additional systems,” Walter Volker, the CEO of PASA said.
PASA and the acquiring banks have actively been working with the industry to ensure that all companies that process card transactions implement and comply with PCI DSS.
It is left to individual banks and card issuers, however, to decide whether they would be contacting their customers with a view to replacing any cards that might have been exposed, or rather to place these cards on a heightened level of monitoring before any action is taken.
Volker said there was no need for undue concern by cardholders. However, he appealed to all card users to report any suspicious transactions to their banks for urgent investigation.
Should fraudulent transactions be perpetrated on any of these cards as a result of the data compromise, cardholders would not be exposed to any losses – as is the case under normal circumstances.
Cardholders who have any general concerns or are suspicious of any transactions appearing on their card statements or of which they are alerted though their SMS/ email "in contact” service should contact their bank directly and immediately.
Notification of card data compromise
Nedbank is aware of a data compromise at some of South Africa’s restaurant chains/franchises. The Payments Association of South Africa (PASA) in conjunction with member banks, has taken immediate steps to secure the relevant systems to prevent further leakage of card details.
Nedbank can confirm that the number of incidents reported is limited and that where fraud losses have been reported, Nedbank Card clients have been refunded and reissued with new cards.
Nedbank will continue to closely monitor all transactions acquired by third party processors and Nedbank clients need not be concerned.
We urge cardholders to contact Nedbank immediately should they be alerted to any suspicious transactions by phoning the Fraud Desk on 011 710 4710 or the Nedbank Contact centre on 0860 555 111.
