As more Zimbabwean businesses and customers launch their money into cyberspace through electronic payment systems as the new way of transacting, opportunities for 21st century tech-savvy fraudsters are on an upward trend.Besides providing an easy platform for transacting it has been a huge nightmare.
The nightmare has come in the form of card skimming or card cloning.
Criminals use a card skimming device powered by a lithium coin battery to fraudulently copy a customer’s bank details stored on the magnetic strip on a debit or credit card.
For a country riddled with massive cash shortages where people cannot access their money in hard cash from the banks,the use of bank cards has over the years reached its highest proportion.However,this has brought its own headaches as whenever one presents their card for payment they run the risk of being skimmed.
The majority of skimming incidents in Zimbabwe are recorded at retail merchants when bank cards are presented for payments and to a lesser extent, around ATMs since their use is slowly dying because of persistent cash shortages.
In 2018,the Zimbabwe Information and Communication Technologies (ZICT) released a Cyber Security Booklet in which they highlighted card cloning as a growing menace.
“Consumers in Zimbabwe are now paying with bank cards due to cash shortages. For thieves, that plastic represents a lucrative spending opportunity. So far in 2018, the number of bank cards compromised at merchant card reader (through card cloning) is over 154 cases with most of the cases not being recorded. Bank card cloning is typically done via skimming devices that capture card data,”
“Credit card skimming is a form of card theft, where criminals use a small device (or ‘skimmer’) to steal your card information from legitimate places of business. These skimming devices can be attached to ATMs or designed to look like a proper card reader.” said ZICT, in its Cyber Security Booklet.
Cases involving card cloning have surged with many reports being made and some have made headlines.
Early this year,four men from Bulawayo were arrested after they allegedly defrauded PPC Zimbabwe of $26 000 by cloning the company’s bank card.
In another incident a Bulawayo widow lost more than $40 000 after a Harare man allegedly cloned her late husband’s bank card and went on to conduct illegal point of sale (POS) transactions at various retail outlets.
The most recent case is that of a Chitungwiza man and his accomplices who are alleged to have cloned cards belonging to three CABS account holders. They proceeded to transfer $69 000 and used $60 000and went on a spending spree buying expensive wines, beer and agriculture inputs.
At retail outlets and restaurants customers often punch their pin without being discreet and this presents a very good opportunities to prying criminals.In some cases criminals often collude with staff working at retail outlets such as waiters or cashiers who are provided with hand held skimming devices and are rewarded them for skimming customers’ cards
Criminals use sophisticated ways of obtaining customer and card information stolen with skimming devices which is often used to manufacture counterfeit (duplicate) cards which will then be used to make fraudulent transactions on a victim’s account.
The cloning devices used are typically used in conjunction with a small camera to capture a user’s pin, which gives criminals the ability to clone a card and withdraw cash at will. Another way is using thermal technology, armed with a smartphone and a thermal imaging attachment, criminals can easily steal your pin because you leave behind a thermal signature when you press buttons.
Customers should never use ATMs that appear damaged or tampered with because this creates opportunity for card fraudsters to pounce. When a customer has problems with an ATM that is damaged or tampered with, the perpetrator will approach the customer and use social engineering tactics to take the customer’s . Usually the customer is often escorted to another ATM in order to assist the customer to make a withdrawal.
The card is then discreetly skimmed on the way to the second ATM with a hand held skimming device,the unsuspecting victim is handed back their card without noticing that it has been skimmed. The criminals use interaction between them and the customer to gain their trust and the perpetrator often stands next to the customer while the transaction is conducted. The perpetrator will memorise the customer’s pin when buttons are pressed in.The unsuspecting customer will only realize they have fallen victim to a scam when money is withdrawn from their account.
Financial institutions in Zimbabwe are adapting to global developments in technology and at the same time criminals are adjusting their tactics to take advantage of innovations in the banking landscape. E-banking fraud is an issue being experienced globally and is continuing to prove costly to both banks and customers.
HOW YOU CAN PROTECT YOURSELF AGAINST CARD FRAUD
- do not disclose personal information such as passwords and pins when asked to do so by anyone via telephone, fax, or even email.
- do not write down pins and passwords, and avoid obvious choices like birth dates and first names.
- do not use any personal identifiable information as a password, user id, or personal identification number (pin).
- do not use internet cafes or unsecured terminals (hotels, conference centres etc.) to do your banking.
- review your account statements on a timely basis and query disputed transactions with your bank immediately.
- when shopping online, only place orders with your card on secure websites.
- do not send e-mails that quote your card number and expiry date.
- ensure that you get your own card back after every purchase.
- report lost and stolen cards immediately.
- if you have a debit, cheque and credit card, don’t choose the same pin for all of them. if you lose one, the others will still be safe.
- while transacting always keep an eye on the ATM card slot to ensure that your card is not taken out, skimmed, and replaced without your knowledge.
- should your card be retained by an ATM, contact your bank and block your card before you leave the ATM
- subscribe to your bank’s sms notification services to inform you of any transactional activity on your account.