Massive malware breach sees SA banks lose tens of millions of Rands

South Africa’s banks have reportedly lost tens of millions of Rands after a piece of Malware known as Dexter infected point of sale (POS) card readers across the country.

The malware infection which, according to TechCentral, hit the country’s fast food industry especially hard, is serious enough that the South African Police Service (SAPS), Interpol and Europol are all investigating it.

Speaking to TechCentral’s Duncan McLeod, Payments Association of South Africa (Pasa) head Walter Volker said that the banks first noticed “unusual levels of suspected fraud” a few months back and that “this highlighted reasons for concern, although the numbers were still low.”

According to Volker, the malicious software affecting the POS machines “was not the standard Dexter malware….This one was a variant that was changed to [avoid detection] by the antivirus software.” He added that it was potentially the work of European syndicate, although he could not say for sure.

The breach has apparently been secured for now, with Volker urging people not to panic. “I don’t think there’s any reason for concern, but obviously if you detect something on your statement that you don’t recognise, you should contact your bank immediately,” he said. “And any person who doesn’t have a chip card should ask their bank to replace their mag-stripe card with a chip card.”

Pasa has subsequently sent a statement explaining the issure in detail, reports TechCentral:

Pasa, international card schemes Visa and MasterCard, and South Africa’s major banks are aware of a data compromise at a number of South Africa’s restaurant chains and franchises.
As a result of the compromise, card details were accessed by an unauthorised international organisation through custom-written virus software. Immediate steps have been taken to secure the relevant systems and to prevent further leakage of card details.

The industry has taken immediate and proactive steps to identify the extent of the potential exposure, clean up confirmed sites with effective custom antimalware software and carefully monitor transactions on the cards involved in order to detect possible unusual activity.

Pasa is working with the banks and the card schemes to implement immediate measures to block the potential exposure of card data and bring merchants to a state of full compliance to the Payment Card Industry Data Security Standards, or PCI DSS. There is certainly no need for concern by cardholders. It is important to be aware of the fact that the issuing and acquiring banks in the South African payments environment all have very well-developed and sophisticated fraud and risk management systems in place and that monitoring of any heightened levels of potential fraud which might result from this would be a normal activity with no need for additional systems.

Pasa and the acquiring banks have actively been working with the industry to ensure that all companies that process card transactions implement and comply with PCI DSS.
It is left to individual banks and card issuers, however, to decide whether they would be contacting their customers with a view to replacing any cards that might have been exposed, or rather to place these cards on a heightened level of monitoring before any action is taken.

There is no need for undue concern by cardholders. However, all card users should report any suspicious transactions to their banks for urgent investigation.

Should fraudulent transactions be perpetrated on any of these cards as a result of the data compromise, cardholders would not be exposed to any losses – as is the case under normal circumstances. Cardholders who have any general concerns or are suspicious of any transactions appearing on their card statements or of which they are alerted though their SMS or e-mail “in-contact” service should contact their bank directly and immediately.