South African banks in massive card data breach

A strain of malware has cost South African banks tens of millions of rand in what is already being called one of the worst breaches of customer card data in the country's history.

A strain of malware has cost South African banks tens of millions of rand in what is already being called one of the worst breaches of customer card data in the country’s history.

The malware, known as Dexter, was inserted into fast food restaurants’ payment terminals. It is rumoured that fried chicken outlet KFC was hit especially hard. The banks first noticed unusual levels of fraud at fast food restaurants earlier this year.

Payments Association of South Africa CEO Walter Volker said: "It took quite a while to get to the bottom of this incident, because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up.

"This one was a variant that was changed to avoid detection by the antivirus software."

As an initial response, a forensics company began to analyse the incidents and a committee was set up that included all the affected banks and card companies Visa and MasterCard.

Anti-malware software has now been installed in all the outlets where infection by Dexter was suspected and Volker said customers should not panic, as the banks would absorb any losses.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

He said: "All the fast-food retailers have been cleaned out as far as possible. We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket."

Volker said that the infection came from abroad, where cards were reproduced from the stolen data. But he said there was no evidence that cards were reproduced domestically. This means that while banks will keep a close eye on compromised card accounts, they may not necessarily replace cards.

"At this stage, the thing is really well under control," he added.

Related articles:

ATM fraud up by a third – European ATM Security Team

Voice biometrics key to fighting fraud – Opus and Validsoft

Red announces deployment of ATM fraud software