‘Swipe’ Users Lose $200 000 This Year Already Due To Debit Card Cloning

Alvine Chaparadza Avatar
Zimswitch, FBC, swiping, plastic money, bank cards

A report published last week by the Zimbabwe Republic Police of the rising cases of debit card cloning symbolizes one of the major risks of using the “plastic money”. Chief Superintended Paul Nyathi stated that from the beginning of the year to 15 March 2018, debit card holders had already lost $200 000 to the perpetrators of bank card cloning. Card cloning crimes first came to public attention with isolated cases but now the problem is spreading rapidly.

Zimbabwe has been battling cash problems so the surge of this type of crime can be attributed to the continued rise of cashless transactions which is inducing people to migrate from cash transactions. According to the report, the source of bank card cloning crimes is the Point of Sale Machines (POS) meaning that the criminals to some extent could be merchants. Doing transactions on POS machines is virtually the norm these days so it is imperative for the public to be informed about card cloning.

Educating the public

The Reserve Bank of Zimbabwe (RBZ) is the foremost proponent of a cashless economy and what’s surprising is that it has not done anything to educate the public about avoiding this scam. Now if people get skeptical of using debit cards, what will become of their drive to have a cashless economy in 5 years?

An article published some time ago here on Techzim prescribes how customers can avoid having their bank card cloned.

15 comments

  1. Nigel Rodgers

    Why aren’t banks using chip and pin or 2fa, or both?

    1. Tapiwa K

      You’re right. 2FA would be the ideal solution to this problem. If i’m not mistaken, chip technolgy is hackable but not as easy as swipe.

      1. cold

        Having sensible card limits, like most banks do, will protect most people.

    2. Tinashe

      2FA comes with a convenient cost. Our networks are not yet up to speed when it comes to timely SMS delivery. Imagine failing to use your card just because an SMS is not delivered to your phone on time.

      1. Leslie

        Please define “cost” with using 2fa

        1. cold

          2fa (Something you have, and something you know) is what people are already using (they ‘have’ a card, they ‘know’ their secret PIN). The issue here is the strength of the 2fa in question. If 2fa is strengthened (eg a chip card replaces the swipe, or an OTP is sent to your phone instead of a PIN) then your costs go up. Cost of a swipe card? Around 40c vs $5 for a chip card (and that is all externalised funds btw). Now a sensible middle ground (OTPs on any tran over $150…) would certainly solve that.

  2. BaNyasha

    I feel as if this article was left hanging. Maybe its just me.

    1. Imi Vanhu Musadaro

      Very true, they are reporting on an article from another news site, which also didn’t bother to provide details. There is no clear indication on how/when/where these fraudulent acts were committed, thus one doesn’t know that to look out for. Most of the comments are just sheer speculation about possible solutions without understanding the actual problem.

      The article also claims the source article pin-points PoS machine to be source, but from my understanding of English, this is not true. PoS machines contributed, but the degree to which they contributed is not stated. Cloning doesn’t mean PoS only, cloning attacks also include copying the cards numbers and using them later, for example on an e-commerce site.

      It also isn’t stated whether all the attacks are happening in Zimbabwe, as even when you are defrauded whilst travelling outside Zimbabwe, those reports are still made to the ZRP. A number of cases are pertaining to travellers, as they don’t get transaction alerts since they won’t be roaming. They only discover the fraudulent account activity once they have returned.

      Please research more guys, don’t just parrot an article from elsewhere, add your 2 cents to it and publish.

  3. Tinashe

    Those M-POS devices are a big culprit. Like how can I tell the difference between a genuine Kwenga and how do I know if it’s not being used to harvest card data. With a regulator like RBZ that is always reactionary, we’re just but sitting ducks in this market.

    1. cold

      Tinashe, how can you tell the difference between a genuine CABS POS machine, and one with just a sticker on it? “Oh sorry, that one failed – lets try Barclays instead..”

      POS is dead. Long live mPOS.

  4. Situpeti

    Well we will just move to mobile money. What’s the worst that could happen?

  5. worried

    never let your card out of site
    change your pin regularly
    and if money is gone then go see your bank even if they deny it you are protected up to a certain amount if you can prove it was not you

  6. KR

    Simple fix.

    Never let anyone handle your card.
    You have to enter your pin code anyway, learn to swipe yourself. The teller doesn’t have to do that for you, nor can they force you. If they do, walk away – deal with a better company.

    Treat your card like you would your ID. No-One but yourself should hold your card.

  7. Ruzive

    To add also, I think banks should introduce the use of credit cards which are more controllable by the bank itself as it puts some withdrawal limits on it. The dangers of debit card is that once cloned the account will be emptied as transactions are done directly into the client account.

  8. Sagitarr

    If a card is cloned, does that make the PIN obvious to the cloners? I’d assume not. The PIN is normally encrypted using 3DES (Triple DES) – hard to hack but not foolproof. For card fraud to succeed the fraudster needs to have the card, PIN and access to an EFTPOS device or a payment engine/gateway. These are being compromised now with the ubiquitous usage of internet transactions, unfortunately. Credit cards are at high risk because of offline usage or high floor limits. I have also noticed that card acceptance procedures are being flouted as workers do not carry out very basic ID checks to ensure the holder of the card is the bona fide cardholder.