Reana Steyn, the Banking Ombudsman, has issued a warning in response to a recent influx of approximately 124 complaints related to NFC (Near-Field Communication) fraud.

She has revealed that these fraudulent activities have resulted in multimillion-dollar losses, as customers’ accounts were illicitly depleted through tap-and-go transactions conducted with smart devices.

Notably, these unauthorized transactions occurred primarily in foreign jurisdictions like Dubai, France, and Spain, even while the legitimate cardholders were physically present in South Africa.


The danger

Steyn’s statement underscores the gravity of the situation, as she cautions, “This unmistakably points to the presence of an international criminal network operating within this domain, with South African consumers squarely in their crosshairs.”

How the NFC Scam Operates

This scheme revolves around criminals utilizing pilfered bank card details, including the card number, expiration date, and the CVV number (the three-digit security code located on the card’s reverse side), to conduct unauthorized transactions through a digital wallet.

“Unlike typical card-not-present fraud, where wrongdoers employ stolen card details to make online purchases, triggering the sending of a one-time password (OTP) to the legitimate cardholder’s registered mobile number, NFC/digital wallet payments circumvent the need for this additional OTP security measure for each transaction,” Steyn elaborates.


Hyperlinks in SMS

Trish Ramdhani, the head of card fraud at FNB, has issued an urgent warning about the evolving tactics used by criminals. They frequently employ methods like phishing and smishing, which involve sending SMS and email messages containing hyperlinks.

These deceptive messages are carefully crafted to instill panic, often suggesting that your banking profile will be blocked or your parcel will be returned.

Unfortunately, many customers inadvertently click on these hyperlinks, which lead them to unauthorized websites designed to capture their personal and banking information.

In response to these threats, FNB introduced Money Protect in 2021, offering free insurance coverage for certain fraud-related losses incurred through digital interfaces. It’s important to note that each claim is evaluated on a case-by-case basis.

Additionally, it’s worth mentioning that card swipes account for less than 1% of all transactions on credit cards and Fusion accounts, while contactless payments now make up over 60% of all transactions, according to FNB.

Stay vigilant and exercise caution when receiving messages with hyperlinks. Your online security is paramount.


One-time pins (OTPs) serve as personal identification numbers (PINs) and are typically transmitted via SMS, email, or generated by an authentication app.

They play a crucial role in enhancing the security of online transactions, registrations, or login processes for bank customers. It is imperative to treat OTPs with the utmost privacy and confidentiality, deploying them exclusively for legitimate customer-initiated transactions and activities.

According to the ombud, OTP fraud can manifest through various deceptive methods:

  • Phishing: Cybercriminals employ phishing tactics by sending deceptive emails, SMS messages, or making fraudulent phone calls while masquerading as legitimate organizations or service providers. They cunningly request the victim to share their OTP as part of a purported verification process or create a fictitious urgent need for it. Should the victim fall prey to this scheme, they unwittingly divulge their OTP, enabling the fraudster to gain unauthorized access.
  • SIM swapping: In this method, fraudsters manipulate the victim’s mobile service provider to obtain a new SIM card linked to the victim’s phone number. With incoming calls and messages rerouted to the fraudster’s device, they intercept OTPs, thereby gaining illicit access to the victim’s online accounts or conducting fraudulent transactions.
  • Social engineering: Fraudsters resort to psychological manipulation and deceit to persuade individuals into willingly divulging their OTPs. They often assume the identity of a trusted figure, such as a bank agent, colleague, friend, or representative of a legitimate company. Leveraging the victim’s trust or exploiting their naiveté, they convince them to disclose their OTP.

This manipulation becomes particularly effective when the fraudster possesses substantial personal information about the victim, including details like address, card number, birth date, ID number, or home address.

Victims may mistakenly believe the caller is legitimate due to the wealth of information they possess. However, it is essential to recognize that this information could have been stolen or acquired through fraudulent means.

In light of these threats, it is imperative for individuals to exercise heightened caution and vigilance when handling OTPs.

Recognizing the potential risks associated with OTP fraud and staying informed about common scam tactics are crucial steps in safeguarding personal and financial security.

Always verify the legitimacy of any request for your OTP and refrain from sharing it unless you are absolutely certain of the requester’s authenticity.

By remaining vigilant and informed, you can effectively protect themselves from falling victim to OTP-related fraud and ensure the security of their online transactions and accounts.


In conclusion, the prevalence of deceptive messages and cyber threats in the digital realm underscores the need for constant vigilance and caution.

When you receive messages with hyperlinks, especially those claiming urgency or demanding immediate action, take a moment to assess their authenticity. Verify the source of the message and exercise caution before clicking on any hyperlinks.

Your online security is paramount, and safeguarding your personal and financial information should always be a top priority.
We hope this information has been very useful to you.

Thank you very much for reading us.

Follow our website for more information on cards, loans and finance!