“It is one of the most malicious and complicated fraud cases that we’ve had to deal with,” Walter Volker, chief executive officer of the Payments Association of South Africa (PASA) told CNBC Africa on Tuesday.
He explained that an international syndicate managed to embed a custom written variation of Dexter malware software into a number of fast food outlet servers. The software then captures the magnetic stripe data of bank cards that go through to the banks for authorisation.
The data is then shipped off to the syndicate and used for the production of fraudulent cards.
“We started detecting unusual levels of fraud earlier in the year. We then formed an incident response committee which then appointed a forensic investigation company to target specific retail outlets to try and determine the problem,” said Volker.
“Once we detected what the problem was, it was actually quite easy for us to develop anti-malware software to start cleaning up the sites that were affected. Fortunately those sites are now all clean.”
KFC, one South Africa’s largest fast food restaurant chains, was one of the most severely affected by the scam. However, it’s the banks that lost millions of rands.
“All banks were equally affected although those banks that rolled out chip cards quicker are slightly less affected. The effect was more on credit and cheque cards that are still magnetic stripe and signature based,” he explained.
The Dexter scam, he added, is larger than that of the PayGate incident that happened in 2012 as it affects a broader environment. PayGate, a South Africa company that intermediates payments between online retailers and banks, had their systems breached by hackers, exposing thousands of credit card details.
“This is worse than the PayGate scam because PayGate was one internet service provider so it was a bit more ring fenced. This [incident] is smaller amounts more widely spread and the view is that the ultimate number will be bigger than the PayGate incident,” he said.
According to Volker, international hackers don’t necessarily target a specific country or industry sector. Instead, they look for any weak links on online servers. The tiniest kink gives them access to a site, which then allows them to hack that entire industry’s servers.
“These guys scam globally. I don’t think it [the target] was particularly South Africa. They found a lucky break at one of the sites in South Africa and once you get into one of the sites, it’s easy to get the malware distributed via the internet to other sites,” he added.