South Africa’s banks have lost tens of millions of rand after an “unauthorized international organization” hacked the card details of fast food restaurant customers, according to Payments Association of South Africa.
“There’s not a single bank that hasn’t been affected,” PASA Chief Executive Officer Walter Volker said in a phone interview today. “We first detected higher volumes of fraud early in the new year.”
The syndicate probably loaded software intended to damage computers onto a server at fast food outlets, before capturing data stored on the magnetic strip of a bank card. It then either produced its own fraudulent cards or sold the compromised data to a third party, Volker said.
Standard Bank Group Ltd. (SBK), Africa’s biggest lender, is aware of the breach and is trying to limit its potential exposure, spokesman Ross Linstrom said in an e-mailed statement. The fraud affects its debit, credit and check card customers, he said.
Hundreds of thousands of customers have probably been affected by the fraud, which has been traced back to Europe, according to Volker. Some of the stolen funds have been spent using compromised cards in the U.S., he said.
“These guys are quite clever at hiding their tracks because they go through multiple service providers,” Volker said. “The syndicates could be anywhere in the world.”
KFC Security Breach
Yum! Restaurants International, a unit of Yum! Brands Inc., is aware of the software that’s infected point of sale equipment used by retailers in its South Africa KFC stores, according to an e-mailed statement.
“We take this extremely seriously,” the company said. “Our first priority is to make sure that the impact on our customers remains minimal.”
Burger King Worldwide Inc. (BKW:US), which opened its first South African restaurant in Cape Town in May, hasn’t been affected by the security breach, according to Jaye Sinclair, CEO of the company’s local unit. McDonald’s Corp. (MCD:US), which has been operating in Africa’s biggest economy since 1995, hasn’t detected any increase in South African bank card fraud in the past three months, a spokeswoman said by phone.
Famous Brands Ltd. (FBR), the South African operator of Steers burger chain and Debonairs pizzas, has two restaurants out of its 2,180 chain network exposed to the fraud, according to an e-mailed statement from the company.
Absa Group Ltd., the South African bank controlled by Barclays Plc, and Nedbank Group Ltd. (NED), didn’t respond to phone calls seeking comment.
FNB, part of FirstRand Ltd. (FSR), declined to comment.
To contact the reporter on this story: Christopher Spillane in Johannesburg at firstname.lastname@example.org
To contact the editor responsible for this story: Kenneth Wong at email@example.com