Protect yourself: Ombud warns of 73% rise in virtual banking fraud in South Africa
The National Financial Ombud (NFO) has warned that while virtual banking cards offer enhanced convenience and security, they are increasingly being exploited by fraudsters.
Image: File
The National Financial Ombud (NFO) has warned that while virtual banking cards offer enhanced convenience and security, they are increasingly being exploited by fraudsters.
According to the NFO, digital banking fraud complaints have surged by a staggering 73% year-on-year, rising from 1,436 cases between January and May 2024 to 2,483 during the same period in 2025.
The increase is being driven by fraudsters who exploit phishing scams, and other deceptive tactics to gain access to consumers’ digital banking profiles and create virtual cards to drain their accounts.
The watchdog also added that "in contrast, ATM card complaints rose from 237 to 332, but remained lower in number than virtual or digital fraud cases. Between January 2024 and May 2025, digital fraud complaints exceeded ATM fraud complaints by 3,350 cases, marking a dramatic shift in card fraud from plastic to virtual".
Nerosha Maseti, the Lead Ombud for Banking and Credit at the NFO, warned that "while virtual cards offer enhanced convenience and security, they are not immune to fraud".
Maseti added that the NFO’s "investigations reveal that virtual cards are typically compromised through unauthorised access to a customer’s banking app".
“Fraudsters are able to create virtual cards and then use the virtual card credentials to perform transactions once gaining access to a customer's digital banking profile,". Maseti said.
"This happens when bank customers have compromised their confidential access credentials, shared One Time Pins (OTPs) or accepted authentication messages for the creation ofvirtual cards".
She added that this was happening despite awareness campaigns by banks.
"The majority of complainants to our office indicated that they were unaware of the existence or use of virtual cards,” she said.
Maseti pointed to a recent case where a consumer lost R500,000 after falling victim to a vishing scam, in which fraudsters posing as bank officials convinced her to share her online banking credentials. The scammers accessed her profile, created multiple virtual cards, and authorised purchases using in-app approvals on her mobile device.
The bank rejected her refund request, arguing that the transactions were authenticated through her app using valid credentials. The NFO upheld the bank’s stance, finding no evidence of system failure or negligence.
“The bank provided proof of the creation of the virtual cards on the online banking profile as well as proof of the authentication messages delivered to the mobile application linked to the consumer’s online banking profile in terms whereof the fraudulent online card purchases were authorised.
"The consumer confirmed that her phone was in her possession at all times. The facts showed that the consumer had compromised her online banking credentials and approved the In-App messages required to authorise the online card purchases in question.The bank could not be held liable for the loss suffered by the consumer as a result of the compromise,” Maseti said.
Some ways to keep your virtual card safe:
- Never share your confidential card parameters or PIN, login credentials, passwords or One Time PIN with other people. The bank will not phone you to ask for this confidential information. When you are authenticating a transaction, read what you are approving carefully as fraudsters may try to convince you to approve transactions for their own financial gains.
- Enable Multi-Factor Authentication (MFA) – Ensure your banking app requires extra verification, like a one-time PIN or biometric authentication.
- Use a Secure Internet Connection – Avoid making transactions on public Wi-Fi, where hackers can intercept your data.
- Create Unique, Strong Passwords – Use a password manager to store complex passwords instead of reusing the same ones.
- Set Spending Limits – Some banks allow you to set transaction limits for virtual cards, reducing risk if your card is ever misused.
- Turn Off Auto-Save – Avoid saving card details in browsers or apps unless absolutely necessary.
- Don't panic: Fraudsters rely on people acting hastily, due to a sense of panic. Their tactics include threats that your accounts will be blocked or that fraud has been identified and must be stopped immediately. Whatever the scenario, it should never compel you to give away sensitive personal information such as OTPs, PINs, or passwords. It is safer to end such communication and contact your bank immediately.
- Do not click on email or SMS links: Proceed with caution when opening emails from unknown or suspicious sources. Credible financial institutions will never ask you to click on links. Avoid doing so or downloading attachments from these kinds of messages as they may include harmful malware or redirect you to fake and malicious websites.
- Pay careful attention to the wording of OTP requests: Familiarise yourself with the way your financial institution communicates notifications about online transactions and OTP requests. If you have any doubt, contact your banking institution immediately to confirm the veracity of such messages.
IOL Business
mthobisi.nozulela@iol.co.za