Every few months a viral voice note does the rounds, warning South Africans that “fraudsters” are lurking in shopping malls with handheld devices (“smaller than a cellphone”!) that can detect your tap-and-go card from “two metres” away, silently stealing R400 from your account “every time you move”. The good news is, it’s a hoax. The bad news is, criminals have moved beyond targeting credit cards and – and this is the truth – they’re now targeting your phone’s digital wallet and Apple Pay and Google Pay accounts.
Here’s a look at how they do it, and how you can keep your digital finances safe from fraud.
Are Payment Apps and Digital Wallets Safe?
They’re safer than physical credit cards, but there are still risks. Financial fraud is (still) a huge problem in South Africa. Consumers lose billions of rand each year to scammers and fraudsters, with digital banking fraud alone costing nearly R1.9 billion in 2024. But while the scams are getting more sophisticated, the technology is also advancing rapidly.
Payment apps like Apple Pay and Google Pay protect your money through technologies like tokenisation (which means your actual card number is never stored on your device); biometric authentication (like face and fingerprint ID); end-to-end encryption. They’re safe… but not completely safe. Your digital payment apps and digital wallets still have a few holes in their armour.
How Fraud Happens
The biggest risk is your device. If criminals steal your smartphone and manage to decrypt it, they could add their own biometric data (like fingerprints) to access your banking apps and digital wallets. Once they’ve done that, they can make as many unauthorised transactions as they like until your tell your bank to stop the card.
Another way fraudsters use digital wallets to scam you is by getting hold of your card number, expiry date, and CVV code, and then loading those details into their own Apple Pay or Google Pay wallets. This they typically do through phishing, smishing (SMS scams), or data breaches.
The trouble is, unlike online purchases, digital wallet transactions often don’t require a one-time password (OTP) or PIN. So once the criminal adds your stolen card details to their device, they can freely go around making contactless tap payments with your hard-earned money. And because some contactless cards allow for payments without PIN verification up to a certain limit, it’s worryingly easy for criminals to make illegal payments using your lost or stolen card/phone.
How To Stay Safe
Having read all that, are you worried? You should be. Are you freaking out and cancelling all your credit cards? Don’t. There are practical ways to protect yourself, and your money.
Use strong PINs and passwords (not birthdays or easy-to-guess codes), and never share OTPs or card details via SMS, email, or phone. Most of all, treat your phone like a bank card. Lock it, encrypt it, and if it’s stolen – act fast! Contact your bank, and immediately block your card and phone wallet if your device is lost, stolen or compromised. For more digital fraud and safety tips check out our digital fraud content hub.
