A strain of malware has cost South African banks tens of millions of rand in what is already being called one of the worst breaches of customer card data in the country’s history.
The malware, known as Dexter, was inserted into fast food restaurants’ payment terminals. It is rumoured that fried chicken outlet KFC was hit especially hard. The banks first noticed unusual levels of fraud at fast food restaurants earlier this year.
Payments Association of South Africa CEO Walter Volker said: "It took quite a while to get to the bottom of this incident, because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up.
"This one was a variant that was changed to avoid detection by the antivirus software."
As an initial response, a forensics company began to analyse the incidents and a committee was set up that included all the affected banks and card companies Visa and MasterCard.
Anti-malware software has now been installed in all the outlets where infection by Dexter was suspected and Volker said customers should not panic, as the banks would absorb any losses.
He said: "All the fast-food retailers have been cleaned out as far as possible. We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket."
Volker said that the infection came from abroad, where cards were reproduced from the stolen data. But he said there was no evidence that cards were reproduced domestically. This means that while banks will keep a close eye on compromised card accounts, they may not necessarily replace cards.
"At this stage, the thing is really well under control," he added.