National Financial Ombudsman warns of rising virtual banking card fraud

The National Financial Ombud Scheme (NFO) announces a sharp rise in digital banking fraud complaints, with cases surging from 1,436 between January and May 2024 to 2,483 during the same period in 2025, a staggering 73% year-on-year increase.

The NFO says while ATM card complaints also increase, from 237 to 332, they remain significantly lower than virtual card fraud cases. Between January 2024 and May 2025, digital fraud complaints outnumbered ATM-related complaints by 3,350, signalling a dramatic shift in card fraud from plastic to virtual.

With virtual banking cards now available across all major digital banking platforms, and easily loaded onto mobile phones and wearable devices, the NFO confirms that virtual cards are rapidly overtaking traditional physical cards and cash in popularity.

“Unfortunately, this digital alternative is also increasingly being used by fraudsters when targeting unsuspecting bank customers,” the NFO warns.

The National Financial Ombud Scheme is a unified dispute resolution body comprising four former industry ombud offices: the Ombudsman for Short-Term Insurance, the Ombudsman for Long-Term Insurance, the Credit Ombud, and the Ombudsman for Banking Services. It offers its services free of charge to consumers.

The NFO highlights the convenience of virtual cards, which can be accessed directly through secure banking apps. Whether shopping online or tapping a device in-store, consumers enjoy seamless payment capabilities.

“The growing adoption of these methods is clearly reflected in the rising volume of transactions made via virtual cards.

Virtual cards are designed for secure online transactions and come with a unique card number, expiration date, and CVV, just like a physical card, but they offer extra security because they can't be lost, stolen, or duplicated,” the NFO says.

Nerosha Maseti, lead ombud for banking and credit at the NFO, says that while virtual cards offer enhanced convenience and security, they are not immune to fraud. She notes that fraudsters continue to exploit unsuspecting consumers.

Maseti confirms that most virtual card compromises stem from unauthorised access to a customer’s banking app. Techniques such as vishing, smishing, and phishing, deceptive tactics used by cybercriminals to steal personal information, are commonly employed.

“Fraudsters are able to create virtual cards and then use the virtual card credentials to perform transactions once they gain access to a customer's digital banking profile. This happens when bank customers have compromised their confidential access credentials, shared One Time Pins (OTPs), or accepted authentication messages for the creation of virtual cards.

“Despite ongoing awareness campaigns by banks, including media outreach and direct communication via SMS, email, and in-app notifications to educate customers on the functionality and associated risks of virtual cards, the majority of complainants to our office indicated that they were unaware of the existence or use of virtual cards,” she says.

Maseti cites a case in which a consumer falls victim to a vishing scam. Fraudsters impersonating bank representatives convince the consumer to share their confidential online banking credentials. Once inside her profile, they create multiple virtual cards and conduct online purchases totalling R500 000. These transactions are approved via in-app authentication.

The consumer reports the incident and requests a full refund, but the bank repudiates the claim. She escalates the matter to the NFO.

The bank maintains its stance, arguing that the consumer’s login credentials were compromised and that the disputed transactions were approved via her mobile banking app.

“The bank provided proof of the creation of the virtual cards on the online banking profile as well as proof of the authentication messages delivered to the mobile application linked to the consumer’s online banking profile, in terms whereof the fraudulent online card purchases were authorised. The consumer confirmed that her phone was in her possession at all times.

“The facts showed that the consumer had compromised her online banking credentials and approved the In-App messages required to authorise the online card purchases in question. The bank could not be held liable for the loss suffered by the consumer as a result of the compromise,” Maseti says.

She adds that the bank confirms the fraudulent purchases could not have occurred without access to the consumer’s profile and her approval of the authentication messages. No evidence suggests any failure on the bank’s part in terms of safety or administration, and the NFO finds no grounds to recommend reimbursement.

Maseti reiterates that consumers are responsible for safeguarding their confidential banking credentials. Banks will never request this information, and consumers must remain vigilant.

Tips to protect your virtual card

• Never share confidential information: Do not disclose your card details, PINs, passwords, or OTPs. Banks will never ask for these.
• Read authentication messages carefully: Fraudsters may trick you into approving transactions for their benefit.
• Enable Multi-Factor Authentication (MFA): Use biometric verification or OTPs for added security.
• Avoid public Wi-Fi: Use secure internet connections when transacting online.
• Use strong, unique passwords: Consider a password manager to avoid reusing credentials.
• Set transaction limits: Reduce exposure by capping virtual card spending.
• Turn off auto-save: Avoid storing card details in browsers or apps unnecessarily.
• Stay calm under pressure: Fraudsters often use panic tactics. Never rush to share sensitive information.
• Don’t click suspicious links: Legitimate banks won’t ask you to click on links via SMS or email.
• Scrutinise OTP requests: Understand how your bank communicates and verify any unusual messages.

If you have a dispute with your bank that remains unresolved, you may escalate the matter to the NFO. However, Maseti stresses that suspected fraud must first be reported to your bank, which is the only entity able to block or recover funds.

“Only refer a complaint to the NFO once your bank has responded and you are dissatisfied with their outcome or resolution,” she says.

PERSONAL FINANCE