Sunday, May 06, 2007


Did anyone see the NAKUMATT advertisement(Daily Nation May 1,2007) in the paper?The advertisement warned Smart Card holders from disclosing their Bank account details to callers who pretended to be Nakumatt employees.It seems to be a crack in the smart card and receipts system that crooks want to exploit.

The crack
The Nakumatt till receipt indicates the following details at the bottom(if you use your SMART card):
-Name of smart card holder-Smart Points givenIf you pay by credit card/Debit card plus use your smart card, the following details will be on your till receipt
-Name of smart card holder-Smart Points given
-Full Debit/Credit card number BUT not the name on the Debit/Credit cardSo by getting hold of your receipt. Someone knows your name and the full number for your Credit/Debit card, But not your address or the CVW code of your card

What you didn't know
To use a Credit/Debit card online you DONT need to have the card physically present you just need to know the card number and its Card security code.

Card security code refers to the 3 digit numbers at the back of your credit/debit card that are on the signature strip. Take your card flip it over and look at the signature strip. You will see a series of numbers. Look for 3 digits that are together. Those three are the code.

Card companies developed this code to prevent people from using other peoples' cards online using stolen Credit/debit card information.The code forces you to physically have the card when carrying out the online transaction.Most online sites will ask you for this code in addition to the usual details when paying for an online transaction by card.

My theory
I think that someone must have found a way to obtain SMART card details. Then he calls card holders for the bank information/address and Card code.

How to protect yourself
-Destroy the portion of the receipt with your name and credit/debit card details
-Use slightly different details for your SMART card and other loyalty card programmes from your bank details. For example, put a fictitious date of birth on your loyalty programme applications. Use a different address for your Bank account and other applications.

-DONT give out your Bank Account details to anyone over the phone.-Watch your bank statements and report any suspicious transactions.

What Nakumatt should do
The counter till receipts shouldn’t display your full Credit/debit card numbers and your name. Part of the numbers should be obscured.This is what some supermarkets outside Kenya do in the UK do. Local ATMs also obscure part of your Credit card number (Pesa Point and NIC bank do so for Credit cards).

Other than the above.I am happy with the SMART card and will continue to use it.

Here are a few interesting links on the subject:

Here is a link to the Nakumatt notice on their site.


Anonymous said...

I hold a credit card issued by ING bank - Belgium. The security code is not on the card but when you have to make an online payment you log into the home-bank (software we install in our computers at home) put in your account details and there it is generated.

I also used it in Kenia at Sarova-Mara last year and the last digits were xxxxx so the bank tries all possible means to reduce card fraud.

pesa tu said...

@Anon: the problem with the Nakumatt till receipt is that it shows your full credit or debit card number.For exapmle if ur credit card number is 1234 5678 9123 4567.It will show 1234567891234567 on your recipt unlike the terminals and ATMs that block the number that would show
xxxxxxxxxxxxxx4567 on your reciept.

Hence, anyone who gets your till receipt gets your Credit/debit card number

shannon said...

with all the credit card transaction fraud going on now, i'm always extremely careful with my cards even if i don't get a warning from the bank-- i NEVER give my card numbers over the phone or through email.

mikemilan10 said...

smart card