Banks spend millions year after year in their effort to craft an image of ultimate security for the modern financial fortress. Banks surround us with sleek interfaces and promises of high-end encryption, unrivalled reliability, and effortless efficiency at our fingertips. They convince us that our money has never been safer and that their sophisticated AI-driven security systems are almost impossible to penetrate. But when you actually face a crisis like an unauthorised charge on a supposedly “secure” virtual card, that confidence starts to crack. It feels less like a partnership built on trust and more like a carefully managed branding exercise.
The Notifications That Changed Everything
And yet, it recently happened to me through FNB. A Bank whose consistent messaging has revolved around a few core promises which include help, trust, innovation, convenience, and security. On April 4, I found myself staring at unauthorised transactions on a card that, technically speaking, should have been incredibly difficult to exploit in that way. I use virtual credit cards because the constantly changing CVV is supposed to act as the ultimate safeguard against fraudsters. At least, that’s what banks keep telling us. So if the code refreshes every few minutes, how can someone possibly run up a bill without me knowing? Out of nowhere, notifications for multiple transactions started appearing on my phone. I knew I hadn’t made them, yet somehow my name was attached to every single one. Someone had used my virtual credit card for transactions I never authorised. What makes this even harder to process is the fact that banks constantly market virtual cards as one of the safest ways to transact online. So naturally, when fraudulent transactions still go through, you start asking questions tied to logic. And that raises the biggest question, if fraudsters can still bypass the very security features banks constantly promote as protection, then what exactly are customers supposed to trust?
“Secure” Until It Isn’t
My first instinct was to call FNB and get this clarified. I made the call at 12:26pm that same day, but the bank simply provided me with a case number and informed me that they would conduct an investigation, which could take anywhere between 7 and 30 days. In that time I received no feedback what so ever. I called the fraud department again on April 6, only to hear that the investigation was still in progress and that I would simply have to wait. The moment I tried to push back, I realised just how heavily the system leans against consumers. Despite the fact that someone carried out unauthorised transactions on a virtual card protected by a dynamic CVV, the bank refused to take responsibility and reserved comment. “Investigations take time” became the standard response. How much of time, is anybodies guess. Which means I now have to repay the money, with interest attached to it. And that changes the entire experience. You see, at this point I am no longer just dealing with fraud, I am dealing with the financial aftermath of a system failure that has become my burden to carry.
The Problem With Digital Trust
Watching the recent Daily Maverick report on this was a wake-up call. It turns out I’m just one of thousands. Commercial crime in South Africa is exploding, while violent crime stats are actually dipping. But because the banks keep these stories quiet by simply blaming the victim, we don’t realise how common this is. I think the biggest takeaway is understanding that modern fraud doesn’t happen the way people imagine or the way movies portray it. Criminals have evolved. They no longer focus only on stealing physical cards or randomly guessing numbers. The system as well as the methods used to exploit it have evolved. A changing CVV sounds airtight in theory, but digital payment systems operate across multiple layers. Stored merchant credentials, tokenised payments, compromised apps, phishing attempts, malware, leaked databases, and social engineering tactics all create potential entry points for fraudsters.Fraudsters don’t necessarily need access to every layer. All they need is access to the weakest link in the chain. And that’s the part consumers don’t always hear about.
When The Customer Carries The Cost
Consumers are sold a rather pretty convincing package. A package packed with convenience, safety, advanced fraud detection and instant control through banking apps. The finance institutions convince us that virtual cards are smarter and more secure than physical cards. So when fraud does happen, it feels less like “bad luck” and more like watching your confidence in a system collapse in real time. Almost immediately, a wall goes up between the customer and the bank. The standard line is always that the customer was negligent with their credentials. In their eyes, the system is perfect, so the human must be the glitch. Even when the math doesn’t add up the burden of proof sits squarely with the consumer.
The Gap Between Marketing And Reality
If banks market virtual cards as highly secure because of features like rotating CVVs, then surely there should also be a more transparent conversation around what happens when those protections fail. And maybe that’s the real issue here. The conversation is not whether virtual cards are useful, we know that they are. And it’s not whether fraud prevention systems work, because for the most part, they do. But consumers are often sold digital security in a way that sounds absolute. Almost guaranteed. Then the moment fraud slips through the cracks, the responsibility suddenly becomes far more complicated. The reality is that digital banking has evolved faster than most people’s understanding of how vulnerable these systems can still be. Fraud today isn’t always about somebody stealing your card. Sometimes it’s about weaknesses buried somewhere inside an entire payment ecosystem most of us never even see. Unfortunately, you only really understand that once you become the person staring at transactions you never made… while trying to explain to a bank that none of it makes sense.
