Q: What is the relationship between Nedbank and American Express?

Nedbank Limited (Registration No 1951/000009/06) is the financial institution that, among other things, issues American Express cards under licence in South Africa.

Q: What is American Express SafeKeySM and how does it work?

When you’re shopping online with your American Express Card you shouldn’t have to worry about fraud. That’s why we offer you SafeKeySM – to make sure that it is indeed you, the Cardmember, making the payment online, preventing your card being used without your knowledge. SafeKey does this by sending you an Approve-it™ message or one-time password (OTP) to your cellphone during the checkout process. If you press 9 on your cellphone to reject the Approve-it™ message or enter the incorrect OTP, the transaction will not be approved. If you press 1 on your cellphone to accept the Approve-it™ message or enter the correct OTP, which indicates that you are the Cardmember, the transaction will be routed for authorisation. Based on the status of your account and the funds available the transaction will be approved.

As of 15 September 2014, an Approve-it™ message will be sent to the Cardmember’s cellphone when the Cardmember makes an online purchase on a merchant’s website where the merchant is American Express SafeKeySM enabled.

Q: What is Approve-it™?

Approve-it™ is an enhanced security feature that will enable you to authenticate internet purchases made with your Card by using your cellphone. In future, when you perform an American Express SafeKeySM internet purchase with your Card, you will receive a message on your cellphone with the following options:

1 to accept the transaction and proceed with the payment.

9 to reject the transaction and cancel the payment.

For more information about Approve-it™ call 0860 555 111.

Q: Why the change to Approve-it™?

Approve-it™ is a more secure means of authentication because it allows you to accept or reject the transaction using your cellphone, instead of entering information into the computer while the internet purchase is being made.

You will also receive an Approve-it™ message whenever an internet purchase is being performed with your Card, provided the online merchant is an American Express SafeKeySM merchant. This message contains the details of the transaction being attempted and you can choose to continue with the transaction or end it.

Q: What if my cellphone can’t receive the new-format messages?

If your cellphone is unable to receive Approve-it™ messages, you will be sent an enhanced OTP message. The notification will contain additional details about the transaction being performed. You will need to enter the OTP you received on your cellphone in your internet browser. Once entered correctly it will indicate that you are the Cardmember.

Q: Will I be charged for Approve-it™?

No, the service is free.

Q: Will I receive my messages even if I am out of the country?

When travelling outside the country, you must ensure that you have activated international SMS roaming through your cellphone service provider. Please note that Nedbank clients will not be charged for Approve-it™ messages when their data roaming is active when they are abroad. Certain network providers outside South Africa may not support Approve-it™. In those instances Nedbank will send you an OTP, provided you have activated international SMS roaming.

Q: How long will it take for the Approve-it™ message to come through?

The message should take a few seconds to reach your cellphone. However, for various reasons, such as geographical area and cellphone service provider network traffic, it may take a little longer. If you, however, consistently receive your messages late, please call the Nedbank Contact Centre immediately on
0860 555 111 or internationally on +27 (0)11 710 4000 and a consultant will investigate the matter.

Q: What do I do if Approve-it™ times out on my cellphone?

If the message times out on your cellphone, Nedbank will send you an OTP. You will be required to capture this on the website through which you are making a purchase to complete the transaction.

Q: What will happen if I press any key other than 1 or 9 on my cellphone?

The system will not recognise any other keys except 1 or 9. The message will, therefore, remain on your cellphone until you press one of these options.

Q: What will happen if I press the button to end a call on my cellphone?

If you press the button to end a call, the transaction will be cancelled and you will have to do another transaction.

Q: What do I do if I receive an Approve-it™ message and I am not transacting online or I have not transacted all day?

You must select 9 on your cellphone to reject the transaction. You should then call the Nedbank Contact Centre on 0860 555 111 and inform the consultant that your account may be compromised.

Q: What do I do if I receive an Approve-it™ message and I am not a Nedbank client?

If you receive an Approve-it™ or OTP message and you are not a Nedbank client, call the Nedbank Contact Centre immediately on 0860 555 111 or internationally on +27 (0)11 710 4000 and notify the consultant so that he or she can investigate the matter.

Q: How much of a problem is online fraud in South Africa?

According to the official South African Banking Risk Information Centre (SABRIC), card not present (CNP) fraud consisting of e-commerce (online), m-commerce (mobile) and mail order and telephone order (MOTO) transactions contributed 48,7% of the total credit card fraud losses in 2013. This is very high if you consider that e-commerce merchants make up less than 3% of the total merchant base. Due to the continued growth in ecommerce, it is therefore essential that additional measures be put in place to meet the challenges posed by this changing environment.

Q: How does the Payments Association South Africa foresee this clamping down on online fraud?

While there are other industry initiatives that would address keeping card data safe, the additional authentication of e-commerce transactions through American Express SafeKeySM will reduce instances where card numbers are compromised and used for fraudulent online shopping. American Express SafeKeySM is intended to counter fraud in the online environment just as Europay/MasterCard/Visa (EMV)-compliant chip-and-PIN technology is used to counter physical card fraud.

Q: How do Cardmembers register/activate American Express SafeKeySM?

Nedbank has enrolled all American Express Cards capable of doing American Express SafeKeySM transactions for the service.

Q: Can all e-commerce-enabled cards use American Express SafeKeySM?

No, not all e-commerce-enabled cards can participate in American Express SafeKeySM. For example, although corporate credit cards allow for e-commerce functionality, it may not be enrolled for American Express SafeKeySM. This will however not impact the functionality of the card.

Q: How does American Express SafeKeySM benefit the Cardmember?

The intention behind the system is that Cardmembers will have a decreased risk of their Cards being fraudulently used on the internet – in essence this system creates a safer online shopping environment. Because Nedbank prompts the Cardmember for an Approve-it™ authentication or OTP that is known only to the bank and the Cardmember, nobody else will be able to use the Card to make online payments without also having the Cardmember’s cellphone or OTP. In addition, since the merchant does not know this password and is not responsible for capturing it, it can be used by Nedbank as evidence that the purchaser is indeed its Cardmember. Online shopping is already equipped with high levels of security and encryption whenever the Card is used. The main reason for the current high levels of CNP fraud is that Card details are fraudulently used to shop online without a prompt for an additional security code/OTP/authorisation through Approve-it™ (specific to Nedbank cardmembers). American Express SafeKeySM offers this additional layer of security to protect the Cardmember from any unauthorised use of the card. The American Express SafeKeySM process can be compared with entering a PIN at a point-of-sale device when doing a purchase in the card-present environment.