South African banks are tightening oversight of card-not-present (CNP) transactions in the travel sector, warning agencies that non-compliance with payment rules could result in restricted merchant facilities, suspended portals and liability for fraud-related losses.
In a recent compliance directive, Nedbank reminded merchants of the card processing rules set out by the Payments Association of South Africa (PASA), citing an industry-wide spike in compliance gaps, transaction disputes, and fraud linked to the misuse of Mail Order and Telephone Order (MOTO) transaction types.
“In the South African travel industry, adhering to PASA rules is critical for travel agencies acting as merchants to ensure financial security and avoid ADMs. The distinction between transaction types is now a matter of technical compliance and fraud prevention,” said Rachael Penaluna, MD of Sure Maritime Travel.
Bank fraud on the rise
The warning comes amid broader concerns about fraud across South Africa’s banking sector.
According to the BioCatch’s 2026 Survey of South African Banking Leaders, 75% of local bank executives reported an increase in fraud attempts at their institutions.
Crucially for travel agents, the survey also found that banks were becoming more cautious about refunding fraud victims. Only 40% of surveyed institutions reimburse more than half of affected customers, while 38% said reimbursement decisions were closely tied to liability considerations.
Merchants to pay the price
Nedbank warned that if a merchant channel was flagged for elevated risk, the bank might restrict all card-not-present functionality, implement aggressive additional controls, or suspend the merchant’s portal entirely.
“Any financial consequences arising from non-compliance will be debited to the merchant, as the party responsible for the breach, even where the issue originates from payment service provider configuration, gateway settings or integration choices,” said the bank.
FNB and Standard Bank have sent similar warnings on merchant updates, while ABSA includes a clause in its merchant agreement enabling it to suspend a merchant’s facility immediately if card-not-present transaction ratios exceed a certain percentage of total turnover without a valid business reason.
“These warnings all pertain to card-not-present transactions, particularly those not using 3D Secure authorisations,” said Penaluna. “If banks are sending mails like this, these transactions are clearly becoming a bigger problem.”
Liability shifts with 3D
In the travel industry, Signature on File (SOF) transactions, also known as MOTO payments, are deemed high risk because they lack physical card validation, placing the burden of fraud liability on merchants rather than cardholders.
Whereas, e-commerce transactions, also known to incorporate 3D Secure verification, require the cardholder to enter their own card details through a website check-out, hosted payment page, payment link, in-app payment screen, QR payment page or any client-populated payment form.
“When an agency uses a compliant e-commerce gateway or 3D secure transaction verification, the liability for unauthorised fraud typically shifts from the agency to the card-issuing bank,” said Penaluna.
Navigating digital client relations
As the industry handles increasingly complex, high-value itineraries, relying on legacy payment methods poses a greater threat to agencies.
Penaluna notes that SOF payments should only really be used for bookings with long-term, high-trust clients, and 3D Secure transactions should be used for all other retail and bespoke leisure clients. Nedbank also strongly recommended that travel businesses restrict manual key-entry functionalities exclusively to specifically trained and authorised staff.
“As travel shifts toward a more high-tech, high-touch model, travel agencies must ensure that their merchant policies are transparent, preventing compliance gaps that could lead to financial disruptions for both the agency and its clients,” said Penaluna.
