In the context of rising cyber threats and the country’s upcoming greylisting review, combatting cybercrime is a critical priority for South Africa.
However, does the country have the regulatory and collaborative structures in place to effectively combat the ever-changing nature of cyber security?
The exponential rise of cybercrime
In its 2024 report, the South African Fraud Prevention Service (SAFPS) shared that identity theft skyrocketed by 400% in the country between April 2023 and April 2024.
This has a direct impact on critical industries such as banking. SAFPS notes that out of the 8521 formal cases opened at the Ombudsman for Banking Services in 2023, 43,47% were categorised as fraud.
This is part of a rising trend in scams where fraudsters use false identities or intercept the secure identification process to steal funds and data.
The importance of identity in fighting cybercrime
Gur Geva, co-founder and CEO of iiDENTIFii, says: “In our experience, secure identity is the first line of defence in combatting cybercrime. Criminals can only access data and funds if they have successfully breached an organisation’s secure login and authentication processes. This requires a falsified or stolen identity. For this reason, we have dedicated our business to providing secure, multi-layered authentication.”
South Africa’s lack of policy and collaboration is a weakness in identity fraud prevention
The iiDENTIFii Identity Index South Africa Edition illustrates how companies of all sizes are investing in digital identity to combat cybercrime threats.
However, the report’s co-author and CEO of World Wide Worx, Arthur Goldstuck says: “Despite the trend towards investing in Identity Verification (IDV) solutions, there are still some significant barriers to implementation, with 31% of companies citing regulatory compliance and 23% citing user acceptance as the most substantial barriers.”
A key regulatory consideration in the South African landscape is the strict adherence to the Protection of Personal Information Act, 2013 (POPIA). POPIA governs the processing of personal information, including biometric data, to uphold individuals’ constitutional right to privacy. This can be upheld, while selective biometric data is used to strengthen security if organisations and regulators work together.
“In order for public and private institutions to offer comprehensive protection against cyber threats, there needs to be a unified stance and collaborative approach to fighting cybercrime,” says Geva.
Current SA regulation against cyber fraud
In 2020, the Cybercrimes Act was signed into law, bringing South Africa’s cybersecurity legislation in line with global standards. The act compels institutions to report cybersecurity breaches to the South African Police Service (SAPS) and preserve any information that may assist in the investigation.
Within this act, cyber fraud is defined as “Any person who unlawfully and with the intention to defraud makes a misrepresentation — by means of data or a computer program; or through any interference with data or a computer program as contemplated in subsection 5(2)(a), (b) or (e) or interference with a computer data storage medium or a computer system as contemplated in section 6(2)(a), which causes actual or potential prejudice to another person, is guilty of the offence of cyber fraud.”
The success of the Act is dependent on how effectively it is enforced, and whether law enforcement is equipped with the tools and training to handle these crimes effectively.
Geva adds, “While the Act covers a wide variety of modern threats, it needs to be continuously updated in order to keep pace with the rate of evolving cyber crimes. This will help provide ongoing legislative oversight and take new cybercrime risks and tactics into account.”
iiDENTIFii works with leading technology security specialist companies such as Risk X to keep up with cyber security and cyber fraud. “We have also ensured that our processes, procedures, infrastructure, and security complies with global security standards. To this end, we have achieved ISO/IEC 27001 certification, which is the international standard for information security management, as it sets out a framework for all organisations to establish, implement, operate, monitor, review, maintain and continually improve an ISMS (information security management system),” adds Geva.
The importance of collaboration in fighting cybercrime
The Cybercrime Act prioritises collaboration – both nationally and internationally – through legal assistance treaties and information-sharing mechanisms. This helps bring criminals to justice, but more needs to be done to prevent breaches in the first place.
“South African companies are working in silos as they implement cybercrime prevention and IDV solutions. As a result, they miss the opportunity to share insights about local cyber threats and collaborate on effective protection strategies,” says Geva. “Cybercrime prevention is not a one-entity responsibility—governments and companies must collaborate to:
- Share intelligence and detect threats early, strengthen cybersecurity infrastructure, ensure compliance and align regulations, respond effectively to cyberattacks, combat global cybercrime networks, reduce financial and reputational losses, enhance public trust and digital economy growth.
- Providing a unified front between government agencies, tech firms, financial institutions, and other industries is the best defense against cybercrime.
The path forward
In order for South Africans to effectively combat cyber threats, there needs to be a collective stance on financial crime and cyber fraud, especially in the context of the country’s grey listing and its impending review.
This needs to translate into collective and ongoing action that takes the evolving fraud landscape into account from a policy perspective. Collaboration needs to take place within the public and private sector to share knowledge and educate consumers on evolving fraud threats.
Geva concludes: “From an IDV perspective, iiDENTIFii’s Identity Index offers a critical framework for monitoring the evolution of identity in our country. By serving as a benchmark for the effectiveness of identity management practices, the index can help identify gaps and opportunities for improvement across businesses of all sizes.”