According to the South African Banking Risk Information Centre (sabric), banking fraud losses in South Africa totalled more than R2.7 billion in 2024, with digital banking fraud accounting for nearly R1,9-billion.
By Bradley Elliott, CEO of RelyComply
RelyComply endorses the Financial Sector Conduct Authority’s (FSCA) recent call for the financial sector to coordinate action against fraudsters in light of those unacceptably high losses.
This is not a fight that any single institution, regulator, or network operator can win alone. We believe that accurate coordination across South Africa’s financial service sector should focus on five pillars.
- Sharing signals, not raw data – Fraudsters exploit gaps created when end-users swap out their SIM card or get a new device. We don’t need to centralise personal information to address these cracks. Instead, industry players should share signals that often mark fraudulent transactions, such as hashed IDs, device reputation, SIM-swap events and mule-pattern markers. These signals can be shared lawfully and quickly without compromising user privacy.
- Creating a minimum viable coordination hub – We propose establishing a small coordination hub for banks, insurers, telcos and regulators to track a few high-risk events in near real time. The key metric it should track is not alerts but how quickly scams can be flagged and contained. Losses amounting to hundreds or even millions can be averted if a scam is indicated in minutes rather than hours.
- Accountable governance – Industry-wide coordination should be governance-grade. Fraud is a board-level risk, so alerts need clear explanations, model history, and documented human decisions. Black-box systems without audit trails are not good enough.
- Consumer awareness is built into transaction journeys – Most consumer-facing companies invest heavily in media and marketing campaigns to create awareness about fraud and scams. While these are valuable, ensuring consumers know about risk at the point of action is essential. Simple, timely prompts, like an alert about a new device or a request to double-check a new payee’s details, can help stop fraudsters.
- Safe-harbour rules – Regulators can support ecosystem-wide cooperation in the fight against fraud by creating safe-harbour rules for sharing signals under POPIA and sandboxes for cross-sector pilots. This approach will allow all players to move quickly to address emerging risks while protecting consumers’ data privacy rights.
A year from now, success will mean:
- One shared fraud language across sectors;
- A trusted set of signals moving between institutions;
- Faster shutdowns of mule accounts;
- Public reporting on results; and
- A consumer playbook people actually use.
We don’t need to reinvent the wheel; just align the ones we have and turn them together.