A new survey of fraud-management, anti-money laundering (AML), and compliance team leaders at South African banks depicts a country still searching for a solution to meaningfully reduce an onslaught of fraud.
Three-fourths of those surveyed (75%) report increasing fraud attempts at their institution, 79% say fraud losses were increasing, and 81% estimate their institution’s annual fraud losses at more than $5 million (R82,3-million).
Those percentages increased among C-suite respondents, with 81% reporting increasing fraud attempts, 84% increasing fraud losses, and 86% annual fraud losses in excess of $5-million.
South African banking leaders depict a fraud landscape where both the volume and the success rate of attacks now outpace existing defences.
“More South African banking leaders reported rising fraud attempts, increasing fraud losses, and annual fraud losses exceeding $5-million than their counterparts at financial institutions elsewhere in the world,” says Thomas Peacock, director of global fraud intelligence at BioCatch, which commissioned the survey. “Among the 17 countries we surveyed on this topic, an average of 61% of respondents reported an increase in annual fraud attempts, 60% said fraud losses were increasing at their institution, and 73% said their bank’s losses exceeded $5 million.”
South African banking leaders overwhelmingly (78%) rank their concern over the reputational risk posed by fraud and scams as greater than or equal to their concern about the financial impact of fraud and scams.
“Financial fraud in South Africa is becoming more sophisticated and harder to stop,” says Jonathan Frost, global advisory director of BioCatch. “Criminals impersonate trusted institutions to trick victims into approving payments, while tactics like account takeovers, identity fraud, SIM swaps, and mule accounts continue to strain fraud teams.
“Real-time payment systems such as PayShap increase convenience but leave little time to detect and prevent suspicious transactions. At the same time, AI tools, data leaks, and targeted social engineering are accelerating the scale and precision of attacks, alongside a rise in violent crimes like express kidnappings.
“Fraudsters increasingly no longer break into banks,” Frost adds. “Instead, they manipulate customers’ cognitive and emotional states to override rational judgment.
“Social engineering has become the primary attack vector, bypassing the billions invested in technological defenses. Criminals have industrialised deception, exploiting trust, urgency, and fear with a sophistication that surpasses that of public awareness efforts and one-time passwords.
“The question is not whether you can afford to protect your customers from social engineering, but whether you can afford not to,” he says. “Customers are not a vulnerability to manage. They are an asset to protect.
“When customers incur losses due to fraud, banks also lose deposits, trust, and legitimacy.”
Other key findings from the survey include:
- Partial reimbursement the norm: Only 40% of respondents said their institution reimbursed more than half of scam victims, 45% said they reimbursed victims to maintain customer trust, and 38% reported balancing reimbursement with liability considerations.
- Behaviour valued: 40% of those surveyed said their organisation was actively using some version of behavioural biometrics, exceeding the global average of all 17 countries surveyed.
- Real-time payments a concern: A large majority (89%) of respondents recognized instant payment platforms like RTC as presenting a moderate to very high risk for fraud.