South African verification and secure communication platform SOTRU Identity and Communications aims to tackle a fraud problem that traditional KYC and KYB checks were never built to solve: impersonation and payment fraud that happens after a supplier has been verified.
Business email compromise hit 63% of organisations globally in 2024, with the FBI’s Internet Crime Complaint Centre recording $2,77-billion in BEC losses. Locally, the Standard Bank data breach in April 2026 and recurring NHLS ransomware incidents have shown how exposed business identity and operational data have become, essentially weaponising this stolen data to feed sophisticated phishing, impersonation, and payment-redirection scams.
SOTRU, the locally-founded secure communication platform formerly known as VERA, has officially launched in South Africa. Fresh off being named an international winner of the 2025 Irish Tech Challenge South Africa, run by the Irish Embassy, Dogpatch Labs, and the Department of Science and Innovation (DSI), the launch aims to address the growing gap between identity verification and the daily communication channels where business actually happens.
SOTRU launches out of beta with over 40 active beta users and inbound interest already spanning seven international countries. Global industry leaders are already taking note.
Most organisations already verify suppliers, clients, and counterparties during onboarding. This is rarely where the problem lies; the critical exposure point is that verification ends there, while fraud occurs later inside routine communication channels such as email, messaging platforms, and payment workflows.
SOTRU addresses that weakness by issuing businesses with reusable, cryptographically signed digital credentials validated against trusted company, identity, and banking sources. This architecture is specifically engineered for high-value, high-volume environments where transaction security is critical. SOTRU is already deploying its infrastructure across sectors with intense document and payment workflows, including property and conveyancing, construction logistics, corporate procurement, and legal services.
“Compliance is important, but it is not the end state,” says Max Coleman, co-founder of SOTRU. “What businesses ultimately need is confidence that the supplier they originally verified is the same supplier issuing the invoice today, and that the bank account being paid is the one that was validated. That is the difference between a static record and a genuinely trusted business interaction.”
The company’s aggressive 2026 product roadmap focuses heavily on neutralising next-generation AI threats:
- Live Call Identity Verification: Real-time identity authentication during voice and video calls, allowing participants to cryptographically verify the counterparty they’re speaking to and neutralise deepfake and voice-cloning impersonation attempts.
- Active Credential Monitoring: Real-time alerts to notify connected counterparties when banking details, authorised representatives, or company statuses change, helping prevent the silent alterations that often precede payment fraud and supplier impersonation.
- Automated Risk and Compliance Layer: Planned for rollout by the end of Q3 2026, the platform’s automated risk scoring and adverse media screening capabilities are being designed to support South African businesses to meet evolving FICA compliance requirements.