Despite its history of resilience and globally recognised innovation, the eyewatering pace of cyber threat evolution, characterised by rapid mutation and increasing sophistication, is forcing South Africa’s banking sector to rethink its approach to security.
In its 2024 Annual Crime Statistics report, the South African Banking Risk Information Centre (SABRIC) notes that digital banking fraud saw a significant escalation, with an 86% increase in incidents and a 74% rise in associated losses, totalling R1.89 billion. Digital banking fraud accounts for almost 70% of recorded financial losses in the banking industry. SABRIC has laid a good deal of the blame on emerging technologies, particularly Generative Artificial Intelligence (GenAI), being leveraged by criminals to craft more sophisticated schemes.
South African (SA) banks have not sat idly by and have invested heavily in systems, partnerships and awareness campaigns to combat crime. They too have turned to AI technologies to fight fraud, saving billions in fraud losses. However, the pace of fraud innovation has made chasing down the criminals a moving target for local banking leaders.
“Gone are the days when a single technology or a static set of controls can keep fraudsters at bay. The threat landscape today is dynamic, with attackers constantly probing for new vulnerabilities and exploiting gaps in traditional defences,” says Pieter de Swardt, SVP Commercial: SA & Sales Operations at Entersekt.
“The complexity and velocity of modern fraud schemes, from deepfakes to fraud and scams involving social engineering, demand more than just investment in new tools. While banks are investing heavily in protecting their clients, the real test lies in their ability to adapt and expand their security net.”
A nuanced approach is required
A deliberate move toward multi-layered, adaptive security is required to mitigate these evolving threats. Rather than relying on a single line of defence, banks are increasingly turning to behavioural analytics and risk profiling to analyse intent in addition to identity.
“By constructing dynamic profiles of customer behaviour, including transaction timing, geolocation, device fingerprinting, and channel usage, banks can detect deviations that may signal fraud, even when individual transactions appear legitimate,” says de Swardt.
Banks that focus on whether the client ‘should’ be doing the transaction by analysing context, device usage, and transaction velocity to distinguish genuine behaviour from suspicious intent are reaping the rewards. According to KPMG’s Global Banking Scam Survey 2025, 60% of banks that monitor customers to understand if they’re communicating with a third party while using online or mobile banking rated this as an effective fraud prevention measure.
De Swardt explains that shifting to intent-based fraud fighting approaches also helps fight chargeback fraud, which is a growing headache for banks.
“We had an example of a bank customer reporting fraud after performing multiple transactions in succession. The first transaction was deemed legitimate, but the customer reported the next two as fraudulent, and then the following transactions were once again legitimate. We were able to assist the bank to confirm that all the transactions were coming from exactly the same browser. With the forensics in place, the bank was able to get the client to confess to first-party fraud. The data is impartial and sometimes there is no third party involved,” de Swardt shares.
Cross-channel is key
Equally critical is the need for cross-channel visibility. Fraudsters increasingly exploit gaps between siloed systems, initiating transactions in one channel and authenticating in another.
De Swardt says security architectures must correlate data across originating and authentication channels with online banking, card payments, mobile apps, and other touchpoints. This holistic view enables the detection of anomalous patterns (such as a transaction initiated from an unfamiliar device and authenticated from a geographically distant location) that would be invisible in a single-channel context.
De Swardt says this nuanced approach, using as many data points as possible, allows banks to intervene only when something is suspicious, maintaining a smooth client experience while still being vigilant against fraud.
“When risk signals indicate that a transaction matches a customer’s usual behaviour, it can be processed quickly and without extra steps. Only when something appears out of the ordinary does the system need to introduce additional authentication measures or alerts, minimising disruption for clients,” he explains.
Security is the one time that competition shouldn’t matter
Consortium intelligence is another pillar of effective cyber defence. By participating in industry-wide data sharing initiatives, banks gain access to a broader spectrum of threat intelligence, including indicators of compromise and emerging attack vectors.
“One of the defining features of SA banking is its collaborative spirit. Local banks have established open lines of communication, sharing intelligence and best practices to combat fraud collectively. One of the positive aspects of the battle against fraud is that it is not seen as a competitive advantage. It’s a necessity in a region where attack vectors morph rapidly and fraudsters are quick to adapt,” de Swardt shares.
Summing up, de Swardt says the velocity of fraud evolution means that yesterday’s defences can quickly become obsolete. In this context, the technical challenge is not merely to add more layers, but to architect a security ecosystem that is adaptive, intelligence-driven, and capable of real-time response.
“By leveraging behavioural analytics, cross-channel visibility, and industry collaboration, banks can stay ahead of evolving threats while preserving the trust and satisfaction of their customers. The battle against cybercrime is only beginning, but with a new approach, as well as the right partners, SA banks are well positioned to meet the challenge,” he says.
