Eskom reins in huge prepaid electricity blunder
Power utility Eskom says it has widely contained the serious breach of its Online Vending System (OVS), which enabled billions of rands of fraudulent prepaid vouchers to be dispensed in the country.
The breach was first disclosed in the utility’s full-year 2024 financial results in December 2024, with a progress update given in July 2025.
At its 2024 financial results, Eskom estimated that electricity theft, including illegal tokens and bypassed meters, cost it roughly R23 billion in revenue during its previous financial year.
The fraudulent vending, called “ghost vending”, allowed criminal elements within Eskom to issue illegal electricity tokens in bulk.
The OVS facilitates the dispensing of prepaid electricity via virtual channels including banking apps, remote terminals such as ATMs, and other vending stations.
However, reports by MyBroadband earlier this month pointed to the problems caused by the breach being much larger than Eskom had been letting on.
While the initial breach was understood to only affect Eskom prepaid units, it is understood that a workaround was available that allowed Eskom-generated tokens to be used on STS-compliant municipal prepaid meters as well.
However, Eskom has now denied that this is the case, stressing that prepaid electricity tokens generated by the OVS can only be used on meters registered within Eskom’s system.
“Municipalities operate independent vending systems, which are not integrated with Eskom’s platform. This means that tokens generated by Eskom cannot be applied to municipal meters, and vice versa,” it said.
Notably, the MyBroadband report did not imply that the Eskom tokens were directly usable, but rather that a workaround was available.
Regardless, Eskom said that, following its interventions, fraud linked to the OVS breach “has now been reduced to very low levels of activity”, pointing to a wider-scale containment of the issue.
Eskom said this reflects its “multi-layered approach” to strengthening its systems, including physical security, cyber resilience, and operational controls.
It added that the rollout of smart meters has also enabled near real-time detection of suspicious activity, supporting more effective investigations.
Eskom said it has expanded investigative measures in collaboration with law enforcement for some of the implicated employees, who have now been dismissed.
“Certain elements are to be referred to authorities, and the company will cooperate fully,” it said.
Meanwhile, it has deployed early detection tools and is accelerating a new, secure vending platform to replace the current OVS.
“Reducing vending fraud to very low levels, demonstrates that our interventions are effective,” said Eskom CEO, Dan Marokane.
“We are protecting revenue, restoring trust, and ensuring our customers receive a secure and reliable service.”
Loading ...