Anyone with a bank account in South Africa is under siege
South African bank accounts are under attack as fraudsters abandon traditional hacking attempts and instead increasingly target customers, manipulating them into willingly sending them money.
This is according to fraud prevention specialist BioCatch, which found that South African banks are facing mounting pressure from increasingly sophisticated scams.
The survey revealed that 85% of South African banking leaders had seen an increase in fraud attempts against their institutions.
Additionally, 79% said fraud losses are rising, and 81% estimated their institutions lose more than $5 million (about R82 million) to fraud each year.
The findings suggest South African banks are under greater fraud pressure than many international peers, as criminals increasingly exploit customers rather than weaknesses in banking systems.
In an interview with Moneyweb Radio, Jonathan Frost, Director of Global Advisory at BioCatch, said the shift reflects how successful banks have become at preventing traditional forms of unauthorised fraud.
“I think we are facing a challenge, not just in South Africa, but in pretty much all of the developed markets,” Frost said.
“The banks have done such a good job at preventing unauthorised fraud that, unfortunately, customers have been put very solidly in the crosshairs of fraudsters.”
He explained that banking security has become so effective that criminals have little choice but to convince customers to move the money themselves.
“The security around bank accounts is generally so good now that the only way you can get the money out of the account is to effectively manipulate the customer into sending it on your behalf,” he said.
This shift has coincided with the rapid growth of digital banking and instant payments. While these services have made banking faster and more convenient, they have also created new opportunities for scammers to pressure victims into approving fraudulent transactions.
According to Frost, the threat is set to intensify as artificial intelligence (AI) gives criminals increasingly powerful tools.
“It looks like it will probably worsen before it gets better. We’re now entering a new phase of an evolving threat environment,” he said.
Banks and criminals are locked in an AI-driven battle
He said fraudsters have long relied on fake advertisements, phishing messages and other forms of social engineering to trick victims into transferring money. However, AI is now making those attacks more convincing and scalable.
AI also allows criminals to overcome barriers such as language differences while rapidly improving their scams.
“It allows them to refine their attack very, very quickly and, as a consequence of that, people are more likely to unfortunately be deceived and fall victim,” he said.
Frost argued that banks can no longer rely solely on traditional security measures, such as passwords, one-time pins or trusted devices, to identify fraud.
He believes banks should analyse how customers behave on digital banking platforms to detect signs of manipulation before a payment is authorised.
“It’s actually about what the customer’s doing, how they’re behaving in the digital channel. That’s the opportunity for banks to identify when customers are being manipulated,” he said.
Frost described modern scams as “a very toxic form of pre-sales”, where fraudsters deliberately create urgency to push victims into making poor decisions. He stressed that anyone can become a victim under the right circumstances.
Frost expects South African regulators to consider stronger consumer protections over the next decade, including requiring banks to reimburse more customers who are tricked into authorising fraudulent payments.
“I think it would be very strange if over the course of the next five to 10 years regulators in South Africa don’t begin to consider whether or not it would be appropriate for customers to achieve additional protection,” he said.
He added that greater liability would encourage banks to invest further in systems capable of detecting customer manipulation before money leaves an account.
Ultimately, Frost believes financial institutions and cybercriminals are now locked in an AI-driven battle.
“The real question is who moves first and who moves fastest. Will it be the criminals or will it be those that are best placed to defend their customers and the potential victims,” he said.
