Protecting your clients in a borderless digital fraud landscape
The pace and scale of digital fraud is nearing systemic levels, impacting the most vulnerable in society and eroding trust across the financial services sector. Combating this crime requires a cohesive strategic vision and clarity of leadership from all stakeholders in the affected ecosystem.
The ongoing battle against financial crime
The opening panel discussion at the recent FSCA Digital Fraud Roundtable did little more than scratch the surface of the domestic digital fraud landscape, but it did serve as an excellent starting point for ongoing discussion. Panel moderator and Deputy Commissioner of the Financial Sector Conduct Authority (FSCA), Farzana Badat, introduced the panel as a group of leaders representing multiple sectors and perspectives. To being, participants were asked to position their organisations in the context of the ongoing battle against digital fraud.
Bongi Kunene, MD of the Banking Association of South Africa (BASA), said the trade association representing local banks took a multi-pronged approach to combating digital fraud and scams. “The banks have various anti-fraud frontiers internally, and they follow up per their respective protocols whenever a fraud is suspected or reported,” she said. Banks can even intervene when money is traced to an international organisation, issuing affidavits to overseas banks declaring such transactions as proceeds of crime, or fraudulently transferred.
BASA has also been working with the International Banking Federation (IBF) to examine the typologies of scams. Over two years, they have unpacked scams in Australia, Canada and India. “These scams have become a cross-border issue,” Kunene said. She added that South Africa is also participating in the Global Anti-Scam Alliance (GASA), where it is represented by the South African Fraud Prevention Service (SAFPS). This alliance seeks to identify digital fraud threat actors and collaborate globally on anti-scam initiatives.
Cross-sector, cross-border responses
Badat observed that digital fraud no longer had borders or boundaries, and that tackling the scourge required collaboration between institutions locally and offshore. She then called upon Andre Wentzel, Interim CEO of the South African Banking Risk Information Centre (SABRIC), to weigh in on the debate. He described SABRIC as “the coordinating and operational arm of the banking industry [tasked with] bringing players within the industry together with other partners.” SABRIC has already signed Memoranda of Understanding (MOUs) with 27 entities.
SABRIC receives and analyses information from local banks before disseminating that intelligence back into the banking community. The institution is also heavily involved in education and training initiatives within the industry and for the general public. Wentzel spoke about the centre’s Digital Forensics Analysis Centre, which provides facilities and infrastructure to support local law enforcement with cell phone and laptop analysis, including transferring skills. The moderator thanked SABRIC for their exhaustive reporting on financial crime and fraud which is seen as a go-to reference for national statistics.
If you poll FAnews readers about digital fraud, you can be sure the dreaded SIM swap features alongside the myriad email and text phishing scams. So, it was refreshing to see the Independent Communications Authority of South Africa (ICASA) take to the stage. “In the spirit of diversity and mounting stakeholder collaboration, I am going to pivot now to our newest partner-collaborator, the telecommunications industry,” Badat said. Representing ICASA, Catherine Mushi said the conversation around digital fraud had started with SIM fraud.
Boxed in by legacy methodologies
“As soon as we started the conversation with the FSCA it quickly became clear that the problem is bigger than SIM fraud; technology is now challenging us as the regulator, and it is putting pressure on us to understand how fraud happens,” she said, adding that the authority often felt “boxed into an old regime.” Later on, another panellist noted that an individual can register up to 100 mobile numbers against their identity.
The panel moderator said that while technology had been fantastic in enabling choice for customers, it had also significantly increased risk exposures. “This is a fight that requires new ways of thinking … writing rules to fix this problem is not the solution,” Badat said. Solutions will emerge through collaboration between regulators and the industry, and between regulators in different sectors.
Thokozani Mvelase, CEO of the Communications Risk Information Centre (COMRiC), was next to the podium. COMRiC represents the five main telcos plying their trade in South Africa: Cell C, Liquid, MTN, Telkom and Vodacom. “Our focus is around creating resiliency in the infrastructure of the telecommunication sector [including] looking at the issues of crime,” Mvelase said. He added that the telecommunications sector was a pipeline for communications, including those needed to perpetrate digital fraud.
The panellist said that the sector had “taken ownership” of SIM-related fraud and flagged technology as the major driver of emerging digital fraud. As for the future, imagine a world where network operators notify banks when SIM swaps take place, allowing banks to monitor for any account activity linked to the number. The key message here: involved stakeholders need to act with the information that is already to hand.
Seeking flexible regulatory frameworks
Mvelase said the banking and telecoms sectors were probably using 2% of the available information in tackling crime due to a reluctance to share intelligence. And he warned against drafting standards that “handcuff” the industry for five or 10 years in favour of flexible regulatory frameworks.
Badat weighed in on the rules and standards topic, saying that rules are typically set up to address historic issues, and therefore lack the foresight to tackle emerging challenges. She added that consolidated, integrated data gave credible insights into the risk landscape, before asking COMRiC and SABRIC to what extent they shared information. The question was not immediately addressed.Instead, the Association of Communications and Technology (ACT) took its turn. Nomvuyiso Batyi, CEO of the association, called for a consistent set of rules for all players in the sector. Commenting on how members could collaborate on combating digital fraud, the CEO referred to bottlenecks in the regulation, principally the Competition Act.
“We want to work together, but some of the things we do may be interpreted as collusion under competition law,” she said. The point here is that associations risk tripping up over both competition and data protection laws if they instruct members to communicate with each other around, for example, RICA information.
Unregulated social media platforms
ACT also raised concerns over unregulated platforms such as WhatsApp. Many users assume that blocking a SIM card makes their chat history safe, but that is not the case. Conversations already stored on a stolen phone may still be accessible if the device itself is not locked or wiped.
The panel moderator suggested that the Competition Commission be part of future discussions. “We are acutely aware of challenges and fears in the sector around sharing of data,” Badat said. The FSCA is also concerned about the lack of transparency at “largely unregulated” social media platforms and believes further discussion among regulators is necessary.
Last up, Manie van Schalkwyk, CEO of SAFPS, took to the stage to comment on how banks, cell phone companies, credit providers, insurers and retailers were collaborating to share information on confirmed instances of fraud. “Before you transact with a bank or a retailer, they will come to us to see if you have been listed in this database,” he explained. SAFPS estimates that it saved industry around R6 billion in 2024 and is on track to prevent over R7 billion in fraud this year.
According to Van Schalkwyk, scammers tend to go for the weakest link. His wish is for stakeholders to learn from and implement global best practice and thereby push the scams onslaught to another country.
The ‘stop, think and don’t get scammed’ antidote
The SAFPS recently released YIMA, a public web-based portal aimed at raising awareness around scams. “We want consumers to stop, think and not get scammed … and that is the primary goal of YIMA,” Van Schalkwyk said. The service offers free tools to consumers to help identify and prevent scams, and provides a hotline to consumers so that when they are scammed, they can phone the number and be connected to the fraud department of the bank in question.
The website is safps.org.za and the call centre number is 011-867-2234. And that, dear reader, is probably the most tangible advice you can take from the hour-long panel discussion.
Writer’s thoughts:
Advisers and brokers were noticeably absent from this cross-sector discussion on digital fraud. Was this an oversight, or does the industry assume that intermediaries will align with the policies and protections set by product providers? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
