In South Africa the landscape of financial crime is shifting rapidly. According to the South African Banking Risk Information Centre (SABRIC), while overall banking-sector losses from financial crime dropped from about R3.3 billion in 2023 to R2.7 billion in 2024 (a decline of 18 %) the nature of fraud is changing.
Digital-banking channels have become dominant with 65.3 % of reported incidents in 2024 occurring through digital banking. Crucially, SABRIC warns that criminals are increasingly using artificial intelligence (AI) tools to conduct more convincing, efficient and scalable attacks.
How criminals are using AI tools
Here are some common tactics in South Africa:
- AI-generated phishing emails and WhatsApp/social-media messages: Fraudsters are using AI tools to craft messages that are error-free, stylistically consistent with official correspondence, and personalised. SABRIC reports that fraudsters are “using AI to create error-free phishing emails, cloned WhatsApp messages, and even voice-based deepfakes impersonating banking officials.”
- Voice cloning / deepfake audio & video impersonation: One of the more advanced threats is the use of voice-cloned calls or video impersonation of bank officials or trusted persons to convince victims to comply with instructions (e.g., transfer funds, share OTPs). SABRIC cautions that “real-time deepfake audio and video scams could become widespread” in 2025.
- Fake apps and websites leveraged via social engineering: In South Africa, fraudsters have created convincing fake banking or investment apps, websites with professional design and endorsements, and used them to harvest credentials or direct funds. For example, one case cited saw R6 million lost when a victim believed they were trading via a legitimate app under the guise of a professional bank official.
- Automation and scalability: By incorporating AI, fraudsters can send far more targeted messages (via email, SMS or WhatsApp) at scale, automating parts of the attack chain and increasing volume. For instance, AI-driven synthetic identities, voice-bots, or social-media manipulations reduce cost and increase attacks throughout.
- Exploiting human behaviour (social engineering) with AI-enhanced tools: Although the technical breach risk remains, many of the fraud incidents stem from manipulating the victim rather than hacking the bank system directly. AI contributes by making the manipulations more believable, personalised, and harder for individuals to recognise. “These incidents were the result of social engineering techniques that exploited human error, rather than technical compromises of banking platforms.”
- Card-not-present (CNP) and digital payments fraud remain major channels: Although perhaps less overtly AI-enabled, the shift to online/digital payment channels means criminals using AI-assisted identity fraud or synthetic identities can exploit CNP transactions. SABRIC notes that 85.6 % of gross credit-card fraud losses in South Africa occurred through “card-not-present” transactions in 2024.
Why South Africa is particularly exposed
- A rapidly expanding digital banking and mobile-payments ecosystem increases the number of entry points for fraud.
- Many consumers are less familiar with advanced fraud techniques (e.g, deepfakes) and may rely on superficial cues (branding, logos, familiar language) which AI can mimic convincingly.
- Fraud detection infrastructure, although improving, is playing catch-up to these novel tools. SABRIC emphasises the need for consumer education, cross-industry collaboration and technological defence.
As we approach high-volume retail events like Black Friday, the combination of increased transactional activity and opportunistic fraud means the risk environment is heightened.
Here are connections to keep in mind:
- With more consumers shopping online or via mobile, fraudsters may ramp up attempts to exploit card details, account credentials or social-engineering attacks tied to “sale offers”.
- With fraud tactics becoming more sophisticated (AI-driven impersonation of “customer service” or “fraud team” calls/texts), cardholders must remain vigilant around any contact that appears to come from a retailer, card-provider or payment service.
Five practical safeguards
- Never share account details or PINs: Legitimate support or fraud-teams do not ask you to share OTPs, bank passwords, or your RCS account password.
- Verify links and apps: If you receive a message about a “Black Friday offer” go directly via the official retailer’s website - do not click on links in unexpected SMS/WhatsApp messages.
- Be cautious of unsolicited calls with urgency: Fraudsters may call or message impersonating someone, urging immediate action. If uncertain, hang up and call via a number you know is correct.
- Monitor your account activity: With increased spending around Black Friday, review your account statements for unfamiliar transactions. Report anything suspicious immediately.
- Use strong, unique passwords and enable alerts: Make sure your account (if applicable) uses a strong password, enable any available notification alerts for purchases or login activity, and avoid using the same password across multiple services.
Artificial intelligence is not just a future threat - it’s actively reshaping how fraud is committed in South Africa today, making scams more convincing, faster and harder to detect. As an RCS Store Card holder, especially during high-activity shopping periods like Black Friday, please stay alert and aware so that you can keep your account details secure. If you’re concerned that your RCS account may have potentially been misused contact our Fraud Line immediately at 0215974970.
