Allan Juma, ESET Southern Africa Cybersecurity Engineer

Financial crime losses in South Africa’s banking sector have dropped sharply, from R3.3-billion in 2023 to R2.7-billion in 2024, thanks to improved prevention and detection measures – but experts warn that these figures may be misleading. While overall losses have declined, the nature of financial crime is changing, with AI driving a new generation of sophisticated scams. As cybercriminals probe for vulnerabilities, banks face mounting pressure to stay ahead - falling behind could mean bigger financial losses, reputational damage, and eroded customer trust.

“Cybercriminals are using AI to create fake videos, audio clips, and images that impersonate bank staff, executives, or even family members. These deepfakes are alarmingly convincing - trained on publicly available photos, videos, and voice recordings scraped from social media and other online sources, they mimic facial expressions, lip movements, and speech patterns with remarkable accuracy,” says Allan Juma, ESET Southern Africa Cybersecurity Engineer.

The threat recently hit close to home when the South African Reserve Bank (SARB) issued a public warning after a deepfake video surfaced online, falsely portraying Governor Letsetja Kganyago promoting a fraudulent investment opportunity that encouraged people to share sensitive information and approve falsified transactions.

According to the South African Banking Risk Information Centre (SABRIC), digital banking fraud incidents jumped from 52 000 in 2023 to nearly 98 000 in 2024, driven primarily by social engineering attacks that exploit human error rather than system flaws. SABRIC warns that this trend is likely to escalate, with AI-generated deepfake audio and video scams becoming more widespread. Over the past year, deepfake-related scams in South Africa have surged by 1 200%, with the banking and fintech sectors bearing the brunt.

"It all comes down to intent - AI can be used to deceive or to defend, depending on who's behind the keyboard,” says Juma. “The banking and finance industry is now using the same technology that criminals exploit to generate deepfakes and phishing scams, but repurposing it to flag unusual transactions and verify identities. The real test, however, lies in our collective ability to adapt faster than they do. Security measures that work today may be obsolete tomorrow."

In response, South African banks have ramped up their defences, investing in cross-industry partnerships and advanced fraud detection systems. Capitec recently reported that its AI-enabled fraud prevention tools helped curb a surge of scams targeting clients, blocking payments to high-risk accounts and stopping over 23 000 fraudulent transactions - saving customers over R200-million. By deploying AI to combat the very scams that AI is helping to create, banks are taking a more proactive approach to fraud prevention.

"Effective cybersecurity depends on multiple layers of protection working in concert - and that starts with choosing a service provider that understands defence is not a single tool but a coordinated strategy," says Juma. "Banks need to incorporate AI-powered threat detection that flags unusual activity and adapts      in real time, without disrupting legitimate transactions.”

But technology is only half of the solution. Even the most sophisticated banking systems can fail if users aren't AI-aware. "Educated customers are a bank's first line of defence," says Juma. "When people can recognise red flags like a convincing voice clone, a suspicious investment pitch, or an unusual verification request, they don't just protect their own accounts. They stop fraud before it scales, prevent breaches that compromise entire systems, and strengthen the financial ecosystem as a whole.”