Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

GenAI fraud forcing banks to shift from identity to intent

Issue 6 2025 AI & Data Analytics, Information Security, Financial (Industry)

Despite its history of resilience and globally recognised innovation, the eye-watering pace of cyberthreat evolution, characterised by rapid mutation and increasing sophistication, is forcing South Africa’s banking sector to rethink its approach to security.

In its 2024 Annual Crime Statistics report, the South African Banking Risk Information Centre (SABRIC) notes that digital banking fraud saw a significant escalation, with an 86% increase in incidents and a 74% rise in associated losses, totalling R1,89 billion. Digital banking fraud accounts for almost 70% of recorded financial losses in the banking industry. SABRIC has laid a good deal of the blame on emerging technologies, particularly Generative Artificial Intelligence (GenAI), being leveraged by criminals to craft more sophisticated schemes.

South African (SA) banks have not sat idly by; they have invested heavily in systems, partnerships, and awareness campaigns to combat crime. They, too, have turned to AI technologies to fight fraud, saving billions in fraud losses. However, the pace of fraud innovation has made chasing down the criminals a moving target for local banking leaders.

“Gone are the days when a single technology or a static set of controls can keep fraudsters at bay. The threat landscape today is dynamic, with attackers constantly probing for new vulnerabilities and exploiting gaps in traditional defences,” says Pieter de Swardt, SVP Commercial: SA & Sales Operations at Entersekt. “The complexity and velocity of modern fraud schemes, from deepfakes to fraud and scams involving social engineering, demand more than just investment in new tools. While banks are investing heavily in protecting their clients, the real test lies in their ability to adapt and expand their security net.”

A nuanced approach is required

A deliberate move toward multi-layered, adaptive security is required to mitigate these evolving threats. Rather than relying on a single line of defence, banks are increasingly turning to behavioural analytics and risk profiling to analyse intent in addition to identity.

“By constructing dynamic profiles of customer behaviour, including transaction timing, geolocation, device fingerprinting, and channel usage, banks can detect deviations that may signal fraud, even when individual transactions appear legitimate,” says De Swardt.

Banks that focus on whether the client ‘should’ be doing the transaction by analysing context, device usage, and transaction velocity to distinguish genuine behaviour from suspicious intent are reaping the rewards. According to KPMG’s Global Banking Scam Survey 2025, 60% of banks that monitor customers to understand if they are communicating with a third party while using online or mobile banking rated this as an effective fraud prevention measure.

De Swardt explains that shifting to intent-based fraud-fighting approaches also helps fight chargeback fraud, which is a growing headache for banks.

"We had an example of a bank customer reporting fraud after performing multiple transactions in succession. The first transaction was deemed legitimate, but the customer reported the next two as fraudulent. The subsequent transactions were then found to be legitimate. We were able to assist the bank to confirm that all the transactions were coming from exactly the same browser. With the forensics in place, the bank was able to get the client to confess to first-party fraud. The data is impartial and sometimes there is no third party involved,” De Swardt shares.

Cross-channel is key

Equally critical is the need for cross-channel visibility. Fraudsters increasingly exploit gaps between siloed systems, initiating transactions in one channel and authenticating in another.

De Swardt says security architectures must correlate data across originating and authentication channels with online banking, card payments, mobile apps, and other touchpoints. This holistic view enables the detection of anomalous patterns (such as a transaction initiated from an unfamiliar device and authenticated from a geographically distant location) that would be invisible in a single-channel context.

De Swardt says this nuanced approach, using as many data points as possible, allows banks to intervene only when something is suspicious, maintaining a smooth client experience, while still being vigilant against fraud.

“When risk signals indicate that a transaction matches a customer’s usual behaviour, it can be processed quickly and without extra steps. Only when something appears out of the ordinary does the system need to introduce additional authentication measures or alerts, minimising disruption for clients,” he explains.

Security is the one time that competition should not matter

Consortium intelligence is another pillar of effective cyber defence. By participating in industry-wide data sharing initiatives, banks gain access to a broader spectrum of threat intelligence, including indicators of compromise and emerging attack vectors.

“One of the defining features of SA banking is its collaborative spirit. Local banks have established open lines of communication, sharing intelligence and best practices to collectively combat fraud. One of the positive aspects of the battle against fraud is that it is not seen as a competitive advantage. It is a necessity in a region where attack vectors morph rapidly and fraudsters are quick to adapt,” De Swardt shares.

Summing up, De Swardt says the velocity of fraud evolution means that yesterday’s defences can quickly become obsolete. In this context, the technical challenge is not merely to add more layers, but to architect a security ecosystem that is adaptive, intelligence-driven, and capable of real-time response.

“By leveraging behavioural analytics, cross-channel visibility, and industry collaboration, banks can stay ahead of evolving threats while preserving the trust and satisfaction of their customers. The battle against cybercrime is only beginning, but with a new approach, as well as the right partners, SA banks are well positioned to meet the challenge,” he says.

For more information, go to www.entersekt.com




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Securing your access hardware and software
SMART Security Solutions Technews Publishing RBH Access Technologies Access Control & Identity Management Information Security
Securing access control technology is critical for physical and digital security. Every interaction between readers, controllers, and host systems creates a potential attack point for those with nefarious intent.

Read more...
From friction to trust
Information Security Security Services & Risk Management Financial (Industry)
Historically, fraud prevention has been viewed as a trade-off between robust security and a seamless customer journey, with security often prevailing. However, this can impair business functionality or complicate the customer journey with multiple logins and authentication steps.

Read more...
Phishing and social engineering are the most significant risks
News & Events Information Security
ESET Research found that phishing accounted for 45,7% of all detected cyberthreats in South Africa, with higher-quality deepfakes, signs of AI-generated phishing websites, and short-lived advertising campaigns designed to evade detection.

Read more...
Security ready to move out of the basement
AI & Data Analytics Security Services & Risk Management
Panaseer believes that in 2026, a board member at a major corporation will lose their job amid rising breaches and legal scrutiny, as organisations recognise that cyber risk is a business risk that CISOs cannot shoulder alone.

Read more...
Understanding the promise and perils of AI
AI & Data Analytics
Samuel Turcotte believes AI may kill us all. In this article, a condensed version of a white paper, he discusses AI's development and associated risks, all the while still hoping for a bright future.

Read more...
Access data for business efficiency
Continuum Identity Editor's Choice Access Control & Identity Management AI & Data Analytics Facilities & Building Management
In all organisations, access systems are paramount to securing people, data, places, goods, and resources. Today, hybrid systems deliver significant added value to users at a much lower cost.

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.