SABRIC's 2024 Annual Crime Statistics tell the story in blunt terms. Digital banking fraud incidents hit 97,975, up 86% from 2023, with gross losses of R1.888 billion, up 74%. In 2022, there were just over 36,000 incidents and R734 million in losses. In two years, the case count has nearly tripled. More than half of all digital banking fraud losses recorded across those three years occurred in 2024 alone.

Over Easter 2026, Standard Bank, Absa, Nedbank and GoTyme all issued public fraud warnings. Banks issuing fraud alerts is not news. Banks issuing them at increasing frequency, despite years of consumer awareness campaigns, is.

Every reported incident in 2024 involved criminals exploiting human error through social engineering, not breaching bank systems. Banking apps were the dominant target, accounting for 65% of incidents and over R1.2 billion in losses.

AI has made the manipulation dramatically harder to spot. Thalia Pillay, CEO of Orca Fraud, notes that AI-generated phishing emails are now grammatically flawless, contextually accurate, and match the tone of the institution being impersonated. The tell-tale signs consumers were taught to look for, poor spelling, suspicious links and requests that felt slightly off, have been eliminated. Voice cloning passes real-time scrutiny. Deepfake video is entering higher-value scenarios. And because AI tools allow syndicates to run many attacks simultaneously at a fraction of previous cost, volume is rising alongside quality.

When a customer is successfully manipulated into authorising a transfer, the credentials are legitimate, the session is genuine, and the payment instruction is valid. Rules-based fraud systems see nothing wrong. The fraud looks exactly like normal banking.

Two SA approaches are producing results.

Discovery Bank's TRUST Alert has cut EFT fraud by 80% since its October 2025 rollout by scrutinising the beneficiary, not the sender. Every payment is checked in real time against behavioural data across Discovery's entire client base. If people like you don't normally pay that recipient, or if that recipient has accumulated risk signals elsewhere in the network, the transaction is flagged before it settles. The customer may have been deceived. The system intervenes anyway.

Orca Fraud is building similar logic at broader scale, monitoring over $5 billion in monthly transaction volume across 70-plus countries using machine learning trained on African payment rail data. The distinction matters: fraud patterns on African mobile wallets, USSD rails, and agent banking networks look nothing like the European card data most global models learn from. Orca raised a $2.35 million seed round led by Norrsken22 in March 2026.

The SABRIC data does not suggest customers are becoming careless. It suggests the attacks have become indistinguishable from legitimate interactions, by design.

If social engineering is the dominant attack vector and AI has made it undetectable by ordinary human judgment, the intervention point is no longer before the customer is deceived. It's before the transaction completes. The banks and fintechs that build that capability fastest will contain their losses. The ones that keep treating consumer awareness as their primary defence will keep issuing Easter warnings.

This workflow first appeared in our 22 April ‘26 edition on AI Diagnostics TB screening.

Read our full coverage of Orca Fraud's $2.35M seed round and how Orca is building fraud intelligence for African payment rails. See how Discovery Bank's TRUST Alert cut EFT fraud by 80%. For the wider picture, read our take on AI adoption across SA banking and business in 2026.

Get more SA tech and business news and subscribe to The Open Letter.