What if the future of FinTech isn’t better individual tools, but full financial sector collaboration?

Carla Wilby, co-founder and CTO of Orca Fraud, describes their company as a fraud intelligence layer that sits inside payment flows rather than alongside them. The platform monitors transactions in real time across more than 70 countries, looking for patterns that individual companies can't see on their own. Orca raised a $2.35 million seed round in early 2026, led by Norrsken22.

The pitch is a network effect for fraud detection. A card-testing syndicate running hundreds of small transactions through a South African payment provider looks routine if you're only watching that provider. Orca's model aggregates de-identified signals, device fingerprints, transaction metadata and account velocity across its client base. 

Participants contribute without exposing customer data or transaction volumes. In theory, every node in the network makes every other node smarter.

"Most companies realise after the fact," says Wilby. "Without anomaly detection or the ability to pick up behavioural changes over time, you're left relying on end-user reports or reports from regulators. By that point, the damage is done."

The patterns here don't match what imported fraud tools were built for. On the mobile money side, coordinated smurfing networks use dozens of wallets funded just below reporting thresholds, then consolidate through agent cash-outs or cross-border remittance. A single card transaction can touch the merchant's payment provider, the acquirer, the card network, and the issuing bank. Each only sees their own leg.

SIM swap fraud adds another dimension. A fraudster ports a victim's number to a new SIM, often using details from a data breach or a bribed telecom employee, and suddenly receives every OTP and banking confirmation. 

According to the COMRiC Telecommunications Sector Report published in July 2025, telecoms-linked fraud (including SIM swap, subscription fraud, and SIM box fraud) costs the South African economy an estimated R5.3 billion annually. SIM swap specifically accounts for roughly 60% of mobile banking breaches.

Synthetic identity fraud thrives where a company ID or tax certificate can open a mobile money account. Devices shared between family members make identity resolution harder. Inconsistent KYC across providers compounds the problem. These are conditions that US or European fraud models, trained on different data and different user behaviour, struggle to account for.

South Africa has a fraud intelligence infrastructure. SABRIC, the banking industry's risk information centre, gathers and disseminates crime data from member banks. The Southern African Fraud Prevention Service runs a shared database across 100+ members that prevented R5.04 billion in fraud losses in 2024 alone. 

In October 2025, South Africa became only the second country after the UK to deploy the GSMA's Scam Signal Platform, linking banking and mobile network data for real-time detection of authorised push payment fraud.

But this infrastructure has a structural gap. PASA membership, which governs payment standards, is restricted to banks and SARB-designated entities. Fintechs cannot be direct members. A World Bank Financial Sector Assessment noted that payment services fintechs must partner with banks to access verification services and fraud reporting. The FSCA itself has proposed a National Scam Centre modelled on Australia's, though it remains aspirational.

For a fintech processing its first few million in transactions, this means the shared fraud intelligence that banks exchange through SABRIC is largely inaccessible. As Wilby puts it, as soon as you are processing funds, you are a node in the network. But right now, fintechs are nodes with no visibility into what the rest of the network is seeing.

Orca's model sounds clean in principle. Shared signals, not shared data. De-identified metadata rather than customer records. But the barriers to making this work at scale are real, and they go beyond technology.

The first is competitive reluctance. Only 27% of financial services providers in EMEA participate in risk intelligence sharing, according to LexisNexis Risk Solutions. Banks invest heavily in proprietary fraud AI and view detection capability as a competitive advantage. At an FSCA Digital Fraud Roundtable in September 2025, the Association of Communications and Technology CEO said publicly that some forms of collaboration could be interpreted as collusion under competition law.

The second is regulatory uncertainty. POPIA does contain a legitimate interest exemption that could cover fraud data sharing, and the Information Regulator can grant public interest exemptions. But these have not been tested in court for the kind of cross-institutional, real-time data exchange Orca proposes. POPIA violations carry penalties of up to R10 million or 10 years imprisonment, which creates institutional paralysis even when the legal basis probably exists.

The third is technical. There is no universal standard for fraud data exchange. Privacy-compliant anonymisation, stripping identifiers, truncating sequences and coarsening behavioural patterns, can degrade the very signals that make the data valuable. This is the fundamental tension in every shared fraud intelligence project globally: the more you protect privacy, the less useful the intelligence becomes.

Orca is not the only company working on this problem, either. Entersekt, also based in Cape Town, serves 250 million+ cardholders and has publicly advocated for consortium fraud models. Smile Identity has verified 300 million+ identities across Africa and recently partnered with Mastercard on identity fraud prevention. 

TransUnion Africa operates a shared fraud database across four southern African countries. And SAFPS has been quietly doing shared fraud prevention for decades, with R30 billion in prevented losses over the past ten years.

The question for Orca is whether a startup with $2.35 million in seed funding can build the institutional trust and regulatory clarity that far larger, older organisations have struggled to achieve. The answer might be yes, precisely because startups aren't burdened by the competitive dynamics between banks. But it's an open question, not a settled one.

Wilby's practical advice is worth hearing regardless of where you land on Orca's specific model. If you're building a fintech that touches money, think about fraud at the architecture level from day one. Systems need to emit signals in formats that could eventually plug into shared infrastructure, whether that's Orca's network, SAFPS, or something that doesn't exist yet.

The consequences of getting this wrong extend well beyond direct losses. A spiking chargeback ratio can get you dropped by your acquirer. A nervous sponsoring bank starts restricting settlement terms. Investors doing due diligence see fraud losses or regulatory flags and either walk away or negotiate you down.

The worst-case scenario isn't a fraud loss you can absorb. It's an attack large enough to lose user trust entirely.

South Africa's next FATF mutual evaluation begins in the first half of 2026, which will pressure regulators to demonstrate real progress on financial crime coordination. The FSCA's proposed National Scam Centre will either get a timeline or quietly die. And the Scam Signal Platform's early results will reveal whether bank-telco data sharing actually works at scale in the South African context.

For Orca specifically, the next milestone is to prove that fintechs will actually contribute signals to the network rather than just consume them. A shared intelligence layer where most participants are free-riding isn't intelligence. It's a product.

This news first appeared in our 8 April edition on Social Light media monitoring in SA.

Read the full breakdown of Orca Fraud's $2.35 million seed round and what it means for SA fintech. See how South African fintechs are building the payments infrastructure powering local commerce. And explore the latest data on who's funding Africa's startups in 2025.

Get more SA tech and business news and subscribe to The Open Letter.