Purchasing gesture-based, low-cost identity verification (IDV) solutions could put South African businesses at serious risk, said Lance Fanaroff, co-founder of iiDENTIFii, an enterprise-grade provider of biometric identity.
Fanaroff pointed to the country’s financial services industry as an example and said the South African Fraud Prevention Service and major banks have warned of increasingly aggressive deepfake and social engineering scams, highlighting the need for more robust customer authentication and verification.
Banks are facing mounting operational costs due to the complexity and resource intensity of scam investigations. These cases require prolonged customer support, co-ordination with law enforcement and sophisticated fraud analysis, all of which strain bank resources.
The need to provide strong, infallible digital protection was reflected in the PWC South Africa Major Banks Analysis 2025 report, which noted a shift to digital banking platforms, particularly in retail banking. The report estimates that digitally active clients are now approaching a third of the South African population. This trend is reflected in growing investments in cyber security, alongside emerging technologies such as AI.
Securing digital identity isn’t just about protection, said iiDENTIFii, and many businesses are also adopting biometrics to aid in compliance. This is likely in response to a greater urgency to strengthen financial controls and prevent money laundering after South Africa’s 2023 greylisting and the POPIA requirement that companies let their customers know when there has been a breach.
iiDENTIFii referred to a KPMG Southern Africa Banking Survey, which noted that 50% of banks in their study said they had, or intended to, deploy AI technologies to reduce the costs associated with compliance.
KPMG’s study also found that 38% of participants dedicate up to 30% of their IT budgets towards AI and innovation. However, 54% of the group emphasised the primary factor standing in the way of adopting innovative digital tools – for security, as well as efficiency – is budgetary constraints.
The will to invest in digital innovation is there, but there is consistent pressure to keep costs low. This, together with the impact of anti-money laundering and know your customer, is prompting a rise in investment in gesture-based, low-cost IDV solutions.
A move away from traditional tech
Tope Olufon, senior analyst at Forrester, said traditional identity management models are fragmented, inflexible, inefficient and siloed.
Speaking at the ITWeb Security Summit 2025, hosted recently in Johannesburg, Olufon said in addition to understanding AI, businesses must achieve full visibility of their assets and view cyber security through the eyes of threat actors.
“The industry is maturing and use cases are growing. With decentralised identity management, trust becomes a two-way street and re-usability will drive efficiency."
This IAM model facilitates augmented physical ID with revocable credentials, and beyond security, will find use cases in vertical markets like healthcare and recruiting.
Olufon said achieving full visibility is still a major challenge, along with requisite budgets to meet costs. “Identity is the connective tissue of cyber security, and AI is a force multiplier that gives us speed and has changed the way we approach creativity and security.”
The country is seeing a dramatic rise in impersonation and social engineering scams, including fake police personas and forged documents to manipulate victims into revealing sensitive info or transfer funds.
Fanaroff said: “Our recent South African Identity Index measured business sentiment around digital identity and the tools they are using to protect themselves and consumers. The report found that business adoption rates of AI-based fraud detection are at 50.5% and biometric methods are at 39.5%.”
However, gesture-based liveness solutions such as smiling, winking or head movement offer weak defences against identity spoofing and deepfakes.
Fanaroff added: “While a more sophisticated solution may seem like a larger investment upfront, companies cannot afford to invest in biometric security and liveness technologies that have not been rigorously tested against current cyber threats. Gesture-based solutions may appear cost-effective, but they expose organisations to significant risk – and the long-term cost of fraud, financial losses and reputational damage far outweighs any initial savings. An inferior solution exposes organisations to emerging crimes such as deepfakes and digital replay attacks.”
According to Fanaroff, digital identity is central to security, as it is the point of contact between a business, its resources – like data or funds – and the outside world.
He added that as criminals increasingly use low-cost, accessible AI tools to commit fraud at scale, the risks are growing. The impact of such security breaches goes beyond financial or data loss – it erodes brand trust at a time when consumers are not afraid to switch brands for better, safer service. This is especially true for younger consumers, for whom trust is a key differentiator.
Fanaroff advised: “Small and medium businesses exploring entry-level solutions should pursue passive liveness as opposed to gesture-based solutions, as passive liveness has some resilience against deepfake attacks.”
He added that companies of any size should be able to switch seamlessly between solutions to a more robust liveness detection for bigger transactions and for high-risk transactions. “For example, 3D liveness can be used effectively for lower risk transactions, with subsequent authentication and 4D liveness used for initial onboarding and higher-level transactions.”
Share