Let's kick off with an obvious question, namely: what is online fraud? Fraud is variously defined as a deception or misrepresentation; a perversion of truth to convince someone to part with something of value or surrender a legal right.
Online fraud encompasses both financial fraud and identity theft on digital channels such as websites or mobile apps. It's usually carried out via the perpetrator hiding information or providing incorrect information to deceive victims and drive them to part with information, products, or money.
Online fraud damages businesses and consumers alike. Companies lose money through it and are forced to pass these losses/costs onto customers, and they also must take precautions to ensure every potential transaction is legitimate. That can place an unwelcome burden on consumers to prove they are not trying to commit fraud.
While the pandemic did little for national economies or businesses, it was a major contributor to the surge in the use of digital technologies due to social distancing and nationwide lockdowns. People and organisations all over the world had to adjust to new ways of working and living.
Account fraud is becoming increasingly brazen as attempted fraud transactions have increased exponentially in recent years.
The lockdown resulted in most people taking to the internet and internet-based services to communicate, interact and continue with their job responsibilities from home. Usage of internet services rose from 40% to 100%, compared to pre-lockdown levels.
However, it proved to be the biggest growth driver for online businesses, particularly in certain sectors such as banking and retail, along with food delivery, education, streaming services, pharmacy sales, telemedicine and more.
Identity fraud is a growing problem, with losses totalling over $635 billion in 2023 and account takeover attacks up 354% year-over-year. Account fraud is becoming increasingly brazen as attempted fraud transactions have increased exponentially in recent years.
Fraud will continue to grow in volume and sophistication as more companies, and individuals, choose online channels to conduct business. The world's governments are scrambling to catch up with much-needed changes to cyber laws to hold those committing fraud accountable, but the best option is to prevent it from happening in the first place.
What are your chances of being an online fraud victim?
With the explosive growth of online business, and the accompanying explosion of the types and volume of fraud being attempted, it's not a question of if, but of when it will happen to you. If you are actively selling products or services over the internet, you have already been or will eventually be, the target of cyber criminals attempting fraudulent activity.
The impact of fraud on businesses
According to the South African Banking Risk Information Centre (SABRIC) annual crime statistics for 2023 released in October 2024, fraud in South Africa caused massive economic damage, with estimates suggesting losses in the hundreds of billions annually due to syndicates.
Key sectors heavily impacted include banking (over R3.3 billion in 2023), insurance and investments (over R175 million in 2023), and, historically, state capture estimated at up to R250 billion.
Key fraud statistics in South Africa:
Total economic impact: Criminal syndicates cause estimated revenue losses of R200 billion to R300 billion annually.
Overall banking fraud: SABRIC reports financial crimes, including card and digital fraud, resulted in losses of almost R3.3 billion in 2023. Digital banking fraud in South Africa surged by 45% in 2023, with total annual losses exceeding R1.8 billion by 2024.
Insurance and investments: In 2023, life insurers and investment companies lost at least R175.9 million to fraud, a 128% increase from 2022. However, they prevented R1.5 billion in fraudulent claims.
Identity theft: Losses from identity theft exceed R2 billion annually, with 45% of cases affecting young adults (25-35).
Small business impact: Employee fraud often results in SMEs losing significant revenue, with individual incidents costing roughly R2 million.
Cost to businesses: For every R1 lost to fraud, South African businesses incur an additional R3.64 in associated costs (investigations, legal fees, etc).
Consumer impact: About 57% of South Africans were targeted by scams within 12 months, with many losing between R501 and R5 000.
Online fraud in SA in November and December 2024 saw 68% of citizens targeted and 13% falling victim, losing an average of R12 518. Phishing, vishing and smishing dominate, while synthetic identity fraud surged 153%.
The different types of online fraud
Cyber criminals are creative and increasingly sophisticated in their methodology. They work in a myriad of ways to defraud individuals and businesses. When online fraud detection and prevention methods evolve to slow or stop specific schemes, fraudsters modify their approach to circumvent each new detection technique.
Join the conversation:
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit Cape Town 2026 and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
The ability of cyber criminals to adapt and adjust when their techniques are exposed and accounted for means that classic online fraud detection solutions can struggle to detect fraudulent activity.
Generally, attempts at fraud split into two areas: manual and automatic. Manual attempts involve individuals using the internet to hack into systems or gain access to information they then use to impersonate legitimate users. Automated attempts involve programming bots or emulators to speed up and scale up efforts to access and use systems and information.
Bots or automated scripts perform simple, repetitive tasks quickly and at scale. Emulators are programs that mimic mobile devices from desktop computers. They are used separately in most cases but can be used in tandem.
Some of these approaches include:
Account takeover fraud: This uses existing, legitimate accounts and their stored (or stolen) credit card information and loyalty points. A fraudster gains access to the account, makes purchases, and can use or resell the merchandise, seek refunds or stick a merchant with chargebacks. A form of account takeover fraud, business e-mail compromise, where someone gains illicit access to a business's e-mail account and makes unauthorised fund transfers, remained the costliest form of fraud in 2023.
New account fraud or account creation: Attackers set up new accounts using stolen credit card information to pay, often while abusing coupons, loyalty points and referral programmes to make purchases. They then can seek refunds and always leave merchants liable for chargebacks.
Checkout fraud, or guest checkout fraud: Uses stolen credit card information and the “Guest Checkout” option on websites for customers who don't wish to register for an account. This allows fraudsters to sidestep identity verification checks when using stolen credit card information. They often use bots to automate testing stolen card numbers on a website, then manually use the same card information on different sites (sometimes weeks later) along with discount codes to look like legitimate customers. This is also known as “card-not-present” fraud. Merchant losses due to payment fraud are expected to reach $362 billion between 2023 and 2028.
Authorised push payment (APP) fraud: This is based on imposter scams where fraudsters trick victims into sending them cash payments. APP fraud often relies on mobile applications to transfer money directly from a victim's account to a fraudster's account. Since transactions with applications like this are treated as cash, they are nearly impossible to reverse. By 2027, APP fraud is predicted to exceed $3.03 billion in the US, $1.5 billion in Australia, and $934.7 million in the UK.
In my next article, I will detail the common challenges associated with online fraud.
Share
