How pension funds can protect consumers in anticipated two-pot pension system in SA
Soon, South Africans could have the option of placing their retirement fund contributions in two ‘pots’ – the one being the retirement pot and the other being a savings pot that can be accessed by members while still in employment. BDO recently referred to this as three pots, in fact, with the third pot being the funds that are vested. This means that fund members can draw down a third of their retirement savings before retirement as opposed to waiting to access the money at retirement. However, while this development was originally slated for March 2024, the National Treasury has called for a postponement until 2025 in order to give the investment industry time to have the systems in place to process swift and safe transactions. During this preparation period, one of the key considerations pension funds need to bear in mind is how to protect consumers from fraudulent, high-value withdrawals of their hard-earned pension money.
Murray Collyer, Chief Operating Officer at iiDENTIFii, says: “We support a considered approach to the roll-out of the two-pot pension system. Once introduced, it provides the potential for easier access to valuable investments. It is the perfect target for fraudsters, who can use the latest technology to prey on unsuspecting transactors. Traditional methods of authentication are not enough. As pension funds navigate this new system, they have a duty of care to protect consumers from fraud. This means having the right processes in place to ensure that retirement savings are protected from cyber criminals.”
What funds are at stake?
It’s important to note that while fund members’ saving pots will be given a boost of 10% of what they have already saved in the fund when this legislation becomes effective, up to a specified limit of R25 000 currently (this cap may change, with the National Treasury currently proposing a limit of R30 000), savings pots will continue to grow with one-third of contributions on an ongoing basis. There will be rules around accessing the savings pot, such as a R2 000 minimum amount and access only being allowed once in a tax year. While fraudsters would not be able to drain entire pensions, the savings in a pot is still a significant amount of money to many South Africans. The risk is also set against the context of a difficult economic climate in which 89% of South Africans are planning to continue working after they retire owing to lack of pension monies.
Collyer adds: “Consumers and pension funds need to be aware that fraudsters are highly attuned to trends and new opportunities to access lump sums of capital.” Cyber criminals have already pounced on car, property and legal companies where large sums of money are exchanged and regularly capitalise on seasonal activity or trends such as SARS rebate season. A loss from a fund saving pot not only sets back consumers in terms of savings and lost future compound interest, but it damages the reputation of the pension funds tasked with keeping the money safe.
How safe will savings withdrawals from a fund savings pot be?
South African pension funds have not yet announced the process for drawing down on a pension savings pot, stating that the official process will be shared closer to when the two-pot system goes live. The potential of a delayed implementation date gives financial institutions further time to prepare. Already, funds are being prudent in educating members on how accessing the savings pot will ultimately impact retirement savings. As with any financial services, members also need to be educated on keeping their personal identifying data safe to protect them from fraud.
Collyer says pension funds need to prioritise identity verification in preparation for the two-pot pension system: “When it comes to any financial services provider, a fault line emerges when it comes to proving that a person is who they say they are. Signatures can be faked. OTPs are vulnerable to interception from criminals who can use them to access a person’s account. Legacy biometrics such as fingerprints or retina scanning can be spoofed. Through cheap and easily available AI tools, criminals can use AI to mimic a person’s voice and conduct a fraudulent transaction on their behalf.”
Even static face verification is not enough. Collyer adds: "Although biometrics offer a more secure means of verification (something you are, instead of something you have, like a password or OTP), fraudsters are becoming increasingly adept at staging attacks that, if successful, could give them access to those pension savings.” Essentially, fraudsters posing as a person’s likeness by spoofing easy-to-replicate biometrics could give them access to that person’s pension savings.
How pension funds can ensure the safety of consumers
As the two-pot pension system comes into effect, funds can focus on both financial education and security. Many consumers are vulnerable to the increasingly sophisticated social engineering scams that are designed to extract identifying information such as passwords, account numbers and more.
Collyer adds: “While consumers need to ensure they don’t give out sensitive personal account information, pension funds have a responsibility to have security in place that is immune to security breaches.
“At iiDENTIFii, we have worked with many of the leading banks in South Africa to pioneer something we refer to as 4D Liveness authentication. Simply put, this is a process that confirms that a person making a transaction is human, who they say they are, and transacting live in the present moment. The person withdrawing the funds takes a selfie and, using a unique sequence of flashing coloured lights, we are able to determine their liveness. By comparing this selfie with relevant government databases, iiDENTIFii’s technology accurately authenticates someone’s identity in just seconds. These advanced algorithms are continually being fine-tuned to stop fraudsters in their tracks,” says Collyer.
In conclusion, like any new development in access to savings, the two-pot pension scheme potentially introduces a new risk frontier to the financial services landscape. If not secured correctly, fraudsters can assume the identity of consumers and access large sums of money, with potentially life-changing results for members. In their preparation for the two-pot pension scheme’s ultimate roll-out, pension funds need to protect members and insurers need to put cover in place to protect against substantial loss of savings. Part of this includes ensuring that their biometrics sufficiently protect against criminals. Having this in place will ensure financial security for consumers.
iiDENTIFii is an award-winning face authentication and identity verification platform that distinguishes itself through its use of 3D and 4D Liveness® detection. Purpose-built for enterprises across Africa and the Middle East, iiDENTIFii enables frictionless, scalable customer onboarding in seconds from anywhere and on any device. Founded in 2018, iiDENTIFii has become a proven key partner in multiple tier 1 African banks. The technology plugs seamlessly into existing infrastructures, including mobile and web-based platforms.