Illustrative Image: Bank cards. (Photo: iStock) | Magnifying glass. (Image: Freepik) | Torn paper. (Image: Freepik) | (By Daniella Lee Ming Yesca) This is Part 1 of a four-part Daily Maverick series.
Look at the police-issued table of South African crime statistics, and the picture is, cautiously, improving.
Murder is down. Robbery is down. Sexual offences are down. Car theft is down. Then your eye lands on commercial crime — and the line goes in only one direction.
According to Daily Maverick’s analysis, the commercial crime statistics have nearly doubled in just over a decade: from 76,744 cases in 2013/14 to 143,600 in 2024/25.
Since 2020/21, the acceleration has been most striking: 82,890 cases; then 102,057; then 112,592; then 127,651; then 143,600.
In the most recent quarter for which data are available — Q3 of 2025/26 — commercial crime grew another 2% in three months, with Gauteng accounting for more than a third of all cases nationally.
The only major crime category with a comparable upward trajectory is kidnapping.
One might assume that these numbers would be generating urgent national conversation and parliamentary debates. In reality, commercial crime barely registers in the public discourse.
This series is an attempt to understand why commercial crime is growing, how it is happening, and what is being done about it. But as we were to discover when we started asking questions, clear answers are shockingly hard to come by.
/file/attachments/orphans/Commericalcrimerise2013-2025_529024.jpg)
The scale of what we don’t know
Start with the most basic question: what exactly is commercial crime, and who is investigating it?
Here is where the opacity begins.
Commercial crime is a broad umbrella. It covers fraud in all its forms — including digital banking fraud, investment scams and corporate embezzlement — as well as forgery, money laundering and corruption-adjacent financial offences.
What it does not do, in any publicly available South African data set, is break itself down into comprehensible subcategories that would allow citizens, journalists or researchers to understand exactly where the growth is coming from or who the primary victims are.
The quarterly South African Police Service (SAPS) crime statistics simply list the case volumes for “commercial crime” — without breaking that down in any way.
When Daily Maverick asked the SAPS for disaggregated data on commercial crime, the response was simple: it doesn’t exist.
It should be noted that the SAPS may be recording some forms of fraud or scams under the crime stats category of “All theft not mentioned elsewhere”, rather than “commercial crime”. If so, the total figures would be even more alarming.
The Directorate for Priority Crime Investigation, better known as the Hawks, deals only with complex crimes. The Hawks published a table (see page 143) in its most recent available annual report, for 2024/25, that breaks commercial crime down into 18 bewildering categories.
“Fraud with stolen petrol card” is one such category. Another is devoted to cases involving violations of the Cybercrime Act, while “internet-related fraud” is a separate category. These case numbers are mostly negligible.
And then there’s a category simply labelled “other fraud”, the cost of which is specified in “actual value”, in what seems to be a single financial year, as R396-billion from just more than 1,000 cases.
That figure is nothing short of jaw-dropping.
To put that into global perspective, the number exceeds the FBI’s total internet crime losses for the entire US in the same year by almost $4-billion — for a country with an economy roughly 40 times smaller than that of the US.
It is a figure so large that it raised the legitimate question of whether it could be a data entry error. We asked Hawks spokesperson Brigadier Thandi Mbambo to check; she confirmed the figure was accurate.
/file/attachments/orphans/FraudlossesbycountryGemini_975360.jpg)
Daily Maverick’s attempts to seek further comment from the Hawks over the course of a week were fruitless; at one stage, we were told that an unspecified number of our questions were better directed to the SAPS.
What is certain is that the just over 1,461 cases of commercial crime investigated by the Hawks over this period represent a minuscule fraction of the real total.
The South African Banking Risk Information Centre (Sabric), which collects information on crimes affecting the banking sector, reported more than two million incidents affecting banks alone in its most recent crime statistics report, from 2024.
The Hawks’ figures, in other words, bear no relationship to the scale of the problem as reported by industry bodies, and it is genuinely unclear where forms of crime such as digital banking fraud, investment fraud or business email compromise would be categorised within their taxonomy.
Terence Corrigan, a project manager at the Institute of Race Relations (IRR) who has researched financial crime extensively, spent considerable time trying to untangle this.
“I suspect a lot of what happens just isn’t reported,” he said.
“There are huge reputational risks to banks that get suckered. Another possibility is that at least some of what happens — I’m thinking the sort of thing that hits ordinary folk — might get reported to banks, but not to the police.”
/file/dailymaverick/wp-content/uploads/Terence-Corrigan-OPINIONISTA.jpg "Terence Corrigan. (Photo: Supplied)")
One might also assume that all commercial crimes are prosecuted by the National Prosecuting Authority’s Specialised Commercial Crime Unit (SCCU), but the unit deals only with the most serious or complex cases.
NPA spokesperson Kaizer Kganyago told Daily Maverick that the SCCU prosecutes cases of commercial crime “typically where the value exceeds R500,000”, though the SCCU can take on cases below that threshold if they involve organised syndicates or cross-border elements.
Kganyago sent us the latest figures for cases finalised in the specialised commercial crime courts.
Those figures used a totally different sub-categorisation system for commercial crime than that of the Hawks. They amounted to only 470 cases, and some of those were non-commercial.
Kganyago acknowledged, somewhat confusingly, that “the exact number of incidents reported to the police and subsequently referred to the prosecuting authority remains unclear, as not all incidents are reported to SAPS”.
What all this means in practice is that South Africa’s commercial crime surge is happening largely in a statistical void.
The fraud economy
If official data is thin, industry data — though not without its own limitations — fills at least some of the gaps, and it points to one area of commercial crime for which we do have meaningful figures: digital banking fraud.
Sabric’s 2024 report records an 86% increase in South African digital banking fraud incidents in a single year, with losses from banking app fraud alone exceeding R1.2-billion.
These figures represent the most detailed publicly available window into any single subcategory of commercial crime — and they suggest that digital banking fraud is likely to be one of the largest and fastest-growing components of the commercial crime surge. It is for this reason that digital banking fraud will be the primary focus of the articles that follow in this series.
But to understand digital banking fraud, it helps first to understand the broader fraud landscape from which it has emerged.
Manie van Schalkwyk, CEO of an NGO called the South African Fraud Prevention Service (SAFPS), described the three dominant fraud categories his organisation tracked in 2025.
“Fraudulent documents, misuse of accounts through fraudulent conduct and scams were the top categories listed on the SAFPS database,” he said.
On account misuse, he identified money mules —individuals whose bank accounts are used, knowingly or unknowingly, to move criminal proceeds — as the largest single contributor.
And on scams, Van Schalkwyk said the dominant method in South Africa currently is phishing. “Victims’ information is phished via a call from the scammer impersonating an institution’s employee or a person of authority. The scammers trick individuals into revealing sensitive information like passwords, credit card numbers, or personal data that they will use for their benefit.”
Rendani Singo, who runs fraud consultancy MK Fraud Insights, mapped the terrain of commercial crime beyond banking.
“Some of the more common [forms] I encounter include procurement and invoice fraud within corporates, where suppliers are impersonated or payment details are altered; fraud within logistics and supply chains, particularly involving goods diversion or false deliveries; and various forms of scams in everyday digital life, such as marketplace fraud, mobile wallet abuse and impersonation scams on messaging platforms,” he said.
“We also see fraud emerging in areas like loyalty programmes, where points are stolen and converted into value, as well as in informal and semi-formal markets where controls are weaker but transaction volumes are high.”
The common thread across all of these, Singo argued, is more sociological than technological.
“What ties many of these together is that they are less about exploiting systems directly and more about exploiting gaps in processes and human behaviour, which is why social engineering features so prominently across different fraud types.”
This is an important point. Commercial crime in South Africa appears to be growing not only because criminals have developed superior technical capabilities — though that is a vital part of the story — but also because they have become extraordinarily sophisticated at exploiting the predictable ways that people, and the institutions they work for, behave.
Singo described the fraud operations he encounters as structured, specialised and adaptive. “There are typically different roles involved, including those who source data, those who engage with victims and those who manage the movement of funds. This structure allows them to specialise and scale their activities.”
The AI arms race
Artificial intelligence is accelerating both sides of this contest in ways that were barely imaginable even five years ago.
Forensic expert Albert van Zyl pointed to the way technology has fundamentally lowered the barrier to entry for criminals.
“You now have LLMs [large language models] without any of the safeguards of ChatGPT that will help you conceive, plan and execute a scam from start to finish,” Van Zyl said.
“It will help you devise a full social media campaign. It is stupid to go and rob a bank these days.”
Fraudsters are using AI to produce error-free phishing communications, to clone voices and to generate deepfake content that is increasingly indistinguishable from authentic material.
The National Financial Ombud (NFO) warned South Africans in December 2025 that “fraudsters are increasingly using AI to deceive consumers, convincing them that they are speaking with their banks and persuading them to transfer funds directly to the fraudster’s accounts. Some scammers are even able to clone or copy bank numbers, making it extremely difficult for consumers to distinguish between legitimate calls and fraudulent ones.”
Banks are deploying AI detection tools in response, and several South African institutions point to behavioural analytics systems that flag out-of-pattern transactions in real time.
But, as NFO spokesperson Priya Rajah cautioned Daily Maverick, these tools are not a magic bullet.
“Fraud detection systems are inherently reactive. They rely on suspicious patterns or anomalies to emerge before they can respond. As a result, some fraudulent transactions may only be flagged after they have been initiated or even completed,” said Rajah.
The human cost
Statistics are abstractions. Behind the commercial crime numbers, we find victims in the form of large businesses, but also ordinary people — sometimes elderly and usually completely unprepared for what has happened to them. We will be profiling some of their stories in this series.
Veteran consumer journalist Wendy Knowler told Daily Maverick that she is flooded by complaints about issues such as bank fraud on a weekly basis now.
“So much more of my work is fraud-related than when I started 28 years ago,” said Knowler.
“These days I don’t worry about the money in my bag, but the money in my bank.”
Ncumisa Fandesi, the founder of consumer advocacy organisation 1 Family 1 Stockpile, is similarly besieged with messages from banking fraud victims, and has herself been a victim of fraud on her credit card.
/file/dailymaverick/wp-content/uploads/2023/12/Ncumisa-Ndelu-3.jpg "Ncumisa Fandesi. Pic: Rogan Ward")
“These days I don’t worry about the money in my bag, but the money in my bank,” she said.
“Who is liable, really? Who takes responsibility for my money? The nature of the fraud is outperforming the safety protections. I don’t think the banks appreciate the impact, but it is ruining people’s lives.”
Why the silence?
Daily Maverick’s difficulty in extracting concrete information for this reporting was also experienced by Corrigan in his own research on financial crime.
Corrigan said that for past research projects he had found people far more willing to talk openly about topics like the construction mafia and abalone poaching than about bank fraud and commercial crime.
“This one was tough: I knocked on a lot of doors, and for anything more than a general press statement type response, I had to grant anonymity,” he said.
The reasons for this institutional silence are partly legitimate.
Van Zyl pointed to the tipping-off provisions of the Financial Intelligence Centre Act, which prohibit banks from disclosing that they have filed a suspicious transaction report: a restriction designed to prevent suspects from destroying evidence, but which has the practical effect of keeping victims in the dark about investigations that directly concern them, and the public in the dark as to the scale of the problem
“Even if a bank detects something and reports on it, in order to protect the system they are required not to divulge that they have reported it,” he said. “It’s an offence to say that we reported this to the FIC [Financial Intelligence Centre].”
But Corrigan suggested the silence also reveals an “understandable reluctance” to concede that people’s money is no longer as safe in banks as it used to be.
“Banks no longer really keep actual assets; they keep records. This makes cybercrime so much more lucrative than a traditional bank heist, and also so much more incomprehensible to the average person,” said Corrigan.
He also cited the example of institutions possibly quietly paying enormous ransoms to criminal actors. These are losses that would be impossible to disclose in an annual report.
“Frankly, a lot of this probably comes down to something that looks a lot like that quote from A Few Good Men: ‘You can’t handle the truth’,” he said.
The truth may be murky, but there are still a few things we can say with confidence.
The commercial crime statistics in South Africa have nearly doubled in a decade and are still accelerating. The systems meant to investigate, prosecute and compensate victims are fragmented, under-resourced and in some cases structurally incapable of providing answers.
The single area of commercial crime for which the public has access to meaningful data — digital banking fraud — recorded an 86% increase in incidents in a single year. And the institutions best placed to explain this are, with very few exceptions, saying as little as they can get away with.
That has consequences. Every year that passes without a clear public accounting of what is happening, who is responsible and what is being done about it is another year in which fraudsters continue to operate in the dark — and another year in which the people they target have no idea how exposed they are. DM
Next: The fraud victims who fought back – and those who couldn’t.