Monday, July 15, 2024
No menu items!

South Africa’s Two-Pot Pension System – Protecting Savings from Cyber Fraud

Must Read
Soon, South African’s could have the option of placing their retirement fund contributions in two ‘pots’ – the one being the retirement pot and the other being a savings pot that can be accessed by members while still in employment. BDO recently referred to this as three pots, in fact, with the third pot being the funds that are vested.

This means that fund members can draw down a third of their retirement savings before retirement as opposed to waiting to access the money at retirement. However, while this development was originally slated for March 2024, The National Treasury has called for a postponement until 2025 to give the investment industry time to have the systems in place to process swift and safe transactions.

During this preparation period, one of the key considerations pension funds need to bear in mind is how to protect consumers from fraudulent, high-value withdrawals of their hard-earned pension money.


Murray Collyer, Chief Operating Officer at iiDENTIFii, says, “We support a considered approach to the rollout of the two-pot pension system. Once introduced, it provides the potential for easier access to valuable investments. It is the perfect target for fraudsters, who can use the latest technology to prey on unsuspecting transactors.

“Traditional methods of authentication are not enough. As pension funds navigate this new system, they have a duty of care to protect consumers from fraud. This means having the right processes in place to ensure that retirement savings are protected from cyber-criminals.”
What funds are at stake?

What funds are at stake?

It’s important to note that while fund members’ saving pots will be given a boost of 10% of what they have already saved in the fund when this legislation becomes effective, up to a specified limit of R25,000 currently (this cap may change, with the National Treasury currently proposing a limit of R30 000).

Savings pots will continue to grow with one-third of contributions on an ongoing basis. There will be rules around accessing the savings pot, such as a R2 000 minimum amount and access only being allowed once in a tax year.

While fraudsters would not be able to drain entire pensions, the savings in a pot is still a significant amount of money to many South Africans. The risk is also set against the context of a difficult economic climate in which 89% of South Africans are planning to continue working after they retire owing to lack of pension monies.

Collyer adds, “Consumers and pension funds need to be aware that fraudsters are highly attuned to trends and new opportunities to access lump sums of capital.” Cyber criminals have already pounced on car, property, and legal companies where large sums of money are exchanged and regularly capitalise on seasonal activity or trends such as SARS rebate season. A loss from a fund saving pot not only sets back consumers in terms of savings and lost future compound interest, but it damages the reputation of the pension funds tasked with keeping the money safe.

How safe will savings withdrawals from a fund savings pot be?

South African pension funds have not yet announced the process for drawing down on a pension savings pot, stating that the official process will be shared closer to when the two-pot system goes live. The potential of a delayed implementation date gives financial institutions further time to prepare.

Already, funds are being prudent in educating members on how accessing the savings pot will ultimately impact retirement savings. As with any financial services, members also need to be educated on keeping their personal identifying data safe to protect them from fraud.

Collyer says that pension funds need to prioritise identity verification in preparation for the two-pot pension system, “When it comes to any financial services provider, a fault line emerges when it comes to proving that a person is who they say they are. Signatures can be faked. OTPs are vulnerable to interception from criminals who can use them to access a person’s account. Legacy biometrics such as fingerprints or retina scanning can be spoofed. Through cheap and easily available AI tools, criminals can use AI to mimic a person’s voice and conduct a fraudulent transaction on their behalf.”

Even static face verification is not enough. Collyer adds, “Although biometrics offer a more secure means of verification (something you are, instead of something you have, like a password or OTP), fraudsters are becoming increasingly adept at staging attacks that, if successful, could give them access to those pension savings.” Essentially, fraudsters posing as a person’s likeness by spoofing easy-to-replicate biometrics could give them access to that person’s pension savings.

How pension funds can ensure the safety of consumers

As the two-pot pension system comes into effect, funds can focus on both financial education and security. Many consumers are vulnerable to the increasingly sophisticated social engineering scams that are designed to extract identifying information such as passwords, account numbers, and more.

Collyer adds, “While consumers need to ensure they don’t give out sensitive personal account information, pension funds have a responsibility to have security in place that is immune to security breaches.”

- Advertisement -

Innovative AI Partnership Transforms Healthcare Technology

BroadReach Group and BAO Systems- a US-based health IT organization, have signed a collaboration agreement that will expand how...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -