Cybercrime continues to expand at an accelerating pace, thanks in part to Artificial Intelligence (AI), [1] increasing both in scope and complexity. Within the banking sector, fraud should not be regarded as an isolated phenomenon but rather as an integral component of this broader cybercrime ecosystem. Bad actors consistently adapt their methods, exploiting vulnerabilities arising from both human behaviour and technological deficiencies.
Banking is like learning a new language, and in Africa, that language comes with hundreds of dialects. This complexity spans diverse markets, regulatory frameworks, and cultural dynamics. It creates opportunities for innovation and vulnerabilities that criminals are quick to exploit.
Common banking frauds observed in Africa
Africa’s rapid digital transformation, mobile-first banking models and financial inclusion initiatives are vital for growth [2]. These innovative initiatives also expand the attack surface for fraudsters. Fraudsters now weaponise AI to supercharge old tricks, creating new risks. Below are but a few of the common banking frauds observed across Africa:
Old Fraud, new tools
The aforementioned attacks rely heavily on advanced social engineering tactics to manipulate people and technology.
If one thinks carefully about this, fraud itself is old, only the tools are new. Take forgery as an example, bad actors simply moved from forging physical documents to using AI to create impressive digital fakes.[10] Another noteworthy observation is one relating to a shift from fiat to crypto to both commit and conceal fraud.
This evolution highlights how fraudsters quickly exploit new financial instruments and technologies. Crypto currencies, digital wallets, and decentralised exchanges provide speed, anonymity, and cross-border movement that make tracing illicit funds challenging.
At the same time, fraudsters have learned to combine traditional scams with crypto payouts, layering transactions across multiple wallets or converting them into stablecoins to obscure the trail.[11]
The aforementioned tactics reflect a broader trend, demonstrating that as financial innovation accelerates, so too does the ingenuity of those seeking to abuse it.
Regulatory responses
What is encouraging to see is the speed with which some regulators are responding to criminal trends. For instance, Nigeria’s Securities and Exchange Commission (SEC) proactively tackles AI-enabled investment scams through the new Investments and Securities Act, a model for proactive regulatory oversight in the region.
Nigeria’s SEC has also taken customer education and awareness far beyond email and text messaging, with senior leadership on the ground, engaging in creative and personal ways with the communities they serve.[13]
In South Africa, the Financial Sector Conduct Authority has increased regulatory oversight of crypto-asset service providers (VASP).[14] It classifies crypto assets as financial products under the Financial Advisory and Intermediary Services Act, requiring VASPs to be licensed and subject to enforcement.
In Kenya, the Central Bank released Anti-Money Laundering guidelines specific to mobile money service providers,[15] requiring vigilant real-time monitoring of suspicious transactions. It also adopted a functional regulatory framework for e-money issuers (both banks and non-banks), ensuring that mobile payment services adhere to licensing, supervision and consumer protection standards.[16]
In a similar vein, the Bank of Ghana’s Payment Systems and Services Act (PSSA) mandates robust infrastructure for payment service providers,[17] including fraud monitoring tools, service provider oversight, and consumer protection measures. Recently, the Bank of Ghana also issued Corporate Governance Guidelines under the PSSA,[18] aimed at strengthening accountability and transparency in digital payments and e-money operations.
Industry innovations in fraud prevention
To navigate technological change and enhance public trust, the banking industry must think beyond conventional approaches. Globally, banks now fight fraud with advanced tools that match fraudsters’ ingenuity.
Many use behavioural biometrics and real-time monitoring to identify anomalies in how users type, swipe, or interact with systems, which helps detect fraud in real time.[19] Others deploy AI-powered identity verification and deepfake detection to uncover red flags such as synthetic identities and manipulated media. Banks leverage collaborative intelligence to share fraud signals securely, creating resilience across the sector.
Even then, as the industry moves toward Agent Payments Protocol (AP2) and obviate reliance on human intervention,[20] concerns about trust and exposure to fraud remain. Emerging risks will include, inter alia, fabricated digital personas and disguised flows of illicit funds, increasingly aimed at AI agents acting on customers’ behalf.
Unthinkable as it seems, tomorrow’s world could see AI banking agents outsmarted by their malicious AI counterparts, with the result being an empty bank account before the customer realises what happened.
A case for collaboration
It is common cause that technology alone cannot solve the problems outlined in this article.
Collaboration across banks, regulators, law enforcement and consulting firms like Deloitte is critical to outpace fraudsters. This collective effort is already showing results, with law enforcement agencies across the continent making arrests and recovering assets through coordinated operations supported by such partnerships.[21]
Fraudsters already collaborate, sharing tactics and tools across borders and dark-web forums. Industry’s response must mirror that spirit of collaboration through intelligence sharing, joint platforms, and public-private partnerships. Fraud evolves daily therefore defences must evolve even faster.
Path forward: Three pillars
The path forward rests on three pillars.
First, banks must adapt quickly and remain agile as fraud techniques continue to evolve. They need to invest in advanced technologies such as AI-driven detection, behavioural analytics, and real-time monitoring. Finally, banks, regulators, law enforcement and consulting firms must collaborate to build industry-wide defences through knowledge sharing and federated intelligence.
About the Author
