Recently, a significant political call echoed through South Africa’s corridors of power. The Democratic Alliance urged the appointment of a national Cyber Commissioner, specifically highlighting the urgent need to combat AI-driven banking scams. Almost in unison, the Financial Sector Conduct Authority (FSCA) issued stark public warnings about a new breed of fraud: deepfake and impersonation schemes using AI-generated audio and video to target consumers.

This dual alert from political and regulatory bodies is not mere speculation; it is a siren call. For South African businesses, the message is clear: the threat landscape has fundamentally changed, and our defences must evolve just as rapidly. This evolution must start not at the firewall, but at the front door, with how we screen and trust our employees.

The FSCA’s warning cuts to the core of the new challenge: fraud is no longer simply a matter of stolen credentials or compromised systems. It is now about the sophisticated manufacturing of trust. Cybercriminals are leveraging tools once confined to science fiction to craft flawless deceptions.

Voice clones of a CEO authorising an urgent payment, realistic videos of a new “client representative” requesting policy changes, synthetic identities built from stolen data to apply for jobs or credit, and hijacked insurance claims backed by falsified digital evidence, these are the weapons in a new, AI arsenal.

This presents a profound and immediate risk for businesses. The traditional perimeter of trust has dissolved. An employee’s identity, a vendor’s invoice, or a client’s verbal instruction can no longer be taken at face value. The very channels we rely on for communication and verification have been weaponised. In this environment, a company’s greatest vulnerability can often lie within its own structure, not through malicious intent from within, but through unwitting human compromise or sophisticated external impersonation targeting staff.

Consider the implications for human resources and risk management. A synthetic identity, painstakingly crafted with AI-generated supporting documents and a credible digital footprint, can easily slip through conventional background checks. Once inside, this “employee” could be a sleeper agent for industrial espionage or a conduit for financial fraud. More commonly, existing employees, from finance clerks to department heads, can be targeted by these same AI scams. A convincing voice-cloned call from “the MD” demanding an urgent, confidential wire transfer can bypass layers of protocol if the recipient is convinced of its authenticity.

This is where the paradigm must shift. Proactive, intelligent employee screening is no longer a once-off administrative task for recruitment; it is an ongoing component of corporate cybersecurity and fraud prevention.

Building a Human Firewall: The iFacts Approach

To combat AI-powered threats, businesses need intelligence-powered defences. This requires moving beyond static checks to dynamic, contextual verification processes:

1. Advanced Identity Verification: Implementing biometric and liveness detection during onboarding can thwart synthetic identities. Continuous authentication measures can help ensure the person accessing sensitive systems remains the vetted employee.
2. Ongoing Monitoring & Education: Screening cannot end on day one. Regular checks against updated risk databases and watchlists are crucial. Equally vital is continuous employee education, making staff aware of deepfake and social engineering tactics, turning them into a vigilant “human firewall.”
3. Cultivating a Culture of Verification: Companies must instil protocols that require secondary verification for unusual requests, especially those involving payments or data through a separate, established channel. “Trust but verify” must become the operational mantra.
4. Leveraging Professional Screening Partners: In an arms race with AI, most businesses lack the internal expertise. Partnering with a specialist provider like iFacts, which understands the local South African context and the global technological threat, provides access to the latest tools and methodologies to detect sophisticated fraud.

The call for a national Cyber Commissioner is a welcome step towards a coordinated national response. However, cybersecurity and fraud prevention have always been a shared responsibility between the state and the private sector. While authorities work to disrupt criminal networks, businesses have a duty to fortify their own domains.

The AI genie is out of the bottle, and criminals are exploiting its power. The warnings from the DA and the FSCA are our definitive wake-up call. In South Africa’s fight against this new frontier of fraud, reinforcing our first line of defence, through intelligent, persistent, and AI-aware employee screening, is not just prudent risk management; it is essential. It is an absolute business imperative.

Is your business’s vetting process still living in a pre-AI world?

Contact iFacts today to learn how our tailored employee screening and ongoing monitoring solutions can help you build a resilient human firewall, protecting your assets, your reputation, and your people from the sophisticated scams of tomorrow, which are already here today.