Picture your retirement savings as a fortress: one side built up over the years, while a new door suddenly appears, unlocked. This is South Africa’s two-pot retirement system, launched on 1 September 2024, giving people early access to their retirement funds. While this new system brings flexibility, it also opens the door to cybercriminals looking for weak points. In other words, there are significant cybersecurity risks in the two-pot retirement system. With a flood of withdrawals and updates to banking details, cybersecurity risks have increased, and they can’t be ignored.

This article will explore the cyber risks in the two-pot system, how rushing its introduction made it more vulnerable, and the steps needed to protect against cyber threats.

Why cybercriminals are interested

Retirement funds are already a tempting target for criminals. Now, with the two-pot system, it’s even more attractive. The system allows millions of people to access large amounts of money simultaneously, creating new opportunities for fraudsters. They know that many requests to access funds and update banking details will overload the system, exposing it to attacks.

With so much money at stake and the sudden surge in withdrawal requests, criminals are looking for any weaknesses in the system that they can exploit.

How the rush to launch increased cybersecurity risks in the two-pot retirement system

The two-pot system was introduced quickly, leaving little time for retirement funds to update their cybersecurity systems properly. Many organisations haven’t had enough time to test and improve their defences, which creates opportunities for hackers to find gaps in the system and take advantage of them.

The rushed introduction makes it more likely that mistakes or oversights in security will occur, putting people’s savings at risk.

Phishing and impersonation scams

Criminals will try to trick people through phishing emails and phone calls, pretending to be retirement fund administrators or even the members themselves. These scams aim to steal personal information or convince people to change their banking details.

Older members or those unfamiliar with online processes are especially vulnerable to these scams. As these scams become more advanced, fund administrators must be extra cautious when handling requests to update account details or process withdrawals.

Overloaded communication channels

Call centres and customer support will be overwhelmed as more people try to access their funds. This could lead to rushed security checks or overlooked verification steps, making it easier for fraudsters to sneak through.

Attackers may use this opportunity to push through fake requests while the system is under pressure.

How to reduce cybersecurity risks in the two-pot retirement system

Despite these risks, there are steps that both retirement funds and members can take to stay protected:

  • Improve system security: Retirement funds should strengthen their defences by separating critical systems from those connected to the internet. They should also introduce multi-step verification for large withdrawals, requiring multiple approvals and short waiting periods.
  • Train customer service staff: Customer service teams need better training to spot scams. Instead of focusing on speed, staff should be rewarded for careful, thorough checks to ensure they catch any fraudulent requests.
  • Educate members: Members should learn about the risks of withdrawing their retirement funds and how to protect themselves from fraud. Retirement funds need to provide clear instructions on how to verify who they are dealing with, especially for older or less tech-savvy members.
  • Monitor and detect threats: Retirement funds should use advanced monitoring systems to spot unusual patterns or warning signs of cyber attacks. These systems must be updated regularly to keep up with evolving threats.
  • Work together as an industry: Retirement funds should collaborate to share information about potential threats. By working together, they can strengthen their collective defences against cybercrime.

The ongoing challenge of cybersecurity risks in the two-pot retirement system

The risks from the two-pot system won’t end after the initial withdrawals. As these funds grow over time, they will continue to attract criminals. Retirement funds must keep improving their security, updating their systems regularly, and educating members to avoid potential threats.

Actions you can take next

South Africa’s two-pot retirement system gives people flexibility in accessing their savings, but it also brings significant cybersecurity risks. The large sums involved, rushed implementation, and flood of requests create opportunities for fraud. However, by improving security measures, educating members, and closely monitoring for threats, retirement funds can protect these vital assets and ensure long-term financial security. As retirement fund administrators or participating employers, you can: