Project Big Bang results in 32% drop in ATM bombings

News

Project Big Bang results in 32% drop in ATM bombings

Publication Date: 19/03/2025

‘There are masterful insights that can be used to be able to identify a perpetrator and that’s what this initiative was about, leveraging the access to information we all have,’ says Nischal Mewalall, CEO of the South African Banking Risk Information Centre.

By Jeremy Maggs

JEREMY MAGGS: South Africa’s banking and financial sector is under constant threat from increasingly sophisticated criminal syndicates. In response, the South African Banking Risk Information Centre, we know it better as Sabric, has launched something called Project Big Bang. It’s an initiative aimed at combating financial crime and protecting consumers.

So what does this initiative entail? Is it really going to change the landscape of banking security? And I wonder if it’s going to be enough to stay ahead of cyber criminals. I’m joined now by Nischal Mewalall, who’s chief executive officer of Sabric. Nischal, a very warm welcome. Let’s start with the basics very quickly. What is Project Big Bang and why is it suddenly necessary at this time?

NISCHAL MEWALALL: Well, let me start off by saying Project Big Bang was launched in response to the alarming rise in the ATM bombings that were happening across South Africa.

These events were not just causing financial losses, but critical to us was the number of lives it was putting in danger.

You just think about it, think most of our ATMs are in malls and in garage forecourts. Can you imagine these things going off and citizens all around there?

So our aim of the project was simple. Let’s bring the correct guys around the table and you’ve already mentioned Sabric, online intelligence, private security companies, Petroleum Security Initiative, and all of us working as one team. So that was the plan.

JEREMY MAGGS: So without giving away strategic intent here, how successful has this been so far?

NISCHAL MEWALALL: Well, the project has certainly seen some successes already. Let’s just say in the months that have gone by, we’ve seen a decrease of around 32% of the incidents that are happening. But the trick has been the collaboration.

It’s not necessarily about the numbers right now, it’s a bit early to measure, but it’s been the collaboration, the collaboration has been the game changer in response to the incidents.

The trick has been the ability to pool our skills, unique skills and resources, to deal with the criminals.

JEREMY MAGGS: Had we got to a point, or could we still reach a point where banks are now saying this is simply a no-go area as far as ATMs are concerned because of the security risk attached?

NISCHAL MEWALALL: Ja, look, I think that security and ATMs, the scenario has become quite complicated. It’s not possible just to put an ATM up anymore without the necessary infrastructure that’s got to support it. So you’ve got to have the necessary monitoring capabilities, internet capabilities, private security have got to be able to respond to it.

So if we leave it unattended, we are going to find ourselves in a situation where people don’t have access to financial facilities anymore.

So we’ve got to do what needs to be done in order to make the different zones safer so that these ATMs can continue staying in place.

JEREMY MAGGS: The criminal syndicates themselves, I said at the start of this conversation that they have become increasingly sophisticated. What is the intelligence like on who they are and what their modus operandi is?

NISCHAL MEWALALL: Ja, so keep in mind that banks are traditionally not in the business of intelligence gathering. That’s the domain of our police service and some private sector outfits. But on what we’ve come to realise is that understanding the incidents and the ability to harness the access to information that all of us have, to be able to pool the resources, that is absolutely critical.

So there are quite a number of insights that have come out of being able to analyse that data that comes out of forensic analysis of cell phone devices or tower information in the specific areas. So there are masterful insights that can be used to be able to identify a perpetrator and that’s what this initiative was about, leveraging the access to information we all have lawfully to be able to get the job done

JEREMY MAGGS: Given that we are gradually moving away from cash into a more digital world as far as banking is concerned, let me pivot slightly and suggest to you that cybercrime is also evolving rapidly. Do you have a sense of the scale of what it’s like right now and whether Sabric is staying ahead of that particular dynamic?

NISCHAL MEWALALL: Thanks, Jeremy, I think that’s a very interesting pivot and I like where you’re going with this one. Look, our problem has exponentially grown. You’ve raised this issue at the correct time and the core risk we face now is the use of artificial intelligence to be able to [defraud] people out of millions and millions of rands.

In fact, later on Sabric is going to be speaking about exactly that and we are not catching up, we’re beginning to fall behind because our regulatory processes, our legal processes will certainly never be as pre-emptive as what criminals are leveraging.

So let me give you an example, I’m pretty sure you would’ve heard of a thing called a deepfake. I’m sure many of the listeners know it, but today these criminals are leveraging deep fake videos to purport to be bank officials, soliciting you into engaging in investment opportunities.

Then they are creating counterfeit applications that are on your phone. You download these things, this thing is harnessing the data in your phone itself. So it’s become extremely complicated and people are being taken for a song. We have incidents upon incidents that are now known to us, and we are looking into it.

JEREMY MAGGS: So how can the industry stay more pre-emptive then, given the sophistication of the syndicates as you’ve just outlined, it would seem to me that this is a war that you simply cannot win.

NISCHAL MEWALALL: It’s a war which firstly, this is not a unique thing to South Africa as we know, it’s a global phenomenon. But the trick is we have to begin to modernise the way we are doing these investigations, not just within the banking sector but in the entire ecosystem.

We’ve also got to think about the way we empower consumers to be able to make their choices when they’re about to execute a payment. So it’s that and then we’ve got to also look at whether we are constructed appropriately from a regulatory perspective and tooled appropriately to investigate these things.

It’s a completely new world out there from a law enforcement, crime combating perspective, and we just need to be able to adapt to the changes and we haven’t adapted as yet.

JEREMY MAGGS: Part of the problem, and I guess exacerbating the issue, is the lack of capacity or perhaps knowledge of the SAPS [South African Police Service] in that respect to deep dive into more sophisticated criminal investigation.

NISCHAL MEWALALL: Yes, that’s correct. We all understand and know of the financial constraints and the operational priorities of the South African Police Service, but equally it’s the consumer that is also playing a critical role in understanding what not to do.

Our concern here now is that these crimes have evolved to such a point where an ordinary guy is not able to know the difference between what’s real and what’s fake and there is no mechanism for them to be able to validate what’s going on.

Like in a traditional transaction, there are ways in which you can validate whether this is genuine or not, but in this scenario it’s extremely difficult. So there’s more investment that’s got to be made in terms of how people are able to know what’s right and what’s wrong. So really the trick is if you are receiving these overtures, contact your bank, have that conversation, know whether this is real, just don’t go ahead with things like this.

JEREMY MAGGS: The warning certainly has been sounded and not for the first time, but maybe time that we stood up and took a little bit more notice, I guess. Nischal Mewalall, thank you very much indeed, chief executive officer of the South African Banking Risk Information Centre, I appreciate your time.