Standard Bank customers are complaining about money disappearing from their accounts and the bank offering them 'goodwill' gestures which are far below what they have lost.
Image: Armand Hough / Independent Newspapers
After the story of Anastasia Radebe, who lost R60,000 to fraudulent transactions, more Standard Bank clients across South Africa and Eswatini have come forward with strikingly similar accounts.
Their claims follow a consistent pattern. Large unauthorised withdrawals. No record of One-Time Pins (OTPs) being received. And, in many cases, a response from the bank that customers describe as formulaic and dismissive.
At the centre of the growing backlash is what Standard Bank terms a “gesture of goodwill”, a partial refund, often between 25% and 50% of the lost funds. Clients say these offers are presented as final settlements, with an implicit expectation that accepting them closes the matter.
For many, that framing is deeply contentious. A central point of friction is the bank’s reliance on OTP verification as proof of customer authorisation.
In Radebe’s case, Standard Bank maintained that the transactions were approved through her mobile banking app. But new testimonies challenge that logic.
Olivia Horlacher describes what happened to her elderly grandparents. Despite having an R5,000 transaction limit, more than R36,000 was withdrawn within minutes.
“Standard Bank claims she received and accepted several OTPs. That is false,” Horlacher says. “They also say the transactions came from her mobile app, but she doesn’t even have one. She banks in person.”
Altaaf Kader, a chartered accountant, recounts a similar experience involving a $3,500 (about R65,000) transaction on his Shyft card, allegedly made in Dubai while he was in South Africa. He provided passport evidence confirming he had not travelled.
In correspondence with the bank, Kader argued that the investigation focused too narrowly on whether an OTP had been sent, while ignoring signs of a broader digital compromise.
“The approach taken was unnecessarily persistent, focusing solely on the fact that an OTP was received via SMS, while disregarding the clear evidence that I was the victim of a fraudulent incident,” he wrote.
He also raised concerns about vulnerabilities linked to compromised devices, noting that his laptop and email accounts had shown signs of intrusion while he was using public Wi-Fi.
Documents reviewed for this report suggest a recurring institutional position. Where OTPs, PINs, or login credentials are recorded as used, transactions are typically classified as authorised.
In one case, the bank concluded that a separate device had accessed a customer’s profile, validated OTPs, and completed transactions. A limited goodwill payment was offered, without admission of liability.
In another, disputed withdrawals were classified as legitimate because the correct card PIN had been used at an ATM or point of sale.
This position has also surfaced in complaints escalated to the National Financial Ombud Scheme South Africa (NFO). One complainant questioned how transactions exceeding account limits were processed, and why key details that could assist police investigations were not provided.
The broader dispute is clear. Customers argue that OTPs and PINs are no longer reliable indicators of consent in an environment shaped by phishing, SIM swaps, device compromise and social engineering. The bank, in its correspondence, appears to treat those same markers as decisive.
For affected clients, the partial refunds offered by the bank have become a focal point of frustration.
Alastair MacDougall, a pensioner who lost R45,000 after being accosted at an ATM, says he felt pressured into accepting a 25% payout.
“I had no option,” he says. “Being a pensioner, the longer I wait, the more the stress increases.”
Hezekiel Thipe Mphulo lost R20,000 and was offered R4,600. Wendy Visage, whose mother has banked with Standard Bank for three decades, describes a 50% offer as “offensive” and reflective of “a shocking lack of accountability.”
Richard Hart, another complainant, says he independently tracked the suspected perpetrator’s IP address after receiving little assistance from the bank.
“The fraudsters already have access to the accounts,” he says. “They bypass limits to empty everything. Why do these ‘goodwill’ offers come with conditions that effectively silence clients?”
Across testimonies, several recurring concerns emerge:
The Information Regulator is investigating a significant data breach at Standard Bank, where unauthorised access to sensitive client information has raised concerns
Image: Sora
There is no public evidence confirming internal involvement. However, the perception itself points to a growing trust deficit.
Standard Bank frequently directs dissatisfied customers to the NFO. But confidence in that route appears limited among complainants.
Karel du Plessis cites research suggesting a high proportion of rulings favour financial institutions. He also claims that independent forensic testing of compromised devices is rarely pursued.
“The bank will not take the client’s phone or computer for testing,” he says. “The conclusion is almost always that the customer compromised their own account.”
Questions were sent to both Standard Bank and the NFO on April 24, 2026. Neither had responded by the time of publication. The NFO issued an automated reply acknowledging receipt of media queries.
Meanwhile, more cases continue to surface.
Malische Pienaar, who is contesting a R270,000 loss linked to a QR code scam, believes the imbalance of technical knowledge plays a role.
“The bank capitalises on the fact that we don’t understand the technical side of digital security,” she says. “We’re expected to accept their findings.”
Standard Bank maintains that OTP-authorised and card-and-PIN transactions are real-time settlements that cannot be reversed. Physical incidents at ATMs are typically classified as criminal matters for the South African Police Service, limiting the bank’s liability.
But as more clients come forward, the issue is shifting from isolated complaints to what appears to be a broader systemic challenge.
For pensioners and long-time customers who say they have lost life savings, the question is no longer about individual cases. It is about whether existing fraud detection and response frameworks are fit for purpose in an increasingly sophisticated threat environment.
And for many of them, a partial refund is not a resolution. It is evidence of a system they believe has failed them.
karabo.ngoepe@inl.co.za