South Africa's Digital ID Plans: What They Mean for Identity Fraud and KYC in 2026

South Africa's identity system is moving into a more digital phase, but businesses should be precise about what has happened so far. On 5 May 2026, the Department of Home Affairs invited public comment on draft amended regulations under the Identification Act of 1997. The comment period closed on 6 June 2026. That means this is a regulatory proposal, not a completed national rollout.

The proposal still matters for every business that verifies people online. It points to a future where digital credentials, biometric identity confirmation and controlled data sharing become more important parts of South African onboarding. At the same time, identity fraud is becoming more technical. AI-assisted impersonation, deepfake-style spoofing and account takeover attempts are changing what a good KYC process needs to prove.

For businesses, the takeaway is simple: a digital ID framework may reduce some document risk, but it does not remove the need for layered verification controls.

What Home Affairs has proposed

The official South African Government statement says the draft regulations are designed to create the regulatory framework for a Digital Identity system in South Africa.

According to that statement, the proposed framework would allow citizens to store and use secure digital versions of Home Affairs products, including identity documents, birth certificates and marriage certificates, on a smartphone. It also introduces remote identity confirmation using biometric verification.

The same official source is clear on two important limits:

The Digital Identity system would be optional.
Physical products such as Smart ID cards would continue to exist alongside it.

That distinction matters. Businesses should not tell customers that Digital ID is already mandatory, that physical IDs are invalid, or that the green ID book has already disappeared. The correct 2026 position is that draft Digital Identity regulations have been published for comment, and Home Affairs is working toward a digital identity framework.

Why this is connected to fraud prevention

The Digital Identity proposal is not happening in isolation. South Africa has long had identity-fraud exposure around older documents, weak records and manual onboarding. In a 1 June 2026 report, EWN reported that Home Affairs Minister Dr Leon Schreiber described the green barcoded ID book as a weakness in South Africa's security system and linked it to identity theft and criminal activity.

That does not mean every green ID book is fraudulent. It does mean businesses should be careful when identity evidence is paper-based, manually captured or disconnected from live verification. Fraudsters often look for gaps between what a document appears to show and what a reliable source can confirm.

A stronger process should ask:

Does the ID number resolve to a real person?
Do the names, date of birth and status fields match the person being onboarded?
If a selfie or face image is used, does it match the reference identity evidence?
Is the document itself consistent, valid and untampered?
Is the customer or entity exposed to AML, sanctions or PEP risk?
Do payment details belong to the person or company being paid?

Digital identity may improve parts of that journey, but the business still needs a defensible workflow around the result.

AI spoofing changes the KYC risk model

Biometric verification is becoming more important, but it is also under attack. In March 2026, Biometric Update reported on Smile ID's 2026 Digital Identity Fraud in Africa findings. The report found that in Southern Africa, 87 percent of rejected biometric verification attempts were connected to AI-assisted impersonation and spoofing.

That figure is Smile ID's data, not VerifyNow data. It is still a useful warning for South African businesses: a face check should not be treated as a magic fraud shield. Criminals are no longer limited to blurry document scans or obvious photo substitutions. They can use synthetic images, deepfake-style media, virtual cameras, emulators and manipulated capture environments.

This is why modern verification should be layered. A higher-risk onboarding journey may need identity verification, document checks, face matching, AML/PEP screening, bank account checks and human review rules. The goal is not to collect every possible data point. The goal is to verify the right evidence for the risk of the transaction.

What businesses should do now

The draft Digital Identity regulations are a good moment to review your onboarding controls. Even before any final regulatory framework is in force, businesses can reduce identity risk by tightening the checks they already run.

1. Confirm the underlying identity

Use South African ID verification where you need to confirm identity details against reliable records. This is the foundation of most KYC workflows because it helps determine whether the ID number and personal details line up.

For a business workflow, avoid relying only on a scanned ID, a customer-typed form or a screenshot. Treat those as inputs that still need verification.

2. Add face match where remote onboarding risk is higher

Where the user is not physically present, consider Face Match or Biometric Verification as part of the risk model. A face comparison can help confirm that the person presenting identity evidence is connected to the identity being checked.

It should be paired with controls against spoofing and escalation rules for mismatches, low-confidence results or unusual patterns.

3. Verify documents when documents are part of the journey

If customers upload identity documents or supporting documents, Document Verification helps reduce risk from tampered, expired or inconsistent document evidence.

Document checks are especially useful where a business still receives PDF uploads, photos of documents or manually captured data. A digital ID future may reduce some document handling, but it will not make document fraud irrelevant overnight.

4. Screen for AML, sanctions and PEP risk

Identity confirmation tells you who a person or entity appears to be. It does not tell you whether that relationship carries financial-crime risk. For regulated or risk-sensitive workflows, AML/PEP Screening supports the risk-review layer of KYC.

This is particularly important for accountable institutions, high-value transactions, cross-border relationships, politically exposed persons and ongoing monitoring.

5. Check bank details before money moves

Identity fraud often becomes financial loss when money is paid to the wrong account. For supplier onboarding, refunds, payroll changes or customer payouts, Bank Account Verification can help confirm whether the bank account details match the person or company in the transaction.

This is a separate control from Digital ID, but it is one of the most practical ways to reduce payment redirection and account-substitution risk.

What this does not mean

The 2026 Digital Identity proposal does not mean VerifyNow issues government Digital IDs. VerifyNow is not Home Affairs, and it does not replace official identity documents.

It also does not mean biometric verification alone can prevent all fraud. AI-assisted spoofing makes it more important to design verification as a full workflow, not a single pass/fail check.

Finally, it does not remove POPIA obligations. Identity information, biometric signals, bank details and document data remain sensitive personal information. Businesses should collect only what they need, restrict access, keep audit records and align processing with a lawful purpose.

The practical takeaway for 2026

South Africa's draft Digital Identity regulations are a signal that identity verification is becoming more digital, more biometric and more connected to both public and private-sector workflows. That is good news for efficiency, but it raises the bar for fraud controls.

For businesses, the best response is not to wait for a perfect future Digital ID system. Start by cleaning up the verification steps you control now:

Confirm the person's ID details.
Match the person to the identity evidence where the risk requires it.
Verify documents instead of trusting uploads.
Screen risk through AML and PEP checks.
Verify bank accounts before payment.
Keep a clear audit trail for every decision.

Explore the VerifyNow services catalogue to choose the right checks for your onboarding, compliance and fraud-prevention workflow.