The Office of the Tax Ombudsman (OTO) has released draft recommendations urging the South African Revenue Service (SARS) to overhaul its approach to verifying tax refunds, particularly in order to deal with the rising number of eFiling profile hijackings in South Africa. The suggested adjustments focus on extending the length of time refunds are withheld for additional checks when taxpayer details have recently been updated, and on adopting more rigorous pre-refund verification processes once refund amounts surpass specific thresholds.
Key Takeaways
- Tax refund delays likely: The OTO recommends SARS hold back refunds for longer when details are recently updated or refund amounts are unusually high.
- Security upgrades in progress: Two-factor authentication and OTPs are already in place, with calls for stricter measures like automated alerts and graded security checks.
- Public input invited: South Africans have until 31 October 2025 to submit comments on the draft report and influence how SARS tackles eFiling hijackings.
About Arcadia Finance
Find the right loan easily with Arcadia Finance. Choose from 19 trusted NCR-approved lenders, avoid application costs, and enjoy a streamlined experience built for you.
Growing Threat of eFiling Profile Hijackings
The publication of these recommendations is tied to the OTO’s draft report on the hijacking of eFiling profiles, which was made public on Wednesday, 1 October. The ombudsman initiated an inquiry into the problem after receiving a growing number of complaints that such incidents were occurring more frequently. These cases typically involve cybercriminals obtaining unauthorised entry to taxpayer eFiling accounts, making unauthorised alterations to registered details, and rerouting expected tax refunds into their own bank accounts.
In some cases, victims only discover the fraud once SARS informs them that their refund has already been paid out, often long after the money is unrecoverable.
The ombudsman’s analysis revealed that tax practitioners have been the most common victims of these hijackings, with individual taxpayers ranking second. The problem has been especially evident in Personal Income Tax (PIT) submissions, followed closely by Value Added Tax (VAT) claims. Although the majority of fraud cases have involved amounts of less than R10,000, there has also been a worrying number of higher-value incidents, with some reaching as much as R100,000. Interestingly, these incidents mirror global patterns of tax fraud, where smaller but frequent amounts often evade detection, while larger cases trigger investigation but cause devastating financial harm when missed.
Systemic Weaknesses Exploited by Criminals
One of the most pressing issues contributing to these crimes is that the existing security and authentication mechanisms of SARS have left exploitable gaps that fraudsters can take advantage of. In many cases, the systems for detecting fraud are slow to pick up anomalies, while the subsequent reaction processes are also sluggish, which provides criminals with a significant window to operate undetected. The method most often seen is the fraudulent amendment of bank details on eFiling profiles, diverting legitimate refunds into new digital bank accounts that are set up by the perpetrators. A practical tip for taxpayers is to avoid using weak or repeated passwords and to check their eFiling accounts at least once a week to spot unauthorised changes quickly.
In more organised cases of tax fraud targeting companies, the fraudulent activity often starts with illicit or falsified changes to directors’ details on the Companies and Intellectual Property Commission (CIPC) system, which then feeds through to SARS. When fraudulent activity is eventually identified, the OTO reported that both taxpayers and practitioners face difficulty in resolving matters because communication channels are ineffective, and assistance from SARS support structures is limited. Attempts to escalate the matter externally, such as by approaching the South African Police Service, are often unsuccessful because police stations struggle to categorise the offence appropriately, leaving victims stranded without effective recourse. Cybercrime related to identity theft has risen globally by more than 200% over the past decade, making South Africa’s challenges part of a much larger international trend.
Security Adjustments Already in Place
The draft report also notes that SARS has taken some initial steps to try and strengthen its systems to discourage hijackers and complicate fraudulent activity. Since 22 November 2024, SARS has required two-factor authentication (2FA) for both individual taxpayers and tax practitioners. The OTO has advised that SARS adopt more sophisticated 2FA arrangements where the level of authentication increases according to the risk profile of the activity being performed. For example, high-value VAT refund claims could require multiple verification steps, not just a single OTP.
In March 2025, SARS introduced an additional safeguard by requiring a One-Time Pin (OTP) whenever changes are made to registration details, particularly for bank account information. The OTO recommended that SARS continue to monitor whether this OTP measure genuinely addresses the vulnerabilities it was designed to prevent. In addition, SARS has informed the ombudsman that it has begun sending email alerts to taxpayers whenever their registered details are amended, including contact and security information. The OTO has encouraged SARS to continue expanding such measures to keep its digital platforms both secure and user-friendly. Taxpayers are encouraged to double-check that their security contact details are up-to-date to ensure that they actually receive these alerts.
Focus on Protecting Tax Refunds
A significant part of the ombudsman’s recommendations centres on safeguarding tax refunds, which remain one of the prime targets for criminals. The report highlighted that SARS should enhance its refund verification procedures by setting up automated alerts for transactions such as refunds processed after office hours, or refunds issued soon after changes to banking details. This is similar to how many banks already flag suspicious debit card transactions that occur at odd times or from unusual locations.
It was also advised that SARS delay refund payments for additional verification whenever banking details have been updated shortly before the refund request. The ombudsman urged SARS to introduce more rigorous pre-refund checks for all VAT refunds exceeding certain value thresholds and to ensure that account “stoppers” are immediately placed on taxpayer profiles once a hijacking incident is reported by either the taxpayer or their tax practitioner.
One useful tip is for taxpayers to immediately report suspicious activity to SARS via the secure eFiling message system rather than waiting to call the helpline, as this creates a digital record that can speed up investigations.
Furthermore, it was recommended that SARS refine its refund audit triggers so that they do not only flag high-value claims but also monitor unusual refund activity patterns, new or recently modified account information, and repeated refund requests from the same entity. Something worth noting is that according to some cybersecurity analysts, fraudsters often target weekends or public holidays when institutional response times are at their weakest.
Public Comment Period Open
The OTO’s full draft report is now available for public input. Members of the public, tax practitioners, and other stakeholders are invited to submit their written comments via email to communications@taxombud.gov.za. The closing date for all submissions is 31 October 2025. This consultation period will provide an opportunity for taxpayers and professionals alike to shape the future safeguards designed to protect South Africa’s tax system from the growing threat of digital hijacking and fraudulent refund claims. It is a rare chance for ordinary South Africans to directly influence the way the national tax authority handles fraud prevention, making participation especially valuable for small business owners and sole proprietors who are often the most vulnerable.
Conclusion
The draft recommendations from the Tax Ombudsman highlight both the urgency and complexity of combating eFiling hijackings in South Africa, with measures aimed at tightening verification processes, improving fraud detection, and protecting taxpayer refunds. While SARS has already introduced key security enhancements such as two-factor authentication and One-Time Pin verification, the call for further reforms underscores that cybercriminals continue to exploit weaknesses in the system. By participating in the public consultation process, taxpayers and practitioners have a unique opportunity to shape a safer, more resilient tax administration environment that balances efficiency with protection.
Fast, uncomplicated, and trustworthy loan comparisons
At Arcadia Finance, you can compare loan offers from multiple lenders with no obligation and free of charge. Get a clear overview of your options and choose the best deal for you.
Fill out our form today to easily compare interest rates from 19 banks and find the right loan for you.
