Business

South Africa’s Tax Refund Shake-Up: What SARS Might Do to Stop eFiling Hijackings

Published

7 hours ago

October 1, 2025

Chiraag

tax refund changes South Africa, SARS refund security, eFiling fraud prevention, tax ombudsman recommendations, taxpayer protection, Joburg ETC

Tax refunds are supposed to be the relief moment after a long filing season, but in South Africa, they have also become a golden target for fraudsters. Now, changes could be on the way that will alter how quickly and smoothly taxpayers get their money back.

Why the crackdown is happening

The Office of the Tax Ombudsman (OTO) has sounded the alarm on a growing trend of eFiling profile hijackings. These cases see cybercriminals slip into taxpayer profiles, tweak key details like bank accounts, and reroute refunds into their own pockets.

According to the OTO’s draft report released on 1 October, the most common victims have been tax practitioners, followed closely by individual taxpayers. The fraud mostly shows up in Personal Income Tax (PIT) claims, though VAT refunds have also been targeted.

While many cases involve smaller amounts under R10,000, there have been notable scams reaching up to R100,000. Syndicates have even been found using company director details changed at the CIPC as an entry point to launch larger fraud schemes.

Where the system is failing

Fraudsters have been exploiting weaknesses in SARS’s current verification processes. Authentication systems are patchy, fraud detection is slow, and taxpayers who report suspicious activity often get little help. Some even struggle to log cases with the South African Police Service, where officers are unsure how to categorise the crime.

Digital banks have also been flagged as a common tool for hijackers, who use them to quickly open accounts and reroute payments once they have taken control of a profile.

What has already changed

SARS has not been sitting still. Since November 2024, two-factor authentication has been compulsory for both individuals and tax practitioners. From March 2025, One-Time Pins have been required whenever someone changes bank details on an eFiling profile.

The tax authority has also started sending alert emails to registered contact details whenever updates are made to profiles. These measures are aimed at making life harder for criminals and offering taxpayers a heads-up if something fishy happens to their account.

What could change next

The ombud has recommended that SARS go further, especially around tax refunds. Some of the proposals include:

Holding refunds for extra checks when banking details are changed close to payout time.
Blocking refunds processed after hours or linked to new accounts until verified.
Adding stricter pre-refund checks for VAT claims above certain thresholds.
Triggering audits not only on high-value claims but also on unusual refund patterns or frequent requests from the same taxpayer.
Putting immediate “stoppers” on accounts once a hijacking report is made.

The goal is to make it much harder for fraudsters to cash out quickly and to buy SARS more time to stop suspicious activity before money leaves the system.

What taxpayers should know

The draft recommendations are now open for public comment until 31 October 2025. This gives professionals, businesses, and ordinary taxpayers a chance to weigh in on how the system could be improved.

For taxpayers, the changes may mean waiting longer for refunds in certain cases. But the trade-off is increased protection in a country where cybercrime and tax fraud are both fast-growing threats.

As one Joburg tax consultant put it on social media this week: “Delayed money is better than stolen money.” That sentiment is likely to resonate widely as SARS and the ombud push for stronger safeguards.