By Doros Hadjizenonos, Regional Director – Southern Africa, Fortinet
As South Africa continues to modernise its financial system, the conversation around a Central Bank Digital Currency (CBDC) – a “digital Rand” – is moving from a theoretical experiment to a strategic roadmap. As we reflect on financial innovation this International Day of Banks on 4 December, it is crucial to understand that a CBDC is not a “new payment app” of some sort; it is the creation of a new, parallel, nation-scale critical infrastructure.
The South African Reserve Bank (SARB) has adopted a cautious “fast follower” approach in exploring “digitising” the Rand, learning from the world while conducting its own foundational research. This includes the completed Project Khokha (exploring a wholesale, interbank CBDC) and Project Dunbar (a cross-border payments project with other central banks).
These findings are now informing the bank’s broader Payments Ecosystem Modernisation (PEM) programme. But as this project moves from research toward a potential reality, the “why” must be weighed against the “how” – specifically, how to secure it.
The opportunity: A new path for financial inclusion
The “why” is compelling, particularly for South Africa. A well-designed retail CBDC could be a powerful tool for financial inclusion. It could lower the prohibitive costs of remittances and create a more direct, efficient, and safer mechanism for distributing social grants, eliminating the need for recipients to travel long distances and queue for cash.
This digital infrastructure, as some have argued, also opens the door for “programmable money” – for instance, a grant payment that can only be spent on specific goods like food or educational materials. The opportunities are significant, but they are matched by profound technical and security risks.
The centralisation dilemma: The wholesale risk
Today’s financial system is distributed. Risk is spread across dozens of separate, highly secure commercial banks. A wholesale CBDC, by contrast, relies on a centralised ledger managed by the SARB for interbank settlement. This ledger, inspired by the foundation of crypto currencies, becomes, by definition, one of the most high-value cyber targets in the country.
For a sophisticated state-level attacker, the incentive to compromise this single source of truth – to alter balances, halt transactions, or simply destroy trust in the ledger’s integrity – is immense. Securing this core will require a level of defence that assumes it is under constant, sophisticated attack.
The endpoint explosion: The retail risk
The second, and perhaps greater, challenge is the retail model. This involves a massive decentralisation of risk to the public, introducing millions of new endpoints in the form of digital “wallets” on citizens’ smartphones.
This creates two distinct risks:
- Security: Unlike a bank account protected by a multi-billion-Rand security stack, a user’s personal device is a soft target. The security of the payment system becomes partially tied to the public’s ability to spot a “wallet drainer” phishing attack. Unlike a bank, which can reverse a fraudulent transfer, a CBDC transaction could potentially, in certain instances, be irreversible, shattering public trust and adoption.
- Systemic Stability: A new, critical risk is financial disintermediation. If a retail CBDC is perceived as “safer” than a commercial bank, citizens might en masse exchange their bank deposits for the digital Rand. This could severely curtail the ability of commercial banks to lend money to people and organisations, threatening the very engine of economic growth.
The interoperability bridge
A digital Rand cannot exist in a vacuum. It must connect to the existing financial ecosystem. This “interoperability bridge” – the secure gateway that allows citizens to move money from their traditional bank account to their new CBDC wallet – would become a critical point of vulnerability that needs to be carefully addressed. Attackers will want to target this connection, making its security one of the most complex challenges.
Balancing privacy, compliance, and security
Finally, a CBDC presents a unique governance challenge. The system must be transparent enough to meet South Africa’s rigorous FICA and anti-money laundering (AML) regulations – a non-negotiable requirement to maintain the country’s hard-won exit from the FATF greylist in October 2025. This regulatory pressure is particularly acute as of June 1, 2025, when the Financial Sector Conduct Authority’s and Prudential Authority’s Joint Standard 2 of 2024 took effect, making executive boards and leaders at financial institutions directly accountable for cyber resilience policies and the mitigation of cyber risks.
At the same time, it must guarantee user privacy. The public must be assured that a digital Rand is not a “Big Brother” tool for state surveillance of all transactions. This creates a delicate technical balancing act: the architecture must allow for selective visibility for regulators without creating a “master key” that a cyber-attacker could exploit.
As we look ahead, the debate is not if we will have digital currencies, but how we will securely integrate them. A CBDC is a profound infrastructure project, and the lessons from securing our power grids and financial networks show that security cannot be an add-on. It must be the foundation.
