0

By Wesley Fetter,OLP Product Manager at Ecentric Payment Systems

South Africa’s online payments ecosystem has moved through four distinct eras over the past 10 years. QR code wallets, screen scraping instant EFTs, secure direct bank APIs and now, device-native wallets, have made their appearances on mobile devices and systems.

RELATED: CBN orders local storage of payment data from 2027, tightens oversight of Nigeria’s digital payments ecosystem

Each transition was driven by a combination of regulatory pressure, fraud risk and consumer behaviours, with COVID-19 functioning as the decisive catalyst that normalised contactless payments before even the wallet had migrated online.

ADVERTISEMENT
ALSO READ: Why regulators remain cautious as Stablecoins gain traction in Africa’s digital payments push

However, as the ecosystem has grown, it has also introduced unexpected risks and complexity, offering consumers multiple ways to pay but very little insight into how to use them or manage them effectively.

Complexity has brought smoother and smarter platforms

This complexity has paved the way for the introduction of smoother and smarter platforms that allow consumers more control without impacting merchant access and stickiness.

Wesley Fetter

ADVERTISEMENT

The first era played out from around 2013 to 2020 when QR codes and tools like SnapScan, Zapper and Masterpass moved mainstream. It started when SnapScan was launched in partnership with Standard Bank in 2013 and gained momentum as competitor solutions like Zapper and Mastercard’s Masterpass subsequently entered the country.

By 2018, Mastercard and Zapper formed a collaborative alliance that allowed Masterpass users to scan Zapper codes and Zapper users to pay at Masterpass merchants in a move that made their combined footprint in excess of 100,000 physical retail points of presence.

Payments ecosystem remained fragmented

Despite these integrations, the payments ecosystem remained fragmented thanks to competing QR standards and uneven merchant experiences. One of the biggest limitations to the QR code era was that it relied on cards – SnapScan and Zapper were payment front ends that tokenised card credentials and used card rails for settlement, simplifying the in-store payment experience for merchants without card terminals. However, these innovations didn’t change the underlying card infrastructure or change online checkout in any fundamental way.

Enter the second era – instant EFT using screen scraping. From mid 2010 to 2024, instant EFT became a widespread solution thanks to its ability to bypass cards while providing merchants with instant access to bank account holders.

ADVERTISEMENT

Providers like Ozow and PayFast gave customers the ability to enter their internet banking login credentials on a third-party interface so the provider could access the banking portal on their behalf. The transactions took place in near-real-time and gave merchants a direct account-level debit without the need for a card. However, it also introduced significant risk.

Risk categories in  the digital payment ecosystem

The South African Reserve Bank (SARB), FSCA and Payments Association of South Africa (PASA) flagged four specific risk categories in a joint public warning in November 2020 across data privacy, fraud exposure, contractual liability and transaction finality.

Since then, SARB has prohibited merchants from issuing EFT credit payment instructions on behalf of a customer unless they are registered with SARB and have customer consent. While instant EFTs are faster and lower cost than card payments from the merchant’s perspective, they have been somewhat hamstrung by changes in regulation and consent.

Enter the era of the direct bank API and the secure pay-by-bank model that has allowed for the transition from instant payments to secure direct bank payments that are more aligned with SARB requirements and its Vision 2025 open banking agenda. Instead of a third-party accessing a customer’s banking portal using their login credentials, the direct API creates a machine-to-machine channel between the merchant and the bank, so the customer managed authentication.

Credentials remain secure within the banking environment. In December 2025, Capitec and Stitch extended these API payments to a Variable Recurring Payments (VRP) model that provides consumers with a structured and consent-driven replacement to DebiCheck and manual debit orders.

API payments have receieved boost 

Within this era of the API, PayShap, operated by PayInc, was launched in 2023 to simplify payment experiences and has already garnered more than six million registered users and processed 905 million transactions as of May 2026. While the system has encountered some challenges and limitations as it evolves, its recent 50% acquisition by SARB has given it the boost it needs.

All these solutions have stepped into the gaps left by the ones that have gone before and two – Google Pay and Apple Pay – have finally moved from global to local, entering the South African payments space with a solution to a persistent issue – the checkout experience.

Where PayShap and APIs have solved for insecure screen scraping and risk, they’ve not simplified the payments process, requiring deliberate, multi-step consumer actions. Apple Pay and Google Pay solve that residual friction by collapsing 12 payment steps to two.

However, collapsing the steps locally is not a simple process as both tools were built for markets that work differently to South Africa and their frameworks leave gaps that have to be filled to meet local merchant requirements.

Era of accessible speed with payment options is here

A single order can trigger subsequent payments against the same card with no prompt and no re-authorisation, for example, and this needs to be solved for local customer needs and merchant offerings. Ecentric has managed this, creating a way for customers to benefit from the accessibility, simplicity and security of Google Pay and Apple Pay while retaining granular control of payments and access.

Ecentric solved it at the gateway by capturing the original authorised payload and issuing a single order-level reference back to the merchant. Any later payment against that order carries only the reference, and Ecentric processes the charge against the already-authorised credential in the background which ensures security and liability are intact. And this has given South Africans a faster, easier and secure way to pay that has been solved for local with international capabilities.

Now customers and merchants sit in the era of accessible speed with payment options that suit their needs and systems, and that are more aligned with an increasingly mobile payments ecosystem.

More in Features

You may also like