
Wesley Fetter,OLP Product Manager at Ecentric Payment Systems
South Africa’s online payments ecosystem has moved through four distinct eras over the past 10 years. QR code wallets, screen scraping instant EFTs, secure direct bank APIs and now, device-native wallets, have made their appearances on mobile devices and systems. Each transition was driven by a combination of regulatory pressure, fraud risk and consumer behaviours, with COVID-19 functioning as the decisive catalyst that normalised contactless payments before even the wallet had migrated online. However, as the ecosystem has grown, it has also introduced unexpected risks and complexity, offering consumers multiple ways to pay but very little insight into how to use them or manage them effectively.
This complexity has paved the way for the introduction of smoother and smarter platforms that allow consumers more control without impacting merchant access and stickiness.
The first era played out from around 2013 to 2020 when QR codes and tools like SnapScan, Zapper and Masterpass moved mainstream. It started when SnapScan was launched in partnership with Standard Bank in 2013 and gained momentum as competitor solutions like Zapper and Mastercard’s Masterpass subsequently entered the country. By 2018, Mastercard and Zapper formed a collaborative alliance that allowed Masterpass users to scan Zapper codes and Zapper users to pay at Masterpass merchants in a move that made their combined footprint in excess of 100,000 physical retail points of presence.
Despite these integrations, the payments ecosystem remained fragmented thanks to competing QR standards and uneven merchant experiences. One of the biggest limitations to the QR code era was that it relied on cards – SnapScan and Zapper were payment front ends that tokenised card credentials and used card rails for settlement, simplifying the in-store payment experience for merchants without card terminals. However, these innovations didn’t change the underlying card infrastructure or change online checkout in any fundamental way.
Enter the second era – instant EFT using screen scraping. From mid 2010 to 2024, instant EFT became a widespread solution thanks to its ability to bypass cards while providing merchants with instant access to bank account holders. Providers like Ozow and PayFast gave customers the ability to enter their internet banking login credentials on a third-party interface so the provider could access the banking portal on their behalf. The transactions took place in near-real-time and gave merchants a direct account-level debit without the need for a card. However, it also introduced significant risk.
The South African Reserve Bank (SARB), FSCA and Payments Association of South Africa (PASA) flagged four specific risk categories in a joint public warning in November 2020 across data privacy, fraud exposure, contractual liability and transaction finality. Since then, SARB has prohibited merchants from issuing EFT credit payment instructions on behalf of a customer unless they are registered with SARB and have customer consent. While instant EFTs are faster and lower cost than card payments from the merchant’s perspective, they have been somewhat hamstrung by changes in regulation and consent.
Enter the era of the direct bank API and the secure pay-by-bank model that has allowed for the transition from instant payments to secure direct bank payments that are more aligned with SARB requirements and its Vision 2025 open banking agenda. Instead of a third-party accessing a customer’s banking portal using their login credentials, the direct API creates a machine-to-machine channel between the merchant and the bank, so the customer managed authentication. Credentials remain secure within the banking environment. In December 2025, Capitec and Stitch extended these API payments to a Variable Recurring Payments (VRP) model that provides consumers with a structured and consent-driven replacement to DebiCheck and manual debit orders.
Within this era of the API, PayShap, operated by PayInc, was launched in 2023 to simplify payment experiences and has already garnered more than six million registered users and processed 905 million transactions as of May 2026. While the system has encountered some challenges and limitations as it evolves, its recent 50% acquisition by SARB has given it the boost it needs.
All these solutions have stepped into the gaps left by the ones that have gone before and two – Google Pay and Apple Pay – have finally moved from global to local, entering the South African payments space with a solution to a persistent issue – the checkout experience. Where PayShap and APIs have solved for insecure screen scraping and risk, they’ve not simplified the payments process, requiring deliberate, multi-step consumer actions. Apple Pay and Google Pay solve that residual friction by collapsing 12 payment steps to two.
However, collapsing the steps locally is not a simple process as both tools were built for markets that work differently to South Africa and their frameworks leave gaps that have to be filled to meet local merchant requirements. A single order can trigger subsequent payments against the same card with no prompt and no re-authorisation, for example, and this needs to be solved for local customer needs and merchant offerings. Ecentric has managed this, creating a way for customers to benefit from the accessibility, simplicity and security of Google Pay and Apple Pay while retaining granular control of payments and access.
Ecentric solved it at the gateway by capturing the original authorised payload and issuing a single order-level reference back to the merchant. Any later payment against that order carries only the reference, and Ecentric processes the charge against the already-authorised credential in the background which ensures security and liability are intact. And this has given South Africans a faster, easier and secure way to pay that has been solved for local with international capabilities.
Now customers and merchants sit in the era of accessible speed with payment options that suit their needs and systems, and that are more aligned with an increasingly mobile payments ecosystem.
