Eskom Slashes Electricity Vending Fraud to 'Very Low Levels' After System Breach

18 September 2025

Eskom has successfully reduced fraud in its Online Vending System (OVS) to "very low levels" following a significant security breach that was first disclosed in December 2024, according to a statement released by the utility on Thursday.

System Breach Contained Through Multi-Layered Approach

The power utility has implemented a comprehensive strategy to address vulnerabilities in its prepaid electricity vending platform, combining enhanced physical security, cyber resilience, and operational controls. The breach, which potentially compromised revenue collection, has been a focus of internal investigation since late 2024.

"Earlier this year, Eskom strengthened the protection of its systems against potential threats. All enhancements are managed through a robust Change Management process across all divisions, ensuring consistent oversight and control," said Eskom Chief Technology and Information Officer, Len De Villiers.

Smart Technology and Dismissals Part of Fraud Crackdown

According to the statement, Eskom has implemented several key measures to contain the breach:

• Tighter physical access controls for vending environments
• Enhanced cyber-security tools and monitoring systems
• Stronger user-access controls with weekly irregularity flagging
• Smart meter deployments enabling near real-time detection of suspicious activity
• Acceleration of a new, secure vending platform to replace the current OVS

The utility confirmed that internal investigations have concluded for some implicated employees, resulting in dismissals. Certain aspects of the case will be referred to law enforcement authorities for potential criminal prosecution.

Separating Fact from Fiction: Municipal vs. Eskom Tokens

In response to recent reporting, Eskom clarified that prepaid electricity tokens cannot be used across different systems. Tokens generated through Eskom's platform will only work on meters registered within Eskom's system, while municipalities operate independent vending systems that are not integrated with Eskom's platform.

This separation means electricity tokens cannot be universally applied, limiting the potential scope of the fraud.

Outlook: Ongoing Vigilance Required

While Eskom reports significant progress in containing the vending fraud, the investigation with law enforcement continues. The utility appears to be shifting from crisis management to preventative controls, though the full extent of revenue impact from the breach remains unclear.

Given Eskom's ongoing financial challenges and the critical importance of revenue collection to operational stability, the effectiveness of these enhanced security measures will likely be closely monitored in coming months. The progressive rollout of smart meters may further strengthen the utility's ability to detect and prevent similar fraud attempts.

Eskom Group Chief Executive Dan Marokane stated: "Reducing vending fraud to very low levels demonstrates that our interventions are effective. We are protecting revenue, restoring trust, and ensuring our customers receive a secure and reliable service."

The utility has called on customers and stakeholders to remain vigilant and report any suspicious prepaid electricity activity.

Key Terms Explained

Online Vending System (OVS): Eskom's digital platform that manages the generation and distribution of prepaid electricity tokens to customers.

Smart Meters: Advanced electricity meters that communicate usage data back to Eskom in near real-time, enabling better monitoring and fraud detection compared to traditional prepaid meters.

Prepaid Electricity Tokens: Unique numeric codes purchased by customers that, when entered into compatible meters, load a specific amount of electricity credit.

Change Management: A structured approach to transitioning systems or organizations from a current state to a desired future state, ensuring changes are implemented systematically with proper controls.