National Credit Act

The National Credit Act (NCA) operates in a sector where credit providers, credit bureaux and related credit-market participants rely on the accurate, controlled and confidential handling of consumer credit information. From a cybersecurity perspective, this makes confidentiality, data accuracy, secure records, access control and governance-friendly evidence important parts of managing credit information risk.

Act no: 34 of 2005

Type: Rules-based

Purpose: To promote a fair, transparent, and accessible credit market by regulating consumer credit and protecting consumers from unfair practices.

Credit providers, Credit bureaux, Debt counsellors, Payment distribution agents, Alternative dispute resolution agents, Consumers.

Financial institutions, retail credit providers, and entities involved in processing consumer credit information.

• Confidentiality Obligations: Credit bureaux must protect the confidentiality of consumer credit information and ensure its security against unauthorized access. [Section 68]
• Data Accuracy and Integrity: Credit bureaux are required to take reasonable steps to verify the accuracy of consumer credit information and maintain records in a manner that ensures their integrity. [Section 70(2)(c)]
• Security Measures: Credit bureaux must maintain records of consumer credit information in a manner that satisfies prescribed standards, including protection against loss, unauthorized access, and unlawful destruction. [Section 70(2)(e)]
• Prohibition on Unauthorized Information: Credit bureaux are prohibited from receiving, compiling, or reporting information not permitted under the Act. [Section 70(2)(f)]
• Retention and Expungement: Consumer credit information must be retained only for prescribed periods and must be expunged when no longer permitted to be held. [Section 70(2)(g)]
• Access and Correction Rights: Consumers have the right to access their credit information and request corrections of inaccuracies. [Section 72(1)]

The National Credit Regulator may impose administrative fines for non-compliance, which can be up to 10% of the annual turnover of the credit provider during the preceding financial year. [Section 151(3)]

Certain contraventions of the Act may constitute offenses, leading to criminal prosecution and penalties. [Section 160]

The National Credit Regulator may suspend or cancel the registration of a credit provider or credit bureau for failure to comply with the Act. [Section 57]

Non-compliance can lead to public censure, loss of consumer trust, and negative publicity, adversely affecting the organization’s reputation and business operations. [Section 150]

CyberProfiler: External Vulnerability Scan

Provides a safe, non-invasive external vulnerability scan of your public digital footprint, highlighting security weaknesses that may be visible to attackers.

• Identifies potential unauthorized access points, aiding in the protection of confidential information. [Section 68]
• Assists in verifying the integrity of systems used to maintain consumer credit records. [Section 70(2)(e)]

Managed DMARC Protection

Supports DMARC implementation and monitoring to help reduce domain spoofing risk, improve outbound email trust, and move safely towards enforcement.

• Ensures secure communication channels, protecting against unauthorized access to consumer credit information. [Section 68]
• Maintains the integrity of electronic communications related to consumer credit data. [Section 70(2)(e)]

• Department of Justice: Link to the Act
• Information Regulator: Code of Conduct for Credit Bureaux

(Links verified and active as of May 2026)