The Foschini Group (TFG) is one of South Africa’s largest speciality retailers, with a portfolio of 39 leading brands, more than 4,900 outlets across 22 countries, and a product range spanning fashion apparel, jewellery, cosmetics, sporting goods, electronics, homeware and furniture. Like many major retailers, TFG does not only sell products; it also offers customer accounts and in-store financing, enabling shoppers to purchase goods and pay over time.
That credit infrastructure, while valuable to customers, creates significant exposure to a range of types of fraud, from individuals misrepresenting their identity to access a store account, to organised criminal syndicates operating across multiple brands and geographies simultaneously. The fraud types TFG faced included:
These fraudulent activities are frequently executed in combination, both by individuals and by sophisticated syndicates. As losses grew, it became clear that a reactive, case-by-case approach was insufficient. TFG needed the ability to identify patterns, map associations and act before fraud entered the business.
The retail industry loses billions of rands to syndicated fraud each year and for Cape Town-based TFG, the scale of the problem became impossible to ignore. Fraud losses were increasing, and the Group had become a soft target, with its extensive store network, multi-brand presence and credit infrastructure creating multiple points of vulnerability.
The threat came not just from external fraudsters, but from within. Staff collusion, which involved store employees actively facilitating or concealing fraud, was emerging as a significant and hard-to-detect risk. TFG’s newly established Forensics Department needed investigative tools capable of uncovering these hidden networks.
TFG’s Forensics Department adopted i2 Analyst’s Notebook and i2 iBase as the foundation of its fraud intelligence capability. The deployment began as a proof of concept, led by the new accounts manager and two analysts focused on new account origination fraud.
Results came quickly. Within the first month, the team had identified not only a syndicated fraud pattern but also evidence of staff collusion in the Northwest Province. Within 24 hours, South African police and TFG area managers were at the door of one of the Group’s jewellery stores. All implicated staff members were found guilty of misappropriating stock.
News of the action spread rapidly across the TFG store network, sending a clear deterrent signal. This was only the beginning.
As the team continued to investigate, they updated the i2 iBase database daily with new fraud data, building an increasingly detailed picture of syndicate behaviour. Analyst’s Notebook visualisation charts enabled the analysts to map the associations between ‘customers’, revealing that syndicates are creatures of habit, returning to the same methods, locations and networks. These insights were incorporated into TFG’s in-house high-risk lists, which meant the team could now move from reactive investigation to proactive prevention.
TFG’s wealth of customer and transaction data became a strategic asset. Enriched daily, it gave the Forensics team the ability to detect new modus operandi, block fraudulent applications before approval, and identify whether existing customers in the book were connected by association to known fraud networks.
The sophistication of i2’s capability became most apparent during a major investigation in Johannesburg. TFG’s Credit Forensic team, working in partnership with the South African Police Service’s commercial crime unit, identified a syndicate operating out of Soweto. Staff members at TFG stores were implicated in facilitating counterfeit fraud, a convergence of skimming, cloning and internal collusion operating across multiple brands simultaneously.
All seized data was imported into Analyst’s Notebook and combined with TFG’s existing fraud intelligence. The resulting visualisation mapped the syndicate’s movements and infiltration across different geographical areas and TFG brand outlets, revealing an intricate network of facilitation, skimming device usage and inter-store collusion that would have been invisible to a conventional investigation.
A dedicated Taskforce was formed, travelling with physical evidence and Analyst’s Notebook charts to prove the case. The investigation revealed that store managers and staff members had family and friends employed at nearby stores, providing alibis for one another while operating their own localised fraud hubs.
The investigation resulted in arrests, convictions and significant asset recovery:
Beyond the immediate enforcement outcomes, the investigation produced a lasting reduction in new-account fraud and strengthened TFG’s ability to identify high-risk applicants. It also demonstrated the value of sustained intelligence-led fraud management across the full customer lifecycle.
What began as a targeted proof of concept evolved over more than two decades into a core component of TFG’s enterprise risk architecture. The capability expanded through three distinct phases:
Today, TFG continues to use i2 to mitigate losses across both new account originations and its existing customer book, protecting customers and the business alike from the full spectrum of retail credit fraud.
See how i2’s market-leading solutions are used globally in some of the most demanding operational environments. Request a demo to explore how they support real-world decision-making.
© 2026 i2 Group / N. Harris Computer Corporation. All trademarks owned by N. Harris Computer Corporation.
1 Cambridge Square, Milton Avenue, Cambridge, CB4 0AE, UK
