10X Investments 27Four Abacus Life Abax ABSA Life Alex Forbes Allan Gray Apex Group Argon Asset Management Ashburton Investments AVBOB Bateleur Capital Bidvest Life Boutique Collective Investments BrightRock Bryte Life Cadiz Camissa Asset Management Capitec Life Catalyst Fund Managers Centriq Ci Collective Citadel Coronation Discovery EasyPay Insurance Fairtree Fedgroup FirstRand Investment FirstRand Life Assurance FNZ SA Foord SA GenRe Granate GTC H4 Investments Hannover Re Hollard Life Just SA Khumo Capital King Price Laurium Capital Liberty Holdings M&G Investments Matrix Fund Managers Mazi Asset Management Mergence Momentum Group Munich Re Nedbank Wealth NewFunds Capital Ninety One Novare Oasis OIG Invest Old Mutual Otto1890 Outsurance Life Insurance Peregrine Perpetua Personal Trust PPS Prescient Prime Financial Services Prowess Investments PSG Rezco RGA Re RMA Life SA-H2 Africa Sanlam SCOR Swiss Re Sygnia Taquanta TBI Terebinth Capital TriAlpha Truffle Utho Vodacom Life Vunani Workerslife
News Details Page Intro

How credit bureaus collect a wealth of information about you

Martin Hesse | 07 July 2026

Martin Hesse

Martin Hesse is a writer and editor with more than 25 years’ experience. He was previously the personal finance editor for a leading South African newspaper group and has been writing and editing personal finance articles for more than 15 years.

Have you ever wondered how details about your credit and payment behaviour, which come from a multitude of sources – from banks to clothing stores – end up on your credit report?

It is this same information that credit providers refer to when deciding whether or not to grant you credit, meaning there is a continuous flow of data in both directions. This data may also be accessed by parties such as insurance companies and even employers, under certain conditions, that need to assess you for financial risk.

You may also have wondered, seeing there is all this information about you floating around in cyberspace, how secure it is.
 

How is your credit data shared?

The key player facilitating these data flows through a central hub is the South African Credit and Risk Reporting Association (SACRRA), a voluntary, non-profit organisation established 37 years ago by the credit industry.

Members of the association include South Africa’s six credit bureaus, 298 full members (registered credit providers or data providers) and 13 affiliate-led group members representing 3 626 unsecured credit providers, all of which contribute to and benefit from the sharing of consumer credit and risk data.

Ownership of SACRRA’s Data Transmission Hub is shared with the Credit Bureau Association.

SACRRA works with the National Credit Regulator (NCR), ensuring, among other things, that its members comply with the National Credit Act (NCA) when it comes to sharing and protecting your information. The Protection of Personal Information Act (POPIA) also applies to the processing of this information.

Presenting SACRRA’s annual report for 2025 recently, the association’s executive director, Magauta Mphahlele, said a requirement of membership was reciprocity, a concept that has now been entrenched in guidelines issued by the NCR: “If an organisation wants access to consumer credit information, it must be willing to share its own information with the members of the association. That is the reason members include insurance, telecommunication, asset rental, direct marketing and other service and risk companies.”

Although membership of SACRRA is voluntary, non-member credit providers are still required by law to submit consumer payment information to the credit bureaus, which they must do via SACRRA’s Data Transmission Hub. The reciprocity principle still applies.

 

What credit data can be shared with a credit bureau?

According to SACRRA’s website, the NCA permits credit bureaus to hold the following information about you:

Your credit history, including applications for credit;

Your current credit agreements;

Your monthly credit repayment pattern;

Instances of when you have been in arrears or defaulted on your repayments;

Whether you are under debt counselling, administration or have been sequestrated;

Any actions taken against you by creditors to recover debt;

Your financial history, including your past and current income;

Your assets, debts, and any other information relating to your finances, including your education, employment (including reasons for any termination of employment), and business activity;

Your name, date of birth, ID number, marital status, past and current addresses and other contact details.

 

Who can see my credit data?

SACRRA itself does not see any of your personal information, as the data is encrypted. This means that the information about yourself and your financial history, which you supply to a credit provider when applying for credit, is transmitted via the Data Transmission Hub to the credit bureaus in coded form, and only the credit bureaus have the key to the code. “The files are not opened in the Data Transmission Hub, and SACRRA never has access to, nor can they view or update consumer data,” Mphahlele says.

Once the information is received by the credit bureaus, the data is decrypted and assessed for quality. If it passes the quality test, the information gets added to your credit report and shared with the other bureaus to ensure they all have the same information on you.

If the data coming in is found to be incorrect or out of date, it is rejected, and rejections are monitored by SACRRA for correction.

 

How quickly is credit data shared?

Regulations under the NCA require relatively tight deadlines for information about your credit activity to be reported to the credit bureaus. For example, details of new credit agreements must reach the bureaus within 48 hours of the agreements being signed, with the same timeframe applying to credit agreements being closed or settled.

Monthly payment profile information must be reported within five business days of the billing cycle, and any adverse information about your payment behaviour or any enforcement actions against you must be reported monthly.

 

What credit information is shared?

Mphahlele said that in 2025, average monthly submissions from members on consumer credit activity grew nine percent to 65.7 million records, up from 60.7 million in 2024. Apart from greater compliance among unsecured lenders in submitting data, the increase was driven by the inclusion into the data, at the beginning of 2025, of reporting related to consumers’ bank overdraft facilities.

Clothing stores topped the list of submitting sectors by account volume in the fourth quarter of 2025. The top five sectors were:

  • Retail apparel: 31%
  • Banks: 29%
  • Unsecured lenders: 11%
  • Telecommunication: 10.06%
  • Debt collectors and debt purchasers: 8%

A new challenge facing the credit industry has been the emergence of buy-now-pay-later (BNPL) schemes, Mphahlele said. Steps had been taken to incorporate into the data flows submissions from these providers, while the overall regulation of this sector was being addressed by the NCR.

 

What happens if the data is incorrect?

While there are checks to ensure credit data and other information collected about you is accurate and valid, errors can be made.

SACRRA’s head of operations, Andrea van der Westhuizen, says you may query information directly with a credit provider, and the provider can immediately check whether the information is correct or not. “The Credit Bureau Association has a manual amendment process whereby the provider can load the correction, which then is updated by the bureaus,” she says.

Once the information is on your credit record, you can query it with a credit bureau – the NCA provides a procedure for disputes from consumers to be processed and verified. If your query is found to be valid, any incorrect information will be amended or removed. The outcome of the dispute will be shared with the other bureaus, which will amend their records accordingly, preventing the need for you to lodge disputes with multiple bureaus.