Skip to content

The "Permit" Scam: How Card Cloners Are Targeting Tourists in Central Cape Town

May 22, 2026

Photo courtesy of Dietmar Rabich, Wikimedia Commons, licensed under CC BY-SA 4.0
Scam Alert · Central Cape Town · May 2026

The "Permit" Scam: How Card Cloners Are Targeting Tourists in Central Cape Town

A coordinated fraud is sweeping Cape Town's tourist strip. Men in convincing security uniforms tell visitors they need a "permit" to walk down a particular road, then steer them to what looks like a card machine bolted to a wall. It is not a card machine. It is a cloning keypad. With 2.91 million arrivals already landing in South Africa in the first quarter of 2026, the targets have never been more numerous.

2–3
Reported / week
Across Atlantic Seaboard zones, per SPCID estimates
< 3 min
CCTV response time
WatchTower-monitored intervention window
~5M
Tourist season pool
People in Cape Town during peak months
R374M
SA card fraud baseline
≈ €19.4M / $22.8M annual exposure
Updated 22 May 2026 · 14 min read · Data-driven alert

At a glance

The "walking permit" scam first surfaced in 2017 as a parking-permit variant inside the CBD and was thought to have faded. It resurfaced in 2024, evolved through 2025, and is now active across Sea Point, Green Point, Mouille Point, De Waterkant, the V&A fringe and Long Street. Suspects pose as security officials in convincing uniforms, claim a permit is required to enter a street, and present a wall-mounted device that mimics a payment terminal but is actually a card-cloning keypad. A permit is never required to walk on any Cape Town street, promenade or public space.

1. What the scam is, in one paragraph

You step off the Sea Point Promenade or out of a guest house in De Waterkant. A man in what looks like a hi-vis vest, a security cap or a printed lanyard intercepts you on the pavement. He is polite, even apologetic. He explains, in slightly broken but reasonable English, that the road ahead is closed, or that a film shoot is in progress, or that a government delegation is passing through. You need a permit to continue. The permit costs a small amount, payable on a card device fixed to a wall, a bus shelter or held on a pole nearby. He walks you over. You tap or swipe. He watches you enter the PIN. He thanks you. He vanishes. Within minutes, your card details are cloned and your account is being drained.

Key takeaway: No street, road, promenade or public space in Cape Town ever requires a walking permit. If anyone in uniform tells you otherwise, it is a scam. Walk away towards a busy area and call 021 480 7700.

Two things make this fraud unusually effective. The first is the uniform: scammers wear printed hi-vis vests, baseball caps with logos, and even fake ID lanyards. To a first-time visitor unfamiliar with how South African security companies actually identify themselves, the costume passes inspection. The second is the device. It is not a generic skimmer hidden inside an ATM. It is a free-standing keypad designed to look like a Worldpay or Yoco terminal, mounted on a wall or bus shelter, with an LCD that prompts for amount and PIN. The victim genuinely believes they are making a small legitimate payment.

Critical: PIN exposure is the real prize

The fraudsters do not need to charge you anything on the spot. The aim is to capture your card details and watch you enter the PIN. Within hours the cloned card is used at ATMs and point-of-sale terminals, often far from the city centre. Cancel any card you touched on a suspicious device immediately, even if no transaction appears yet.

2. The scammers picked the wrong building

The most recent reported incident gave the operation an unintended punchline. In a now widely shared social-media post, WatchTower Group, the Atlantic Seaboard CCTV monitoring firm, described a familiar approach: suspects intercepting a tourist on the pavement, gesturing towards a wall-mounted device, beginning the script about a permit. The difference, this time, was that the building they staged the scam against happened to be one of WatchTower's own monitored properties. The cameras were not just rolling. The operators were watching live.

"We have all heard about the scam targeting tourists, where suspects approach people walking in the area and claim they need a permit to walk on a particular road. In this incident, the scammers tried exactly that, but picked the wrong building." WatchTower Group, May 2026

Watch the WatchTower reel on Facebook

If the embed does not load, the reel may be limited to Facebook's app or require login. The direct link above always works.

It echoes an earlier WatchTower intervention publicised in early 2024, when smart-detection analytics flagged fraudsters targeting two tourists. Operators alerted PPA Security, whose officers were reportedly on the scene in less than three minutes. The scammers fled before any defrauding occurred; the surveillance network then pinpointed the tourists' guest house, the guest house confirmed the attempt had been thwarted, and law-enforcement officers later used the CCTV footage to identify and apprehend the suspects.

Two months later, in March 2024, the city's own camera operators recorded another permit scam in progress against a German tourist. A chase ensued; the syndicate vehicle rammed a City Improvement District vehicle off the road. Police caught four suspects in the end, three men and one woman. Inside the vehicle: fake number plates, several card readers and scamming devices, security clothing, a fake security ID, and a stack of ATM cards.

Pattern: Every public WatchTower / CCID / SAPS intervention against this scam has produced the same evidence package, fake security uniforms, cloning devices, spoofed ID, and a getaway vehicle. This is organised, not opportunistic.

3. Anatomy of the playbook

The choreography is consistent enough that local security professionals can identify a permit-scam crew within seconds on CCTV. There are five movements, each with a specific psychological purpose.

The five-step playbook

How the permit scam unfolds, second by second

Reconstructed from CCTV-confirmed incidents in Sea Point (Oct 2025), De Waterkant (Sep 2025), Green Point (Mar 2025) and earlier 2024 cases.

ELAPSED TIME → 1 Approach Friendly, polite contact in uniform PURPOSE Establish authority, lower guard 0–15s 2 Pretext "Permit needed for this road / area" PURPOSE Manufacture urgency, disable scepticism 15–40s 3 Lead-away Walked to a wall, pole or bus shelter PURPOSE Move target to the pre-staged device 40–75s 4 Capture Card inserted, PIN entered, shoulder-surf PURPOSE Clone card data, memorise PIN 75–110s 5 Vanish Crew splits, getaway vehicle PURPOSE Use cloned card within minutes 110–150s Total elapsed time, start to vanish: roughly 90 to 150 seconds © T. Koziol 2026 · capetowndata.com
Reconstruction based on reportage from WatchTower Group, Sea Point CID, the City of Cape Town, and Atlantic Seaboard Response. The capture window, step 4, is where the actual fraud happens, but step 2 (the pretext) is where it can still be stopped costlessly.

Why the script works on otherwise careful travellers

Tourists in Cape Town arrive primed to be polite to authority figures, especially in uniform. They are unfamiliar with the protocol for road closures, film shoots and municipal works, and they are conditioned to expect bureaucracy in foreign cities to be slightly opaque. A man in a vest with a clipboard, especially one who speaks to them respectfully, fits a template they recognise. The pretext also exploits the South African media stereotype: visitors arrive expecting petty officialdom and security overhead, so being asked for a small fee for an unfamiliar permit feels in-keeping rather than out of place.

The fraudsters reinforce the script with small touches. They mention a specific time ("the road opens again at 3pm"), gesture confidently towards a believable physical landmark ("the delegation is at the stadium"), and price the permit low enough to be annoying but not alarming, often a handful of rands rather than a large round number. The device they walk you to is not hidden inside a backpack or a coat. It is fixed, visible, and indistinguishable at first glance from the kind of contactless payment kiosks now common at municipal car parks.

4. Inside the cloning device

The single most useful detail to memorise: the "card machine" in a Cape Town permit scam is not a card machine at all. It is a card cloner working through the scammer's phone. When a tourist inserts or taps a card, the device captures the chip data and magnetic stripe; the scammers, standing close, watch the PIN being entered. By the time the victim walks away, the syndicate has everything required to manufacture a duplicate card.

What it looks like Decoy

Roughly the size of a portable card terminal. LCD screen, keypad, an LED that may flash green. Often mounted to a wall, bus shelter or pole using strong adhesive tape or straps, suggesting it has been "installed" by an official body.

What it actually is Cloner

A card-reading head connected via Bluetooth or a wired tether to a mobile phone in the scammer's pocket. The phone records the captured data; the keypad records the PIN. No real transaction is processed.

How they read the PIN

Shoulder-surfing. The device frequently displays each digit on screen as it is typed, unlike a real terminal where digits are masked. The accomplices stand close enough to read the screen or watch the keypad directly.

How fast the data is used

Most cloned cards have been used within hours, often at ATMs in different precincts. Cancelling the card immediately after a suspicious encounter is the single most effective response, even before any fraudulent transaction appears.

One legitimacy check that always works

A real South African payment terminal will never be glued, taped or strapped to a wall, bus shelter or street pole. It is either held by a person, fixed inside a business, built into a fuel pump, or inside an enclosed parking pay station. Anything wall-mounted outdoors, with no shop or kiosk attached to it, is fraudulent.

5. Where it happens, in order of frequency

The permit scam concentrates almost entirely along the Atlantic Seaboard tourist strip and the eastern edge of the CBD, with the heaviest activity along the Sea Point Promenade and in the corridor running from Green Point through Mouille Point towards the V&A Waterfront. The Sea Point City Improvement District has identified specific hot zones including the Greenpoint Underpass, Beach Road near the market, and the Sea Point side of that road. De Waterkant, with its concentration of guest houses and self-catering rentals, has emerged more recently as a secondary cluster.

Reported activity, 2024–2026

Where the permit scam concentrates

Indicative share of reported incidents and confirmed device recoveries across central Cape Town zones. Bars are illustrative; published incident counts are sparse because most victims are tourists who leave the country before formally laying a charge.

RELATIVE FREQUENCY OF REPORTED INCIDENTS 0 Low Moderate High Sea Point Promenade Hottest Green Point & Mouille Point V&A Waterfront fringe De Waterkant CBD & Long Street Camps Bay Bantry Bay & Clifton © T. Koziol 2026 · capetowndata.com
Sources cross-referenced: Sea Point City Improvement District (Oct 2025 device recovery), WatchTower Group case files, IOL / Cape Argus coverage (Sep 2025, Mar 2025), Cape{town}Etc reporting (Mar 2025, Jan 2024), TimesLIVE (Oct 2025).

The geographic pattern follows tourist density rather than crime gradient. The Atlantic Seaboard is one of the safest residential strips in the metropolitan area, with active CIDs, dense private security and high-traffic promenades patrolled by ratepayer-funded community teams. The scam is not embedded in those zones because they are dangerous, it is embedded there because that is where unaccompanied foreign visitors actually walk in large numbers.

Counter-intuitive truth: The areas where the permit scam happens are statistically safer than most of greater Cape Town. The scam is parasitic on tourist density, not on neighbourhood risk. Being in Sea Point at noon does not put you at higher background crime exposure, but it does increase your odds of being approached by a permit crew.

The map, sourced from the news record

Ten incident locations have been pinned below, each with the news article it traces back to. Red pins are documented incidents or arrests; orange pins are recurring hotspots named in security or city statements; gold pins are historical or fringe zones. Tap any pin to open the source article in a new tab.

Verified incident locations, 2017–2026. Sources: Sunday Times, IOL Cape Argus, The South African, Cape Town Etc, News24, Cape Town Today. Coordinates verified via Google Places.

Open the map full-screen

6. By the numbers: why now

Two structural trends are amplifying this scam in 2026: a record tourism rebound that has broadened the pool of unfamiliar targets, and a longer-running rise in card-related fraud nationally. Both move in directions that favour the perpetrators.

South Africa, international arrivals, January–March

The tourist pool has roughly tripled since the pandemic floor

Quarterly international arrivals (Q1, January–March) into South Africa. Cape Town consistently absorbs the largest share of leisure arrivals through Cape Town International Airport, which alone handled around 11.1 million two-way passengers in 2025.

Q1 INTERNATIONAL ARRIVALS, MILLIONS, SOUTH AFRICA 3.0M 2.5M 2.0M 1.5M 1.0M 0.5M 0 0.4M 1.4M 1.97M 2.4M 2.59M 2.91M Q1 2021 Q1 2022 Q1 2023 Q1 2024 Q1 2025 Q1 2026 +12.5% YoY © T. Koziol 2026 · capetowndata.com · Source: Stats SA
March 2026 alone delivered 911,962 international arrivals, a 12.5% increase on March 2025. The first quarter total of 2.91 million is the highest Q1 on record. More unfamiliar travellers in the city means more first-time targets for a scam that depends entirely on local-protocol unfamiliarity.

Cape Town International Airport handled around 11.1 million two-way passengers in 2025 and recorded more than 121,000 visitors in a single month in February 2026, with roughly 72.5% of overseas tourists coming from Europe. The United Kingdom has firmly reclaimed its position as the leading European source market, with Germany, the Netherlands, France and Sweden close behind. Germany features disproportionately in the permit scam case record, both as a target nationality and as a source of unrecovered cases, partly because Cape Town is a major German leisure destination and partly because German-speaking visitors are sometimes navigating the central English-language signage with less context.

South African card fraud, illustrative trend

Card fraud has been rising since well before the permit scam

Annual reported credit-card fraud values in South Africa, with international counter-fraud benchmarks. The permit scam fits inside a broader, longer-running shift from ATM fraud towards in-person card capture, driven by improved ATM hardening that has pushed criminals into the open street.

REPORTED SA CREDIT-CARD FRAUD VALUE, R MILLIONS R 0 R 200M R 400M R 600M R 800M R331M Covid dip R633M ≈ €32.9M / $38.6M 2015 2017 2019 2021 2023 Composite indicative trend, anchored to SABRIC baseline. Values nominal, not inflation-adjusted. © T. Koziol 2026 · capetowndata.com · Source: SABRIC pattern
The South African Banking Risk Information Centre originally reported card fraud value rising 13% in a single year, from R331.4M in 2015 to R374.4M in 2016 (≈ €17.2M / $20.2M to ≈ €19.4M / $22.8M at the May 2026 reference rate of R1 ≈ €0.052 ≈ $0.061). The line above generalises the trend; specific year-by-year totals depend on whether debit-card, card-not-present and lost-or-stolen categories are folded in.

7. Who is being targeted

Three traveller profiles are over-represented in the case record. None are necessarily more gullible than others; each is over-represented because of how they actually move through Cape Town.

European leisure visitors Most targeted

Especially first-time visitors from Germany, the Netherlands, the UK and France. They tend to explore the Sea Point Promenade and V&A fringe on foot during daylight and carry contactless cards used to a low-friction tap culture at home.

Cruise & shore-excursion travellers

Cape Town's port traffic delivers groups with short time windows and a strong incentive to keep moving rather than argue. They often arrive without local SIMs and struggle to verify a story quickly with a phone call.

Guest-house & Airbnb guests

Visitors staying in De Waterkant and Green Point apartments often set out on foot immediately after check-in. The pavement encounter happens within the first 24 hours, before the host has had a chance to warn them about specific local scams.

Domestic up-country visitors

South Africans from Gauteng and KZN visiting Cape Town for the first time can be equally vulnerable. The local accents differ enough, and many out-of-province visitors give the suspect more benefit of the doubt than a Capetonian would.

Reported case bias: tourists rarely lay charges

Jacques Weber, WatchTower Group director and Sea Point CID chairperson, notes that most victims do not formally open a case because they are leaving the country or province within days. The published case count is therefore a floor, not a ceiling. Sea Point CID estimates two to three incidents per week across the Atlantic Seaboard reach a local crime group; the true figure is likely materially higher.

8. Reported incidents timeline

A non-exhaustive list of publicly reported permit-scam incidents and interventions, compiled from City of Cape Town media briefings, Atlantic Seaboard security operators and local press. Outcomes vary from clean arrests to repeat offences after bail.

May 2026

WatchTower: "scamsters picked the wrong building"

A permit-scam crew attempted the script outside a property monitored by WatchTower Group's offsite CCTV operation. Operators flagged the activity in real time and the attempt was disrupted. Publicised by WatchTower as a cautionary alert for tourists and hospitality operators.

October 2025

Sea Point: cloning device confiscated

Security officers from Securus Security Services and SRG Security intervened in a Sea Point incident. The fraudsters fled but abandoned their device. The hardware, structurally a card-cloning keypad masquerading as a payment terminal, was handed to Sea Point SAPS for investigation.

September 2025

De Waterkant: German tourist defrauded; second attempt foiled same day

Jacques Weber confirmed that a German tourist was successfully scammed near De Waterkant. The suspects fled in a vehicle after construction workers and two passing motorists gave chase. Weber's team helped the tourist cancel his card before further damage; he had been flying home the same day.

March 2025

Green Point A-Track: SafeStreet Collective intercepts attempt

Two members of the Green Point Ratepayers and Residents Association's SafeStreet Collective spotted a tourist surrounded by men dressed to look official near the A-Track. Law Enforcement and SAPS were called and the visitor was advised to cancel his cards before catching his flight home.

March 2024

Four arrested after vehicle chase

City camera operators flagged a permit scam against a German tourist. After notification, a chase ensued; the syndicate vehicle rammed a CID vehicle off the road. Four suspects were caught (three men and one woman). Inside the vehicle: fake number plates, multiple card readers, scamming devices, security clothing, a fake security ID and several ATM cards.

January 2024

WatchTower flags two tourists targeted; PPA Security on scene in <3 minutes

Smart-detection analytics flagged scammers approaching two tourists. WatchTower alerted PPA Security, whose officers arrived in under three minutes; the scammers fled. The surveillance network identified the tourists' guest house, which confirmed the fraud attempt had been thwarted. Suspects later apprehended via CCTV footage.

2017–2023

Earlier parking-permit variant in the CBD

The CCID warned of an "ATM parking permit" version of the scam as early as 2017, targeting drivers in the central city. The scheme cycled through dormant periods and revivals before re-emerging in its walking-permit form in 2024.

9. What to do (and what not to)

The encounters typically last under two minutes from first contact to vanish. Decision time is short. Memorise the response pattern below; do not improvise.

Do

  • Keep walking. You do not owe a stranger on the pavement an explanation. Say "no thank you" once and continue toward a busy area.
  • Refuse to follow them anywhere. Especially not to a wall, pole, bus shelter or parked vehicle, however official the destination looks.
  • Ask for an official ID and a station to verify it with. Real South African officers and traffic officials carry photographic ID and will not be offended by the request.
  • Photograph the device and the suspects discreetly, from a safe distance once you are clear, if you can do so without confrontation.
  • Call 021 480 7700, the City's Public Emergency Communication Centre, and report the location.
  • Tell your guest-house host or hotel concierge immediately. Most hospitality operators in central Cape Town have direct lines to the relevant CID.

Don't

  • Don't insert, tap or swipe any card at a device fixed to a wall, shelter or pole that is not inside a recognisable shop, fuel station or parking pay station.
  • Don't enter your PIN anywhere a stranger can watch your hand or the screen. Real terminals mask the digits; the cloning devices typically do not.
  • Don't pay "to make it go away". A small loss now is not a way out; once your card is in the device, the loss is no longer small.
  • Don't accept "I'll walk you to the ATM" offers from anyone you did not approach yourself. This was the earlier 2017 variant and it still happens.
  • Don't argue or escalate. If the encounter feels off, the right move is distance, not confrontation. Crews work in groups.
  • Don't assume a uniform is real. Hi-vis vests and printed lanyards are sold openly. Verify by calling the company displayed on the vest before engaging.

10. If you have already been scammed

The window between card capture and first fraudulent transaction is sometimes hours, sometimes minutes. Speed beats everything else. Work through the following sequence in order.

1. Cancel the card immediately

Use your bank's app or 24/7 fraud line. Do not wait for a transaction to appear. The card is compromised the moment it was inserted into the cloning device, whether or not money has moved yet.

2. Cancel every card you carried

If you had multiple cards on you and you cannot remember exactly which one touched the device, cancel them all. The cost of reissue is trivial compared with one drained account.

3. Call 021 480 7700

The City of Cape Town's Public Emergency Communication Centre. Report the location, time, descriptions and direction of travel of the suspects. The information feeds into live CCTV operations and SAPS dispatch.

4. Open a case at the nearest SAPS

For Atlantic Seaboard incidents, that is usually Sea Point SAPS or Cape Town Central SAPS. A case number is required by your bank for full chargeback and by your home insurer for any out-of-pocket cover.

5. Notify your home bank's fraud team

South African card cloning is often used at low-value point-of-sale and ATM terminals abroad to test the card before larger purchases. Tell your home bank specifically that the compromise originated in Cape Town.

6. Tell your hotel or guest-house

This matters even if the loss is small. Hospitality operators feed warnings into the tourism safety network and into Sea Point CID's daily logs. Your report contributes to the cluster picture that informs CCTV operator briefings.

You are not alone, and the system does work

Cape Town's CCTV network, private security operators, CIDs and SAPS have a working track record against this specific scam. Real-time CCTV monitoring on key buildings has produced sub-three-minute response times to active incidents. The challenge is not absence of response, it is awareness, the more visitors arrive forewarned, the fewer the crews can successfully target.

11. Emergency contacts to save now

Programme these into your phone before walking out of your accommodation. Add them as contacts named in plain English so you can find them under stress.

Public Emergency Communication Centre, City of Cape Town
021 480 7700. Routes to CCTV control rooms, Law Enforcement and the relevant CID. Best single number for in-progress incidents.
SAPS Crime Stop
08600 10111. National crime tip line; for non-emergency reports or where the centre line is unavailable.
SAPS SMS Crime Line
SMS 32211. Anonymous tip channel; useful for sharing descriptions and locations without giving up your number.
Sea Point SAPS
021 430 3700. The investigating station for Atlantic Seaboard incidents west of De Waterkant.
Cape Town Central SAPS
021 467 8001. Covers the CBD and Long Street corridor.
National emergency, all services
10111 from a landline; 112 from any mobile (works without a SIM in many cases).

12. Who is actually watching the pavements

Central Cape Town is one of the most densely surveilled urban strips in South Africa. That is not the same as saying the surveillance prevents crime, but in this specific scam, it materially shortens response time. The infrastructure is layered.

CCTV monitoring operators

WatchTower Group, leading the Atlantic Seaboard, and others run 24/7 smart-detection CCTV monitoring with dispatch arms. Operators flag suspect patterns in real time and alert the closest armed response unit.

City Improvement Districts (CIDs)

The Sea Point CID, Central City Improvement District (CCID) and Green Point CID fund foot patrols, cleaning teams (who frequently spot device placements), and additional cameras. They have direct lines to Law Enforcement.

Atlantic Seaboard Response & community teams

The Atlantic Seaboard Response (ASB) group, Green Point Ratepayers and Residents Association's SafeStreet Collective, and SRG Security have repeatedly intervened in permit-scam attempts. They are not formal police; they are eyes-on-pavement.

SAPS & LEAP officers

SAPS Sea Point, Cape Town Central, and the Western Cape's Law Enforcement Advancement Plan (LEAP) officers cover the corridor. LEAP is a provincial initiative that places additional officers in priority precincts.

Verified: arrests have been made

The March 2024 four-person arrest, the October 2025 device confiscation, and several documented WatchTower interventions confirm that the surveillance and response chain works when the scam is reported in real time. The weak link is reporting velocity, not law-enforcement capacity. Bail conditions are a separate, structural challenge: Weber has noted publicly that "while arrests have been made, bail is easily granted and these fraudsters often return to the streets."

The permit scam is the most actively reported tourist fraud in central Cape Town right now, but it is part of a wider pattern. Forewarned about one, forewarned about most.

The ATM "assistance" scam Active

A friendly stranger appears at an ATM to "help" when your card is jammed or the machine is not dispensing. Both problems are usually engineered by the scammer. The card and PIN are captured during the assistance.

The parking attendant variant Active

The 2017 ancestor of the walking-permit scam. A "parking permit" is requested, payable at a nearby ATM where the card and PIN are skimmed. Watch for anyone in a uniform claiming you owe a fee that is not visible on signage.

The "coming out" / drink-spike scam

Friendly approach in a bar or club, drink offered or refilled, victim leaves disoriented and is robbed. Reported in Long Street and parts of De Waterkant's nightlife zone. Keep drinks attended.

Fake accommodation listings

Photos lifted from real listings, posted on phony booking sites or pasted into unverified platforms. Always book through an established platform and confirm the property's existence on Google Maps Street View before paying.

Fake "officials" at airport & transport hubs

Some scammers wear lanyards near arrivals halls and offer "official" taxi rides at inflated rates. Use the marked metered taxi ranks or established ride-hailing apps (Bolt, Uber) booked from your own phone.

Distraction pickpocketing

A stranger asks for directions, spills something, or makes friendly conversation while an accomplice empties a bag or pocket. Reposition backpacks to the front in tourist density zones; never leave bags hanging on chair backs.

For a broader citywide view of where these patterns concentrate, see the Cape Town Crime Map Analysis, which maps SAPS precinct-level data alongside tourism corridors. For residential context on the most-affected suburbs, our Sea Point neighbourhood guide and 2026 Tourism overview both provide additional structural context.

See the full Cape Town crime map analysis

Precinct-level data, tourism-corridor overlays and quarterly trend lines for all of central Cape Town.

Open the analysis

14. Quick-glance summary

The scam, in one sentence
Fake officials in uniform demand a "permit" to walk on a street, then steer you to a wall-mounted device that clones your card.
Where it's worst right now
Sea Point Promenade, Greenpoint Underpass, Beach Road near the market, De Waterkant; secondary clusters in V&A fringe and Long Street CBD.
Who's targeted most
First-time European leisure visitors (notably German), cruise-shore excursion groups, and guest-house guests in their first 24 hours.
Best single defence
No street, road or promenade in Cape Town requires a walking permit. Walk away, keep moving, call 021 480 7700.
If touched the device
Cancel every card you carried immediately, before any transaction appears. Open a SAPS case for chargeback purposes.
2026 trend
Rising. Q1 2026 international arrivals up 12.5% YoY; more first-time targets in the city than at any point since pre-pandemic.

A walk through the main hotspot

For a visual sense of the corridor where most of these incidents happen, the Sea Point Promenade itself, a public walking-tour video captured along the route at typical daytime density:

Sea Point Promenade walking tour. The exact corridor where most permit-scam approaches occur.

Sources & references

Reportage & press

  • Sunday Times, "Tourists to Cape Town warned about card-cloning scammers", 21 October 2025.
  • IOL / Cape Argus, "Fraudsters target tourists with fake permit scams in Cape Town", 22 September 2025.
  • IOL / Cape Argus, "Tourist Scam Alert: Beware of permit fraudsters along Cape Town's Atlantic Seaboard", 24 March 2025.
  • Cape{town}Etc, "CCTV captures credit card fraudsters targeting tourists in Cape Town", January 2024.
  • Cape{town}Etc, "Tourists warned as Cape Town scam artists strike with fake permit", 24 March 2025.
  • The South African, "Tourists beware: fake street walking permits scam in Cape Town", 15 March 2024.
  • iAfrica, "Fraudsters Go To Lengths Convincing Tourists They Need Permits To Walk Cape Town Streets", 14 March 2024.
  • News24 / Wheels24, "Tourists targeted: 'Parking permit' scam hits Cape Town", 9 June 2017.
  • Cape Times, "Students hit in new bank scam", 1 August 2017.
  • Cape Town Today, "Unveiling the Cape Town Street Scam", March 2024.

Operators & authorities

  • WatchTower Group, social media alert: "Card Scamsters Picked the Wrong Building", May 2026.
  • Jacques Weber, Director, WatchTower Group; Chairperson, Sea Point City Improvement District.
  • Heather Tager, Chief Operations Officer, Sea Point City Improvement District.
  • Alderman JP Smith, Mayoral Committee Member for Safety and Security, City of Cape Town.
  • Cape Town Central City Improvement District (CCID), Safety and Security Department.
  • Atlantic Seaboard Response (ASB).
  • Green Point Ratepayers and Residents Association, SafeStreet Collective.
  • Securus Security Services; SRG Security; PPA Security; Avenue Response Team.

Data & statistics

  • Statistics South Africa (Stats SA), International Tourism Releases, January–March 2026.
  • Wesgro Research, Western Cape Tourism Performance updates 2024–2026.
  • Cape Town International Airport passenger statistics 2025–2026.
  • South African Banking Risk Information Centre (SABRIC), card fraud annual data.
  • City of Cape Town, Mayoral Committee briefings on Safety & Security.

Interactive resource

Related capetowndata.com analysis

View Discussion