The content on this page is not written by Polity.org.za, but is supplied by third parties. This content does not constitute news reporting by Polity.org.za.

The South African Reserve Bank (SARB) and the Financial Sector Conduct Authority (FSCA), in consultation with the Payments Association of South Africa (PASA), would like to issue a warning to consumers to be aware of the risks associated with the use of instant electronic funds transfer (EFT) online payment services offered at e-commerce stores (i.e. stores which facilitate the purchase and sale of goods and/or services via the Internet).

What is an instant EFT?

An instant EFT is a payment method offered by a third party, in partnership with e-commerce stores, which automates the initiation of payments for consumers to e-commerce stores and also provides immediate confirmation of payment to the e-commerce store to enable them to dispatch the goods or services purchased.

Instant EFT payments use a method called ‘screen scraping’, which makes it possible for third parties to access bank account data and automate actions on behalf of a consumer using that consumer’s online banking access credentials. The access to the consumer’s screen data is then used to facilitate payments.

Consider the following scenario:

Sidney wants to order a pair of sneakers for his son’s birthday. He searches for an online clothing store and finds the perfect pair. He selects the size and colour, and clicks on ‘Buy Now’. Sidney proceeds to the delivery details and payment page. Here, he is asked how he will make the payment, and selects the ‘Instant EFT’ option. Sidney is given a list of banks and is prompted to select the bank he uses. Immediately, he is redirected to a page with his bank’s logo, and is required to enter his online banking details. He inputs his online banking username and password, and clicks on ‘Submit’.

Once he inputs the username and password, he is required to select the account from which he wishes to make the payment, and is then required to authenticate the payment via his mobile phone. The web page then moves to the payment confirmation page to inform Sidney that his payment was successful. Finally, he receives an SMS message from his bank alerting him that a payment has been made. Instant EFT benefits Sidney in that he can make purchases quickly and easily from any online store.

An example of an instant EFT online payment is illustrated below.

What are the risks to consumers?

The SARB, the FSCA and the payments industry do not support the use of screen scraping to effect payments, given that it exposes consumers to the following risks:

Data privacy

The method of using screen scraping to effect payments puts consumers’ access credentials at risk of being compromised. Consumers have no control over how their credentials, and any other data or personal information, are accessed and used by the third party (e.g. account numbers and account statements can be stored and utilised without the consumer’s knowledge or consent).

Click here for full statement.

Issued by SARB