The South African Reserve Bank and the Financial Sector Conduct Authority, in consultation with the Payments Association of South Africa, have warned the public not to use instant electronic funds transfer (EFT) online payment services as a payment option.

An instant EFT is a streamlined version of a traditional EFT, made through a third-party platform.

In a notice put out on Thursday, the financial service regulators said instant EFTs make use of a practice called “screen scraping”. This makes it possible for third parties to access bank account data and automate actions on behalf of a consumer, using that consumer’s online banking access credentials.

It effectively uses a customer’s screen data to facilitate payment.

The financial authorities said they do not support this practice as it exposes consumers to several risks, including compromising their access credentials.

“Consumers have no control over their credentials and any other data or personal information accessed by the third party,” the statement warns.

Using these services will also make them vulnerable to possible fraud, as criminals might pretend to be a third party offering instant EFT services on fake e-commerce sites, so they can capture consumers’ access credentials for their bank’s Internet banking websites.

Rogue entities

The statement warns that from there, such rogue entities may impersonate the consumer and conduct any activity that a consumer would have access to on their online banking platform, including making real-time payments to themselves, applying for a personal loan, and so on.

There is also the danger that these criminals might access data and personal information, such as account information and monthly statements, and then use it to set up new accounts.

Using this form of payment could level consumers without recourse if things go wrong as “EFT payments are final and irrevocable”. So if a consumer wanted to reverse a transaction, they might find it impossible to do so.

The authorities also warned that in using instant EFT services, customers might be in breach of their banks’ terms and conditions, as they are giving their Internet banking login credentials to third parties.

This concern was echoed by FNB Retail and Private Banking CEO Raj Makanjee, who said consumers must never share or cede control of their banking credentials to any third party whether shopping online or at a physical point of sale.

Makanjee encouraged consumers to rather use other [bank]-backed forms of electronic payment methods.