The fast pace of digital progress in the financial world has made it easier than ever for people to transact, make purchases, and manage their money online. For most people, speed and convenience are two of the most important benefits that a digital transaction offers, and many businesses invest significantly into developing digital processes that make such fast and easy transactions possible for their online customers.
One example of this digital transactional enablement is a process called screen-scraping. Put simply, this is the process of copying information shown on a digital screen like a computer or mobile device, so that it can be used in another digital screen or process.
Ravi Shunmugam, CEO of EFT Product House for FNB, explains that there are various examples of screen-scraping but possibly the most widely used is when a third party, like an online payment service provider, gets customers to enter their online banking details so that they can access their banking profiles and complete a purchase for them or provide them with information or guidance about their financial habits.
Shunmugam points out that while screen scraping itself was not specifically developed for fraudulent or criminal purposes, the process has inherent risks that consumers need to be aware of.
“No matter how reputable the retailer or app may be, the simple fact is that when you share your login credentials details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks, not least because your account security and data privacy can easily be compromised.”
He explains that by sharing your login details, you are effectively allowing the third party to login to your account as if they were you, and thereby presenting the third party an opportunity to use various screen scraping tools to copy all your information and data on that profile to a database for uses other than the original transaction.
Such uses may include targeted advertising and marketing and even selling the information on to other interested parties.
These extensive third party databases have sensitive information for numerous customers, making them potential targets for hackers,” Shunmugam says, “and there is also the risk that fraudsters may be able to take control of the actual online transaction and use the login credentials to steal money or information from the consumer.”
Shunmugam adds that while there are moves underway globally to regulate screen scraping, and in some cases even ban it in order to reduce these risks and protect consumers, the practice has actually become more prevalent in South Africa during COVID-19 and the lockdown.
“As eCommerce has grown significantly during the lockdown period, FNB has noticed a steady increase in the number of its customers entering their details into screen scraping tools, particularly for third party EFT payment processes.”
Shunmugam explains that FNB does not support the practice of screen scraping and is strongly opposed to third-party service providers requesting access to customers’ bank login credentials via non-bank websites or applications.
However, even when more stringent governance standards are established and enforced, he urges SA consumers to avoid sharing their login credentials with any third parties and to never enter these in any website or app other than their own bank’s legitimate platforms.
“Your login credentials are highly sensitive and should never be divulged, as doing so exposes you and your money to significant risk.”
Follow IT News Africa on Twitter