South Africans warned to stay away from Instant EFT

[Jamie McKane]

South Africans warned to stay away from Instant EFT

South African banks have supported a recent warning from the South African Reserve Bank (SARB), the Financial Sector Conduct Authority (FSCA), and the Payments Association of South Africa (PASA) regarding the risks of using instant electronic fund transfer (EFT) services.

Local regulators raised concerns over Instant EFT services because they work by customers giving a third-party provider their Internet banking username and password.

 

[justplain]

MAYBE the banks should use this as a prime opportunity to ACTUALLY innovate and release a standardized API for trusted 3rd parties to allow direct EFT without the client having to use 3rd parties or screen scraping technologies.
But nooooooo

 

[Willie Trombone]

So how can Ozow and others be allowed to use the banks logos? I for one assumed this was bank sanctioned... clearly not.
Doesn't 22seven do this as well? Should we not trust Old Mutual either?

22seven

22seven.com

This industry needs a wake up call.

 

[RudderVator]

MAYBE the banks should use this as a prime opportunity to ACTUALLY innovate and release a standardized API for trusted 3rd parties to allow direct EFT without the client having to use 3rd parties or screen scraping technologies.
But nooooooo

But why would we do that if we make more money getting you into debt on your credit card or fees on debit card?

 

[lordnokon]

The banks themselves allows instant EFT's

 

[Thor]

So how come Paygate, Payfast, Ozow, and the others are allowed to operate then?
To me, it sounds like the banks are being salty.

 

[Barbarian Conan]

Hang on... are you telling me that there are enough people that give another company their internet banking login details that these EFT providers like Ozow actually continue to operate?

Dafaq?

 

[Noob-Noob]

So not one example can be given where there has been actual fraud. Does this not make this whole entire article and argument moot?
Banks themselves should rather remove the splinter....

Edit.
Payfast and Ozow has been life savers where I could not pay with a creditcard. I have used them multiple times and have not had any issues. You still have to log in, and you have to approve the transaction on your phone on the banking APP. And you have to approve the beneficiary on the banking app. So how exactly is this not secure?

My online payment issues are always with the banks (ABSA..cough..cough), and the solution is normally Payfast or Ozow

 

[Gnome]

I've used those services twice. I use it, then rotate my password (and I have 2FA using a physical token). But absolutely hate using it and only when I have no other choice

Regardless of what banks say, it is really stupid to allow someone else access to your bank account and not immediately rotate the password at the least.
In fact just giving them access is already a very bad idea.

 

[mr_norris]

The banks themselves allows instant EFT's

This is different from using your banking app / website to do a "pay and clear" EFT. They are talking about instant EFT payments on a third party website, kind of like this.

I have done it once, years ago, and I will never do it again.

 

[naeem]

Banks are probably feeling left out and not collecting enough fees. Instant EFT makes up nearly 40% of all our online sales and continues to grow. We've been using Ozow since last year.

Personally, i'd still recommend using a credit card purely for 2 reasons
1) safety, you can easily dispute and claim back if a store does not supply
2) ebucks

 

[Ockie]

I am confused. I know ABSA has instant EFT's as their service offering because my sis have transferred instantly to my Capitec account and I know Capitec also has instant EFT which like ABSA, you pay extra for. So what is this they talking about? Are these services offered by the bank actually done by a 3rd party?

 

[sandi_mfeka]

I am confused. I know ABSA has instant EFT's as their service offering because my sis have transferred instantly to my Capitec account and I know Capitec also has instant EFT which like ABSA, you pay extra for. So what is this they talking about? Are these services offered by the bank actually done by a 3rd party?

They're not talking about theat type of instant EFT, they are talking about payment systems such as OZOW, paysfast etc.

 

[Ockie]

They're not talking about theat type of instant EFT, they are talking about payment systems such as OZOW, paysfast etc.

Oh I see. Not sure what the use cases is of using those services if the banks offer their own instant EFT service, but I am sure there are use cases. Just a relief, thought the banks were using a 3rd party for this. Thank you for giving clarity.

 

[Mystic Twilight]

I am confused. I know ABSA has instant EFT's as their service offering because my sis have transferred instantly to my Capitec account and I know Capitec also has instant EFT which like ABSA, you pay extra for. So what is this they talking about? Are these services offered by the bank actually done by a 3rd party?

It seems the specific problem is that users are required to provide their online banking username and password to those third parties in order to use them to make payment.

 

[Roo!]

Oh I see. Not sure what the use cases is of using those services if the banks offer their own instant EFT service, but I am sure there are use cases. Just a relief, thought the banks were using a 3rd party for this. Thank you for giving clarity.

It's the convinience of the ecommerce experience. These InstantEFT services have a very similar UX as what one experiences via 3D Secure (BankServ) and Bank App. It means the PoP is sent instantly and within the workflow of the transaction and not by the customer afterwards as a disjointed and disruptive process. It also means that all the linking between invoice, payment and Pop is done behind the scenes and systematically.

 

[Ap0c]

Same way Xero, Sage, Yodlee.com extract your bank statements.... Its not a payment issue, its the banks trying to build walled gardens

 

[system32]

Same way Xero, Sage, Yodlee.com extract your bank statements.... Its not a payment issue, its the banks trying to build walled gardens

Giving a third party your bank login and bank password seems just a little, tiny bit, small, minute risky.

 

[blah99]

Giving a third party your bank login and bank password seems just a little, tiny bit, small, minute risky.

They need the OTP if they really want to have access to your bank account. This system has been in force for YEARS without any fraud. The banks are being silly.

 

[Mystic Twilight]

They need the OTP if they really want to have access to your bank account. This system has been in force for YEARS without any fraud. The banks are being silly.

Laughs in sim swaps

Not like that hasn't been done before.