A number of South Africans have turned to instant EFT services to facilitate quick electronic payments between accounts.
While these third-party solutions offer a quick way to make payments, their features come at the cost of potentially violating your bank’s terms and conditions.
Instant EFT services require users to enter their online banking credentials into a third-party platform, which then uses screen scraping to facilitate a transaction and confirm it via a one-time PIN sent to the user.
South African banks have stated that they disapprove of these services, as they violate their terms and conditions and can compromise the security of user credentials.
Banks versus Instant EFT providers
In providing third parties with their login information, customers also take on liability for the loss of funds due to any cyber attack related to this service.
Local banks have stated that customers who use these services are putting themselves at risk, and advise them to never share their online banking credentials with anyone.
Instant EFT services responded to this disapproval from local banks, stating that they have been operating their services for years.
DPO PayGate stressed the importance of working with banks going forward and implementing a more direct interface for payments.
“It is important to us to work closely with the banks in every respect and in this regard we are engaging with them in order to update our EFT interfaces to the banking systems,” the company said.
“We believe that a direct interface to the banks via secure APIs will be the logical next step in this process and will provide an optimal solution for all parties.”
Wirecard said there was no risk for customers using its service, and argued that its instant EFT service was more secure than standard card payments.
Speaking in an interview with MyBroadband at a media event in Johannesburg, FNB Retail CEO Raj Makanjee said that the bank does not support Instant EFT platforms.
“The challenge is that in order for those providers to operate, they need the client’s credentials to log on to our Internet banking via screen scraping,” he said.
“We do not support this approach, as effectively those customer credentials are now stored in multiple different databases and the vulnerability of our customers to phishing and fraud increases.”
Makanjee said the bank was reaching out to regulators to help control this practice and limit the storage and exchange of user banking credentials.
“We are actively looking to the regulator to help us regulate this practice,” Makanjee said. “As the world becomes more digital, the management of credentials becomes increasingly important.”
He added that FNB might support these services through secure direct APIs if many customers began using them instead of the bank’s own money transfer platforms.
The bank would consider this option only if it was what customers wanted, however.
“Today, we don’t see any big uptake of instant EFT services, and it is still very small in relation to card and other payment volumes,” Makanjee said.