FNB has cautioned South African online shoppers against entering their online banking details into third-party websites.
This warning is particularly pertinent ahead of Black Friday, which will see many South Africans purchasing products online.
FNB EFT product house CEO Ravi Shunmugam explained that many third-party payment service providers get customers to enter their online banking details so that they can access their banking profiles and complete a purchase for them.
This is done through “screen scraping”, which Shunmugam said was not developed for criminal purposes but does include inherent risks to consumers’ online banking security.
“No matter how reputable the retailer or app may be, the simple fact is that when you share your login credentials details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks, not least because your account security and data privacy can easily be compromised,” he said.
Shunmugam said that by sharing your Internet login details, you are effectively allowing the third party to login to your account as if they were you.
This provides them with access to all of the information stored on your online banking profile, which may be misappropriated and sold to other parties.
“These extensive third party databases have sensitive information for numerous customers, making them potential targets for hackers,” Shunmugam said.
“There is also the risk that fraudsters may be able to take control of the actual online transaction and use the login credentials to steal money or information from the consumer.”
Screen scraping has become increasingly prevalent in South Africa due to COVID-19 and the lockdown, mostly due to the growth of ecommerce in the country.
FNB does not support this practice and is strongly opposed to third-party providers accessing customers’ online banking credentials.
Shunmugam urged SA consumers to avoid sharing their login credentials with any third parties and to never enter these in any website or app other than their own bank’s legitimate platforms.
“Your login credentials are highly sensitive and should never be divulged, as doing so exposes you and your money to significant risk,” he said.