The key to FNB’s solution hardly seemed new, as the bank’s press statement spoke of setting up a secondary profile for your online banking account that had “view only” access to specific bank accounts.
This feature was available in FNB online banking since before 22seven launched, and seemed to offer a good solution to the concerns the banks have regarding security.
In a press statement issued shortly after 22seven’s public launch, FNB’s warns about “third party sites seeking a customers’ personal details [that] claim to offer value added benefits to the customer.”
Unlike Absa, FNB never specifically mentioned 22seven, but it’s difficult not to connect their statement to the money management service that had launched just the day before.
Asked about its sudden change of sentiment, FNB’s CEO of online banking, Lee-Anne van Zyl said:
FNB has not changed their sentiment with regards to 22Seven, and never attempted to block access to 22Seven. We were still investigating the various options available with 22Seven to establish the most appropriate way forward. After careful consideration, we have decided that setting up a secondary user profile is the most appropriate option.
We maintain the views in our initial statement urging our customers to never disclose their personal details such as their Personal Identification Number (PIN), username, password and One Time Pin (OTP). Customers should never access FNB’s Online Banking via a link, and should never respond to a request to ‘update’ or ‘reconfirm’ their banking details as this exposes the customer to phishing.
Other banks respond
Christo Vrey, head of Absa digital banking services, said that Absa continues to remind customers never, under any circumstances, to divulge their PIN and passwords to any third party.
Vrey added that until they receive “further direction” from the relevant regulatory and industry bodies, their stance on third party personal financial management (PFM) services that request users divulge sensitive details will remain consistent with their policy on such disclosure.
“Absa is open to conversations with third party PFM service providers to explore collaborative models that do not violate the simple principle of never sharing one’s online banking logon credentials with any third party,” Vrey said.
Capitec, in a post on its Facebook wall regarding 22seven said: “It’s a great idea, but we don’t support revealing security codes to third parties.”
Capitec linked to a page on its website and highlighted the section on third-party downloads which states:
You need to fully understand how third-party applications, not endorsed by Capitec Bank, work before downloading them [onto your cellphone]. You need to be aware that third-party applications have the potential to access other messages [on your cellphone] (such as your account info) with or without your knowledge.
Itumeleng Monale, director of self-service banking at Standard Bank, said they would not support the disclosing of any banking logon credentials to third parties, especially in the case where those third parties have not engaged with the bank in detail to ensure alignment of security standards.
“Engagements with the technology service providers for 22seven are currently being arranged to understand their environments and assess the potential risk to our customers if they were to utilise their service in accessing Standard Bank account information,” Monale said.
Nedbank’s head of client engagement, Anton de Wet, said that Nedbank recognises the rising trend of Personal Financial Management (PFM) tools, both globally and in South Africa and that it is continuously looking at ways to enhance security to ensure clients can transact safely in a digital environment.
“People making use of any PFM offering need to be aware of the risks associated with disclosing their personal credentials to others and use service providers they trust,” de Wet said.
Banks to launch competing services
De Wet went on to say that it too has a personal financial management tool called Nedbank Personal Money Manager, available from its website.
Absa previously revealed that it is working on a PFM tool for its customers which it said removes “any of the security concerns present in third party PFM tools like 22seven.”
Standard Bank has now also revealed in its response to our questions that it plans to launch a PFM tool.
“As part of a new suite of functionality that will be made available to customers within the trusted environment of our online banking service, Standard Bank is already developing a financial management tool and related capabilities,” Monale said.