Financial services firm FNB has warned that customers are being targeted by a type of cyber fraud called ‘screen scraping’.
This is the process of copying information shown on the screen of a computer or mobile device, to then be put on another screen, said Ravi Shunmugam, chief executive of EFT Product House for FNB.
Shunmugam said there are various examples of screen-scraping, but possibly the most widely used is when a third party, like an online payment service provider or a digital budgeting app, gets customers to enter their online banking details to access their banking profiles and complete a purchase for them, or provide them with information or guidance about their financial habits.
He said that while screen scraping itself was not specifically developed for fraudulent or criminal purposes, the process has inherent risks that consumers need to be aware of.
“No matter how reputable the retailer or app may be, the simple fact is that when you share your login credentials details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks,” he said.
“Not least because your account security and data privacy can easily be compromised.”
Shunmugam said that by sharing your login details, you are effectively allowing the third party to login to your account as if they were you, and thereby presenting the third party an opportunity to use various screen scraping tools to copy all your information and data on that profile to a database for uses other than the original transaction.
Such uses may include targeted advertising and marketing and even selling the information on to other interested parties.
These extensive third party databases have sensitive information for numerous customers, making them potential targets for hackers, Shunmugam said.
“There is also the risk that fraudsters may be able to take control of the actual online transaction and use the login credentials to steal money or information from the consumer.”
Shunmugam said that while there are moves underway globally to regulate screen scraping, and in some cases even ban it in order to reduce these risks and protect consumers, the practice has actually become more prevalent in South Africa during Covid-19 and the lockdown.
“As eCommerce has grown significantly during the lockdown period, FNB has noticed a steady increase in the number of its customers entering their details into screen scraping tools, particularly for third party EFT payment processes,” he said.
Shunmugam said that FNB does not support the practice of screen scraping and is strongly opposed to third-party service providers requesting access to customers’ bank login credentials via non-bank websites or applications.
He said that FNB is working closely with the country’s payments industry bodies to highlight the potential risks of these practices to consumers, banks and merchants alike, to fast track stronger regulatory oversight.
However, even when more stringent governance standards are established and enforced, he urges SA consumers to avoid sharing their login credentials with any third parties and to never enter these in any website or app other than their own bank’s legitimate platforms.
“Your login credentials are highly sensitive and should never be divulged, as doing so exposes you and your money to significant risk,” he said.