FNB says it will be changing the way customers approve their online payments, in a bid to the make the process more secure and reduce instances of fraud.
Customers will no longer receive a one-time PIN (OTP) to approve transactions, and will have to manually okay the purchase within the group’s banking app.
When approval is required, the following will happen:
- When FNB requires you to approve your online purchase, it will send an app notification.
- Customers will need to log in and approve or decline the payment on the FNB App.
- This replaces the OTP customers have received in the past, and is more secure.
For a limited time, for customers without the app, FNB said it will temporarily SMS the OTP for online authorisation to a customer’s mobile phone and online banking.
However, this system is being removed for other channels, such as email.
“FNB will no longer be sending your OTP for online purchases via email. If you have requested your OTPs to be sent via email, you will need to update your cellphone number on the FNB App or your notifications will default to your inContact number,” it said.
The change to payment approvals comes after FNB warned of a rise in fraudulent activity, targeting customers and businesses.
The bank recently noted a rise in a type of fraud called ‘screen scraping’, which is the process of copying information shown on the screen of a computer or mobile device, to then be put on another screen.
Possibly the most widely used for of screen scraping is when a third party, like an online payment service provider or a digital budgeting app, gets customers to enter their online banking details to access their banking profiles and complete a purchase for them, or provide them with information or guidance about their financial habits.
“No matter how reputable the retailer or app may be, the simple fact is that when you share your login credentials details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks,” the bank said.
FNB said it does not support the practice of screen scraping and is strongly opposed to third-party service providers requesting access to customers’ bank login credentials via non-bank websites or applications.
The bank also noted that fraudsters are increasingly using email-based scams to catch unsuspecting businesses off-guard.