EFT warning for banking customers in South Africa

Standard Bank has warned South Africans that Instant EFT and PayShap carry increased risk, with customers partly responsible for protecting their finances. 

South Africa’s payment ecosystems have experienced a drastic shift over the past few years, becoming more interconnected than ever.

However, these advancements have also led to an evolving set of security risks, especially in light of new technologies like cloud computing, artificial intelligence, and real-time payment systems. 

Head of Cash Management in Transaction Banking at Standard Bank CIB, Ontiretse Modise, said that as more transactions move to the cloud, there is a significant increase in the complexity of managing security.

This has opened the door to new vulnerabilities. 

Modise said that the shift to instant payments in particular has created new challenges. Irreversible transactions carry increased risk, such as those conducted via EFT or PayShap. 

Standard Bank said that the complexity of the new ecosystem is further compounded by the rise of cybercrime, such as fraud and data breaches, which could undermine trust in the system. 

The South African Reserve Bank (SARB), a huge driving force behind PayShap, previously warned that EFT payments are final and irrevocable in nature, and consumers are unable to lodge disputes to reverse a transaction in the event of fraud.

It added that consumers might also be held liable for the interest payable amounts when payment was made from their credit card account or overdraft facilities.

The banking sector is working to combat these risks, with cybersecurity moving from the back office to the forefront of boardroom discussions. 

The reputational risks associated with cyberattacks also mean that the urgency of cybersecurity is now at the centre of corporate governance, and is essential in how banks view the future of payments. 

Modise added that as payment systems move toward real-time processing, the need for constant vigilance increases as the traditional security methods of no long suffice for instant payments. 

Standard Bank is heavily investing in advanced technologies, such as machine learning, algorithms, and real-time monitory tools to ensure that fraud never happens. 

However, the bank said its efforts alone are not enough. 

It said that cybersecurity is a shared responsibility, with it engaging with its clients on the best ways to protect their businesses and improve their own fraud detection capabilities. 

“This collaboration helps us stay ahead of emerging threats and ensures that we’re providing the best possible protection for our customers,” said Modise.

Not the first time

This is not the first warning that Standard Bank has issued, with the bank recently highlighting some of the most common and new forms of fraud. 

This past week it warned South Africans about the rising threat of Card-Not-Present (CNP) fraud amidst the rise of delivery apps, e-hailing, video on demand, and online shopping services.

Consumers rely on these online platforms with targeted online ads when shopping. This, however, increases the chance of being a victim of CNP fraud.

“As digital transactions grow, banks are detecting more opportunistic attempts by cybercriminals to exploit online platforms,” it said.

CNP fraud happens when stolen card details are used to make online purchases and subscriptions with no physical card required.

Criminals will exploit vulnerabilities in an e-commerce platform to steal card numbers, expiry dates and card verification values (CVVs).

This is increasingly common on platforms that allow malicious pop-up ads. Food delivery, e-hailing services, and social media platforms are the main targets, as they store sensitive data for ease of use.

Unsuspecting victims will also enter details on fake or cloned websites, giving over their information to the fraudsters.

Digital and social media platforms that allow users to pay for Ad campaigns virtually are also vulnerable, as they enable fraudsters to access stolen card details.

Another scam that Standard Bank warned its customers about involved a fraudulent WhatsApp group, which falsely claimed to have connections with Standard Bank, SBG Securities, and SBG Securities Online Share Trading. 

It also referred to the bank’s Financial Sector Conduct Authority operating license and the Group’s Chief Risk Officer.

Standard Bank said that the information in the group was fictitious, meaning that customers should remain vigilant to avoid falling victim to phishing scams.