Who are you giving your banking details to without knowing! Online shopping and Screen Scraping

With the increase in the use of electronic payments and online shopping around the world, and the growing role played by financial technology (fintech) when it comes to payments, the modus operandi of criminals is, unfortunately, also constantly changing and advancing. It is important for consumers to be up to speed with these evolving scams to make sure that you do not fall for them. This includes the increasing
issue of screen scraping.

Individual risk

In fact, most people may be unaware of what screen scraping actually is, and that they may already have been subjected to it. By simply giving a third-party or software programme access to your financial information, consumers are potentially being exposed to the risk of screen scraping, and the potential of a significant financial loss. While this scenario is more relevant for retail consumers, the risks are also significant for businesses that sign over authority to a third-party to access their banking and client information.

The recent Protection of Personal Information Act (POPIA), which came into effect on 1 July, is a data protection law to protect people from harm by
protecting their personal information.

But what is screen scraping all about and how can you prevent yourself from being caught?

Screen scraping occurs when someone makes an online purchase and is prompted to provide their internet banking login details to process the payment. Instead of being directed to their banking site, you are re-directed and taken to a fraudulent website where the criminal third-party can then log into your banking account, using the details provided.

The criminals are then able to make a payment to a store or merchant on your behalf.

In 2020, the South African Reserve Bank (SARB), the Payment Association of South Africa (PASA) and the Financial Sector Conduct Authority (FSCA) issued a joint statement warning consumers about the risks associated with instant online EFT (electronic fund transaction) payments,
particularly in relation to screen scraping.

The statement reiterated the importance of consumers educating themselves about the risks and benefits of making payments online and acknowledged that it is becoming exceptionally difficult for regulators and the financial industry alike to contain these types of crimes before vast amounts of money are lost.

Business Risk

Businesses have also been experiencing massive repercussions of screen scraping, as third-parties can gain access to the company’s data which often
includes secure information about their clients.

Businesses and individuals need to become extra vigilant in protecting themselves and take the necessary precautions to avoid screen scraping.

This is especially relevant for entrepreneurs who have started small businesses over the last year to counteract the financial effects of lockdown. This information is important for these types of small business embarking on payment solutions for their clients.

• Read carefully through the terms and conditions on any website before clicking “accept”.
• Use a security testing tool before accepting the terms and conditions, and make sure that no high risks are identified. If anything is highlighted, immediately let the website host know so that they can make the necessary adjustments.
• If using cloud-based software, use both testing and sandbox technology to acquire a real-world analysis of security gaps, (Sandboxing technology uses virtual servers to test software in an isolated environment).
• Inquire if your third-party software vendors use open-source tools in their products.
• Find out how third-parties deal with open source, and what precautions they have taken to avoid risks.
• Make sure that the third-party has a way to track and identify open-source codes, so that they can develop patches quickly if their product is identified as vulnerable.
• Individuals should not share their login credentials with any third-parties other than their own bank’s legitimate platforms.
• If there is suspicion of any fraudulent activities, reset login credentials immediately.
Screen scraping can be hugely beneficial if used legitimately, but can also be used by criminals to steal data. Remember to arm yourself with as much information as possible to distinguish between a legitimate scraping transaction and
a criminal one.

Scroll to Top