You are Here > Home > My Money > What is screen scraping and is it safe?

What is screen scraping and is it safe?

Aug 9, 2021

Screen scraping can be used by criminals to steal data, but financial services companies are increasingly making legitimate use of this too. Angelique Ruzicka investigates what the process entails and how consumers can protect themselves.

What is screen scraping and is it safe? Screen scraping can be hugely beneficial, if used legitimately. Put simply, it allows third-party companies to access financial transaction data when a consumer logs into a digital portal and allows this portal to access their banking and other personal information.

Plenty of financial services companies make use of this technique. These include lenders, financial management apps, personal finance dashboards, and accountancy service providers. Budgeting apps commonly use screen scraping tech to show consumers, in real time, where their money is coming from and going to.

There are typically security measures in place. With an online payment platform like Ozow, for example, consumers will log in using their online banking credentials which are encrypted and passed directly to the bank. Ozow then automates any payments via EFT for the consumer to approve.

Thomas Pays, co-founder and CEO of fintech startup Ozow, adds: “A key step in the process is the two-factor authentication (2FA) for which the bank communicates directly with the consumer to authorise the payment. 2FA or multi-factor authentication (MFA) is an essential step of the process, sent outside of Ozow by the consumer’s bank and approved in-app, over USSD, or in the form of a one-time pin.”

Digital overlay services have been used since the 1980s across a variety of industries. Some of the largest digital companies are built on these overlays, including international tech giants like Google, Yodlee and Quickbooks.

The practice can make online banking and transacting more accessible, as Pays points out: “With the rise of cashless payments, peer-to-peer payments and eCommerce over the last year, enabling consumers to transact with convenience, ease and trust is imperative. This is particularly important for the 49 million South Africans with a bank account, as well as the millions who are currently unbanked and underserved.”

The risks

Not all financial institutions back the practice of screen scraping.

When approached for his view, Ravi Shunmugam, CEO: EFT product house for FNB, says: “FNB does not support the practice of screen scraping and is strongly opposed to third-party service providers requesting access to customers’ bank login credentials via non-bank websites or applications.

“FNB is working closely with the country’s payments industry bodies to highlight the potential risks of these practices to consumers, banks and merchants alike, to fast-track stronger regulatory oversight.”

Shunmugam admits that the process of screen scraping itself was not specifically developed for fraudulent or criminal purposes but warns that consumers still need to be aware of the risks involved.

He adds: “No matter how reputable the retailer or app may be, the simple fact is that when you share your login credentials with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks, not least because your account security and data privacy can easily be compromised.”

Protecting your data

It’s important to arm yourself with as much information as possible to distinguish between a legitimate scraping transaction and a criminal one.

If you’re in any doubt about whether to use a service that implements screen scraping, talk to your bank about it or read up about it using financial education tools such as Money Smart Week, which regularly briefs consumers about banking scams and fraud.

How to protect your money from criminal screen scraping

Don’t share your login details. Never enter these in any website or app other than your own bank’s legitimate platforms. Your login credentials are highly sensitive and should never be divulged.

Shop on secure websites. This means the site should have SSL (secure sockets layer) encryption installed. The URL for the website should start with “https” rather than just “http”.

Choose your payment process carefully. Choose to pay securely via virtual card, scan-to-pay, or with your credit or debit card rather than making an instant EFT payment.

Read through the terms and conditions carefully. Money Smart Week advise consumers to use a security testing tool before accepting the terms and conditions. It adds: “Make sure that no high risks are identified. If anything is highlighted, immediately let the website host know so that they can make the necessary adjustments.”

Ask questions about open-source tools and products. Money Smart Week explains:Find out how third-parties deal with open source, and what precautions they have taken to avoid risks. Make sure that the third party has a way to track and identify open-source codes, so that they can develop patches quickly if their product is identified as vulnerable.”

Improve your security. If there’s been a breach, reset your login details and use a password that’s hard to guess. Don’t use the same password across multiple accounts.

This article first appeared in City Press.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Maya Fisher-French author of Money Questions Answered

Previous Articles

Video: Five ways to trick yourself into saving

Behavioural scientists have found that we feel loss far more greatly than gain, which is why the idea of cutting back on our lifestyle makes us very unhappy. We feel the sacrifice immediately but only reap the benefits in the future. While it may be a tough ask to...

When debt review works

Going into debt review is like going on a diet: it’s difficult to stick to and the results won’t be immediate, but it can be life changing. While there are serious issues around the way some debt counsellors conduct themselves, for Grace Bekwa, debt review gave her...

Listen: Creating Generational Wealth

Generational wealth is passed down from one generation to the next. But ultimately it has different context for different people. Generational wealth doesn’t have to be the Oppenheimer’s legacy. It could be leaving your children enough money to buy a home, or the...

What should you expect from a financial adviser?

I have worked in the financial industry for over 25 years and there is very little I don’t know about investing and managing money, yet I use a financial adviser. About 15 years ago I realised that while I knew about investing and money, I needed to have the input of...

SARS issues audit requests upon ceasing tax residency

The experts at Tax Consulting SA warn of the dangers of simply assuming you no longer have tax residency status in South Africa. There is an alarming number of South African expatriates relying on the 'tick-box' approach to cease their tax residency, while some simply...

How tax works on your retirement fund

One of the most common complaints I receive from pensioners is that they pay tax on their retirement benefits. While one can sympathise with the plight of pensioners who often struggle to come out on their retirement income, one needs to understand the tax structure...

Don’t rush into debt review

While debt review can be a lifeline for an over-indebted consumer, it should not be entered into lightly. You need to be aware that once you enter debt review, you cannot apply for new credit, and you cannot exit debt review until all your debts are settled. There is...

It’s time to spring clean your finances

“When you don’t know where your money is, when you have no filing system for your important documents, when you dive into your pocketbook to pull out crumpled bills, when your car looks like a garbage can, when your closets are filled with junk and clutter you cannot...

Funeral policy fraud on the increase

When fraudsters access your personal information, they can use this information to take out a funeral policy in your name, and then claim benefits on the policy using a fake death certificate and other supporting documentation. “Finding out you are the victim of a...

SARS issues guidance on crypto assets

On 27 August 2021, SARS provided further guidance on the correct tax treatment of crypto assets and how this must be declared in people’s tax returns. SARS published a document on its website entitled Crypto Assets & Tax. The publication should perhaps best be...

Pin It on Pinterest

Share This