Online shoppers warned against making instant EFT payments

Sarb and FSCA say consumers are put at risk and it may be in contravention of their bank’s Ts&Cs.
Making use of these payment services could result in identity theft. Image: Shutterstock

The South African Reserve Bank (Sarb) and the Financial Sector Conduct Authority (FSCA), in consultation with the Payments Association of South Africa, have warned the public not to use instant electronic funds transfer (EFT) online payment services as a payment option.

An instant EFT is a streamlined version of a traditional EFT, made through a third-party platform.

In a notice put out on Thursday, the financial service regulators said instant EFTs make use of a practice called “screen scraping”. This makes it possible for third parties to access bank account data and automate actions on behalf of a consumer, using that consumer’s online banking access credentials.

It effectively uses a customer’s screen data to facilitate payment.

Privacy concerns

The financial authorities said they do not support this practice as it exposes consumers to several risks, like compromising their access credentials.

“Consumers have no control over their credentials and any other data or personal information accessed by the third party,” the statement warns.

Using these services will also make them vulnerable to possible fraud, as criminals might pretend to be a third party offering instant EFT services on fake e-commerce sites, so they can capture consumers’ access credentials for their bank’s internet banking websites.

The statement warns that from there, such rogue entities may impersonate the consumer and conduct any activity that a consumer would have access to on their online banking platform, including making real-time payments to themselves, applying for a personal loan, etc.

Read: From cash to cloud

Identity theft

There is also the danger that these criminals might access data and personal information, such as account information and monthly statements, and then use it to set up new accounts.

Using this form of payment could level consumers without recourse if things go wrong as “EFT payments are final and irrevocable”. So if a consumer wanted to reverse a transaction, they might find it impossible to do so.

Ts&Cs apply 

The authorities also warned that in using instant EFT services, customers might be in breach of their banks’ terms and conditions, as they are giving their internet banking login credentials to third parties.

This concern was echoed by FNB Retail and Private Banking CEO Raj Makanjee, who said consumers must never share or cede control of their banking credentials to any third party whether shopping online or at a physical point of sale.

Makanjee encouraged consumers to rather use other [bank]-backed forms of electronic payment methods.

Read: How to avoid becoming a victim of a phishing scam



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Well, maybe if the credit card companies didn’t charge so much it would not need to exist as a payment method, but they do, since is costs the retailer much less to accept a Instant EFT payment and to use such a provider.

You took the words right out of my mouth. The banks’ real gripe is losing out on the juicy credit card fees they force merchants to pay.

ABSA charges me R1.85 per sms notification. Wanted to close the credit account and I was offered no monthly admin fees for 12 months but still I feel like I am being robbed every time I used their credit card.

Is this just another excuse the banks are using to hold onto your money for longer? I’m finding it increasingly difficult to control my own money at present….the banks have changed systems, reduced competent staff, re introduced credit cards that don’t work, increased fees and made it more difficult somehow to access your own funding… even my private banker doesn’t return calls for help…..somethings up! Or is it just me????

Have encountered no such issues at Capitec (except they don’t have private bankers, but seems your bank doesn’t either anyway and you are paying to have one)

Your “private banker” isn’t really a private banker. It was always a marketing stunt.

completely insane to allow screen scraping, consumers should actively avoid retailers that offer this, it indicates (to me) the retailer is clueless.

consumers should look to using paypal for online as it also adds buyer protection

retailers that can’t afford the credit card fees should adapt their order fulfilment process to only process after a normal EFT clears on their side. They probably don’t like this, as it gives consumer a breather process in which to escape the sales process…

Johan, as an online retailer myself, it seems (to me) that you and the author may be a bit “clueless” (as you state).

Ozow (previously i-pay) and PayFast (South Africa’s largest payment gateway) both provide “instant eft” solutions – which in turn means that over 80k retailers offer this (incl. our SA’s biggest – Takealot).

The majority of South African businesses will also connect their bank accounts to their accounting software via this method (facilitated by Yodlee – a global leader in the field with 33 million users). And many consumers that make use of personal budgeting software (e.g. Old Mutual’s 22Seven product) will also be connecting their accounts this way.

The real issue here is the fee structure and who bears the cost – your suggestion of PayPal results in a fee of around 8% to the retailer. Instant EFT allows retailers to sidestep the exorbitant fees charged by VISA / Mastercard. The worry for banks is the shift away from card use to alternative payment methods.

Rudyard, I am talking about the screen scraper instant EFT. Anything other than your own bank’s app that asks for your online banking credentials is a really stupid idea. Don’t tell me how secure they are, I used to certify system security for insurers. At least if my bank fails, I have recourse. If these guys have a breach I have no recourse to my bank.

while on the topic of aggregators : how come my money disappears on say 12th November per my bank account but it only appears at my municipality the 17th? How big is that free float for the country as a whole?

Johan, all once-off EFT transactions would require your authorization. If you didn’t authorize such via your bank’s app, of course, you’d have recourse against them (together with the instant EFT provider – the biggest being part of the DPO group).

Not sure about your point re the municipality but (not taking into the delay of the municipality’s recon system) the money sits with BankservAfrica during the clearing process.

Banks charge consumers for the instant EFT facility – and then outsource this to a third party. It’s their responsibility if offering it as an option to their clients, to ensure it’s safe and competent.

Are you sure you have this the right way around? The bank is not outsourcing anything, the bank client is the one providing their internet banking credentials to a third party so that the third party can do an instant EFT.


Mactheknife is actually correct. Banks, much like the colossal hospital chains, outsource almost everything. They are just a co-ordinator of resources under strict management. A business model that awards an organisation billions of cash inflows with almost zero(relatively) assets to their name. It is all about;
Cash flow, cash flow, cash flow!

Mactheknife + King Khan, that’s not what’s being referred to here. The article’s not referring to instant eft via your bank platform. It’s referring to an “instant eft” option being offered by a third party – e.g. PayFast or Ozow.

Banks need to build this service and regulators need to step in to make them do this, as was done in Europe. Instant EFT providers, risks acknowledged, are addressing a real need in e-commerce allowing those who do not have access to credit card facilities, or prefer not to have them, a way to pay directly via EFT. VISA and MasterCard take massive fees for every transaction made using their cards, but the European solution is less expensive for the bank, the consumer and the merchant and address the called out security flaws. Step up banks, please!

If your bank account gets cleaned out because a 3rd party Instant EFT platform stuffed up in securing the details, good luck in getting any form of reimbursement from the banks, you broke a gazillion of their T’s and C’s by giving out your account credentials.

Rather use your credit card – this offers more buyers protection than an EFT

Dude, all once-off EFT payments (via instant eft) require you to securely log in to your banking app and approve the payment in the app.

If someone is able to fraudulently approve this, your bank would 100% be to blame.

Not sure about other banks, but my bank (Investec) for online card payments will trigger the smartphone App that I then authenticate myself to without any other interface at all – just Investec. No login credentials typed or scraped or provided anywhere. They then ok whatever platform.

From my experience doing integration with Ozow.
You do NOT give them your bank details. The technical part where your credentials are entered is indeed your bank’s website which is embedded in their app. So they don’t “log in on your behalf”.
I don’t work for Ozow, but been in financial systems for a very long time doing lots of software development to facilitate these functions.

Ozow is PCI-DSS certified. This is not a mickey-mouse certification to attain. So when they store your details, I’m pretty sure it is equivalent to any of the other Banks.

What about the ABSA breach the other day when a lot of customer details were sold by an employee?

When you pay with a card you can get scammed, when you buy online you can get scammed. Bottom line is – be careful and wise who you trust with what, or simply use cash.

End of comments.




Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: