Publications
Screen scraping is a tactic often used by criminals to steal data, but financial services companies are increasingly making legitimate use of it. Angelique Ruzicka looks at what the process entails and how consumers can protect themselves.
Screen scraping can be hugely beneficial if used legitimately. It is the process of collecting display data from one application and translating it so that another application can display it. It allows third-party companies to access financial transaction data when a consumer logs in to a digital portal, and allows this portal to access their banking and other personal information.
Plenty of financial services companies make use of this technique, including lenders, financial management apps, personal finance dashboards and accountancy service providers. Budgeting apps commonly use screen scraping technology to show consumers – in real time – where their money is coming from and going to.
There are typically security measures in place. With an online payment platform such as financial technology start-up Ozow, for example, consumers will log in using their online banking credentials, which are encrypted and passed directly to the bank. Ozow then automates any payments via EFT for the consumer to approve.
Thomas Pays, co-founder and CEO of Ozow, says:
Digital overlay services have been used since the 1980s across a variety of industries. Some of the largest digital companies are built on these overlays, including the likes of tech giants Google, Yodlee and QuickBooks.
The practice can make online banking and transacting more accessible.
Pays points out:
THE RISKS
But not all financial institutions back the practice.
Ravi Shunmugam, CEO of EFT product house at FNB, says:
Shunmugam admits that the process of screen scraping itself was not specifically developed for fraudulent or criminal purposes, but warns that consumers still need to be aware of the risks involved.
“No matter how reputable the retailer or app may be, the simple fact is that when you share your login details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks, not least because your account’s security and data privacy can easily be compromised.”
PROTECT YOUR DATA
It’s important to arm yourself with as much information as possible to distinguish between a legitimate scraping transaction and a criminal one. If you’re in any doubt about whether to use a service that implements screen scraping, talk to your bank about it or read up about it using financial education tools.
1. Don’t share your login details: “Never enter these in any website or app other than your own bank’s legitimate platforms. Your login credentials are highly sensitive and should never be divulged,” says Ravi Shunmugam, CEO of EFT product house at FNB.
2. Shop on secure websites: “This means the site should have [secure sockets layer] SSL encryption installed. The URL for the website should start with https rather than just http,” advises Shunmugam.
3. Choose your payment process carefully: “Choose to pay securely via virtual card, scan-to-pay or with your credit or debit card rather than making an instant EFT payment.”
4. Read through the terms and conditions carefully: Money Smart Week advises consumers to use a security testing tool before accepting terms and conditions: “Make sure that no high risks are identified. If anything is highlighted, immediately let the website host know so that they can make the necessary adjustments.”
5. Ask questions about open-source tools and products: Money Smart Week explains: “Find out how third parties deal with open source and what precautions they have taken to avoid risks. Make sure that the third party has a way to track and identify open-source codes so that they can develop patches quickly if their product is identified as vulnerable.”
6. Improve your security: If there’s been a breach, reset your login details and use a password that’s hard to guess. Don’t use the same password across multiple accounts.
