What is screen scraping, and is it safe?

accreditation
0:00
play article
Subscribers can listen to this article
It is the process of collecting display data from one application and translating it so that another application can display it. Photo: iStock
It is the process of collecting display data from one application and translating it so that another application can display it. Photo: iStock

Personal Finance


Screen scraping is a tactic often used by criminals to steal data, but financial services companies are increasingly making legitimate use of it. Angelique Ruzicka looks at what the process entails and how consumers can protect themselves.

Screen scraping can be hugely beneficial if used legitimately. It is the process of collecting display data from one application and translating it so that another application can display it. It allows third-party companies to access financial transaction data when a consumer logs in to a digital portal, and allows this portal to access their banking and other personal information.

Plenty of financial services companies make use of this technique, including lenders, financial management apps, personal finance dashboards and accountancy service providers. Budgeting apps commonly use screen scraping technology to show consumers – in real time – where their money is coming from and going to.

There are typically security measures in place. With an online payment platform such as financial technology start-up Ozow, for example, consumers will log in using their online banking credentials, which are encrypted and passed directly to the bank. Ozow then automates any payments via EFT for the consumer to approve.

Thomas Pays, co-founder and CEO of Ozow, says: 

A key step in the process is the two-factor authentication, for which the bank communicates directly with the consumer to authorise the payment. Two-factor authentication or multifactor authentication is an essential step of the process, sent outside of Ozow by the consumer’s bank and approved in-app, with unstructured supplementary service data or in the form of a one-time pin.

Digital overlay services have been used since the 1980s across a variety of industries. Some of the largest digital companies are built on these overlays, including the likes of tech giants Google, Yodlee and QuickBooks.

The practice can make online banking and transacting more accessible.

Pays points out: 

With the rise of cashless payments, peer-to-peer payments and e-commerce over the past year, enabling consumers to transact with convenience, ease and trust is imperative. This is particularly important for the 49 million South Africans with a bank account, as well as the millions who are currently unbanked and underserved.

THE RISKS

But not all financial institutions back the practice.

Ravi Shunmugam, CEO of EFT product house at FNB, says: 

FNB does not support the practice of screen scraping and is strongly opposed to third-party service providers requesting access to customers’ bank login credentials via non-bank websites or apps. FNB is working closely with the country’s payments industry bodies to highlight the potential risks of these practices to consumers, banks and merchants alike to fast-track stronger regulatory oversight.

Shunmugam admits that the process of screen scraping itself was not specifically developed for fraudulent or criminal purposes, but warns that consumers still need to be aware of the risks involved.

“No matter how reputable the retailer or app may be, the simple fact is that when you share your login details with a third party, even in a secure environment, you expose yourself to financial crime and privacy risks, not least because your account’s security and data privacy can easily be compromised.”

PROTECT YOUR DATA

It’s important to arm yourself with as much information as possible to distinguish between a legitimate scraping transaction and a criminal one. If you’re in any doubt about whether to use a service that implements screen scraping, talk to your bank about it or read up about it using financial education tools.

How to protect your money from criminal scrapers

1. Don’t share your login details: “Never enter these in any website or app other than your own bank’s legitimate platforms. Your login credentials are highly sensitive and should never be divulged,” says Ravi Shunmugam, CEO of EFT product house at FNB.

2. Shop on secure websites: “This means the site should have [secure sockets layer] SSL encryption installed. The URL for the website should start with https rather than just http,” advises Shunmugam.

3. Choose your payment process carefully: “Choose to pay securely via virtual card, scan-to-pay or with your credit or debit card rather than making an instant EFT payment.”

4. Read through the terms and conditions carefully: Money Smart Week advises consumers to use a security testing tool before accepting terms and conditions: “Make sure that no high risks are identified. If anything is highlighted, immediately let the website host know so that they can make the necessary adjustments.”

5. Ask questions about open-source tools and products: Money Smart Week explains: “Find out how third parties deal with open source and what precautions they have taken to avoid risks. Make sure that the third party has a way to track and identify open-source codes so that they can develop patches quickly if their product is identified as vulnerable.”

6. Improve your security: If there’s been a breach, reset your login details and use a password that’s hard to guess. Don’t use the same password across multiple accounts.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24

E-Editions

Read the digital editions of City Press here.
Read now
Voting Booth
President Cyril Ramaphosa has announced that SA’s vaccine passport plans are coming on. What are your thoughts?
Please select an option Oops! Something went wrong, please try again later.
Results
We cannot be forced
28% - 61 votes
It’s critical
25% - 55 votes
Vaccines save lives
47% - 104 votes
Vote