• South Africa's financial regulators issued a stark warning against "instant EFT" online payment systems on Thursday.
  • The system is an alternative to paying by credit card, and is used by major providers.
  • But it is fundamentally unsafe, say the Reserve Bank and Financial Sector Conduct Authority, leaving consumers open to fraud, and without recourse if things go wrong.
  • Just stick with credit or debit cards, the regulators say.
  • For more stories go to www.BusinessInsider.co.za.

South African consumers should "be aware of the risks associated with the use of instant electronic funds transfer (EFT) online payment services offered at e-commerce stores", the SA Reserve Bank and the Financial Sector Conduct Authority (FSCA) warned on Thursday.

Thought they stopped short of advising consumers never to use such instant EFT systems, the regulators said consumers should speak to their banks "before proceeding with something marketed and disguised under the premise of convenience" – and should stick with "industry-supported solutions, like paying with their cards (debit or credit cards)"

Instant EFT is an option offered by large third-party payment processors, and is accepted by major online retailers. It is sometimes marketed as avoiding the hassle of card payment, or targets those without cards, while offering merchants the assurance of payment without having to wait for funds to clear.

But it relies screen scraping, "which makes it possible for third parties to access bank account data and automate actions on behalf of a consumer using that consumer’s online banking access credentials", the regulators said – and that carries several risks.

  • "Consumers have no control over how their credentials, and any other data or personal information, are accessed and used by the third party (e.g. account numbers and account statements can be stored and utilised without the consumer’s knowledge or consent)."
  • "Rogue entities might pose as third parties offering instant EFT services on fake e- commerce sites to capture consumers’ access credentials for their bank’s Internet banking websites. From there, such entities might impersonate the consumer and conduct any activity that the consumer would have access to on their online banking platform (e.g. making real-time payments to themselves, applying for a personal loan, increasing transaction limits, and ultimately initiating payments to mule accounts)."
  • "EFT payments are final and irrevocable in nature, and consumers are unable to lodge disputes to reverse a transaction in the event of the online store not honouring their agreement (e.g. not delivering the goods or delivering counterfeit goods)."

By handing over online banking details to a third party, the payer may be in breach of the terms and conditions they agreed with their bank, the regulators said. That, in turn, may mean they have effectively given up "their rights of recourse and any legal protection in the event of suffering fraud and/or subsequent loss."

Receive a daily news update on your cellphone. Or get the best of our site emailed to you.

Go to the Business Insider front page for more stories.