FNB warns of screen scraping scam targeting businesses

According to a recent Business Tech article, businesses are often unaware that by giving a third-party or software programmes access to their financial information, they are potentially being exposed to the risk of screen scraping. This is a data gathering technique that tricks users into providing internet banking login details to a third-party website.

• The third-party logs onto to your Internet banking using your details. This exposes you to potential risks of fraud, financial crime and data privacy risks
• There are risks associated with instant online EFT (electronic fund transaction) payments
• There are risks for businesses that sign over authority to a third party to access their banking and client information
• The most common screen scraping from a business perspective would be when businesses use software that are authorised to access banking transactions.
• This may also leave your business vulnerable to third parties accessing your company data and even that of your clients.
• Companies that use screen scraping to facilitate transactions on your behalf may have no intention of compromising your account or committing fraud, but the risk remains.

FNB: how to protect your company data

• Be vigilant when it comes to reading through any terms and conditions on any software or website before you click “accept”.
• Make use of an application security testing tool before you sign any agreements authorising access to your company data.
• Cloud-based software is not without its own risks. Insist on having both testing and sandbox environments, providing analysis for security gaps.
• Find out from your third-party software vendors if they use open-source tools in their product. How they deal with open source can be a high risk if not done properly.
• Do not share login credentials with any third parties and never enter these into any third party websites other than their own bank’s legitimate platforms.