According to a recent Business Tech article, businesses are often unaware that by giving a third-party or software programmes access to their financial information, they are potentially being exposed to the risk of screen scraping. This is a data gathering technique that tricks users into providing internet banking login details to a third-party website.
- The third-party logs onto to your Internet banking using your details. This exposes you to potential risks of fraud, financial crime and data privacy risks
- There are risks associated with instant online EFT (electronic fund transaction) payments
- There are risks for businesses that sign over authority to a third party to access their banking and client information
- The most common screen scraping from a business perspective would be when businesses use software that are authorised to access banking transactions.
- This may also leave your business vulnerable to third parties accessing your company data and even that of your clients.
- Companies that use screen scraping to facilitate transactions on your behalf may have no intention of compromising your account or committing fraud, but the risk remains.
FNB: how to protect your company data
- Be vigilant when it comes to reading through any terms and conditions on any software or website before you click “accept”.
- Make use of an application security testing tool before you sign any agreements authorising access to your company data.
- Cloud-based software is not without its own risks. Insist on having both testing and sandbox environments, providing analysis for security gaps.
- Find out from your third-party software vendors if they use open-source tools in their product. How they deal with open source can be a high risk if not done properly.
- Do not share login credentials with any third parties and never enter these into any third party websites other than their own bank’s legitimate platforms.