When it comes to payment options, South African e-commerce users have been massively constrained for most of the retail category’s history.
By Murray Gardiner, MD of Bluecode Africa
Those fortunate enough to have credit or debit cards and access to a PC, still face cumbersome payments, with 3D secure and bank authorisations required to prevent on-line fraud. The only other legal option is to use an electronic funds transfer (EFT). The trouble with that is that it’s slow and expensive. In a bid to get around the latter issue and open up e-commerce markets, a number of fintech companies have exploited gaps in the regulation to create a workaround. It’s called screen scraping and it’s dangerous.
Screen scraping involves third-party companies accessing consumer bank accounts by offering a portal that mirrors the bank’s online banking interface and feels like a typical online banking login page. The customer unwittingly enters their banking information, which is then captured and stored by the third-party fintech company. As a result, the third-party can log in to the customer’s account as if it were the customer, and the bank is unable to detect the difference.
Not Open Banking
In a bid to defend this practice, the companies behind it claim that it is analogous to Open Banking, the system of allowing access and control of consumer banking and financial accounts through third-party applications. This is a false equivalency. European Open Banking laws were designed to improve efficiency, empower consumers, and level the playing field in payments by allowing customers to decide who can have access to their accounts for payment authorisation in a safe and secure manner. Additionally, the third parties who make use of these open banking provisions are well regulated and work directly with banks and financial institutions to access customer accounts in a more secure and faster way.
In South Africa, screen scrapers ignore the regulations that require them and every other payment service within the national payment system (NPS) to get approval from the South African Reserve Bank (SARB). Instead, they operate under the radar. The consumer assumes that the payment is safe, secure and regulated, but it is not. And as much as the screen scraping companies might insist that they keep customer information safe, they cannot guarantee that is the case. Also, because the service is not approved by or aligned with the bank if the bank changes its web portal, the screen scrapers have to quickly catch the change to avoid transaction fails. This is to say nothing about the excessive fees charged for the ‘convenience’.
At the same time, as e-commerce becomes increasingly important to the South African retail space, it’s pivotal that outlets do everything they can to steer clear of fraud. But most attempts to reduce fraud come up against providing a good customer experience. For example, current card-based services, especially from an e-commerce perspective, require interactions that slow the transaction process down and increase costs and points of failure in transaction processing. The costs and limitations of card-based payments place a burden on retail and limit who can have a card and who can accept card payments.
A different approach
So, how do retailers provide a great e-commerce experience while keeping customers safe? What’s needed is a mobile, contactless, secure, cost-effective payments service that is instant. In order for that to happen, South Africa must eventually embrace true Open Banking. Additionally, the banking industry must develop secure control systems and protocols that require third-party providers to be identified and authenticated by banks as they access customer data.
At the same time, NPS regulations should be reviewed to ensure that they do not stifle innovation. Instead, they should encourage innovative new payments services that comply with the security rules and regulations. If banks wish to enter into agreements with secure account rail-based payments, regulation should not get in the way and should simply provide a no-objection authorisation for participating qualified financial institutions. But rather than siloed bespoke QRs that will fragment the market, the industry needs to embrace an open loop domestic account rail scheme.
As dangerous as screen scraping can be, it’s important to realise that it is a response to demand first realised in Europe. More specifically, it was able to copy an unsound foreign practice because the SARB and the Payments Association of South Africa (PASA) have not yet provided an alternative to card scheme-based services. If they instead provided a low fee, instant, secure, anonymous, non-card-based token service as an alternative, the threat of screen scraping would dissipate significantly, and e-commerce could make significant strides forward and include the majority.