National Payment System Act, 1998 (Act No. 78 of 1998)NoticesDirective in respect of issuing of Electronic Funds Transfer Credit Payment instructions on behalf of the payer in the National Payment System2. Background |
| 2.1 | In terms of section 10(1)(c) of the South African Reserve Bank Act 90 of 1989, as amended (SARB Act), the South African Reserve Bank (SARB) is required to perform such functions, implement such rules and procedures and, in general, take such steps as may be necessary to establish, conduct, monitor, regulate and supervise payment, clearing or settlement systems. Furthermore, the NPS Act provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in the Republic of South Africa and for connected matters. |
| 2.2 | The national payment system (NPS) encompasses the entire payment process, from payer to beneficiary, and includes settlement between banks. The process includes all the tools, systems, instruments, mechanisms, institutions, agreements, procedures, rules or laws applied or utilised to effect payment. The NPS is a primary component of the country’s monetary and financial system as it enables the circulation of money, assisting transacting parties to make payments and exchange value. |
| 2.3 | The SARB is empowered in terms of section 12 of the NPS Act to issue directives, after consultation with the payment system management body, to any person regarding a payment system or the application of the provisions of the NPS Act. Currently, the Payments Association of South Africa is recognised by the SARB in section 3 of the NPS Act as a payment system management body to organise, regulate and manage the participation of its members in the payment system. |
| 2.4 | In recent years, the payment industry has witnessed the emergence of financial technology (fintech) companies that leverage technology to offer innovative tools, products and services. These tools, products and services are offered particularly in the e-commerce environment with minimal regulatory oversight. One such tool is screen scraping, which is used by a person, usually a fintech company, in partnership with beneficiaries, to conduct screen scraping to issue electronic funds transfer credit payment instructions. Although screen scraping is popular in e-commerce payment transactions, it is now growing in usage in other payment activities such as bill payments and the funding of electronic wallets, which are facilitated by a person that issues electronic funds transfer credit payment instructions on behalf of payers. |
| 2.5 | Screen scraping is largely conducted without the informed consent of the payer, the understanding of the implications of sharing the credentials as well as using the branding of clearing system participants without approval. This practice exposes the NPS, including the participants and payers to risks such as those stipulated in paragraphs 2.5.1 to 2.5.6. These risks have a negative impact on the integrity, efficiency, security and confidence in the NPS. These risks include but are not limited to: |
| 2.5.1 | Lack of informed consent and understanding of the implications of sharing the credentials: Many payers that use the front-end interface of a person issuing electronic funds transfer credit payment instructions on behalf of the payer, using screen scraping, are not informed that by entering their online banking credentials, they are not logging on to their actual clearing system participant’s proprietary online banking platform and do not understand the implications of sharing their credentials. Instead, they are sharing their online banking credentials with a person to issue electronic funds transfer credit payment instructions on their behalf. The use of payers’ online banking credentials without their informed consent and understanding of the implications in so doing has a negative impact on the integrity of payments and security of the NPS. |
| 2.5.2 | Misleading perception that the payment is instant: A person issuing electronic funds transfer credit payment instructions on behalf of the payer, using screen scraping, usually markets its service as providing an ‘instant or fast payment’ to the beneficiary’s account. This is misleading as a normal electronic funds transfer credit payment instruction does not necessarily result in the funds being credited into the beneficiary’s account instantly unless the payer chooses the faster payments option to process the payment into the beneficiary’s transactional account, or a transaction is an intrabank (on-us) transaction processed directly into the beneficiary’s transactional account. Misleading payers and beneficiaries that the payment is instant undermines the integrity of payments and confidence in the NPS. |
| 2.5.3 | Conducting sort-at-source: A person may use screen scraping to perpetuate the sort-at-source practice by using bank accounts from multiple banks to ensure that payments are on-us transactions, resulting in an ‘instant’ payment. Conducting sort-at-source negatively impacts the NPS as it goes against the SARB’s objectives of promoting efficiency, safety, interoperability, transparency, modernisation and optimisation of interchange fees. |
| 2.5.4 | Lack of data privacy: Screen scraping puts payers’ online banking credentials at risk of being compromised. Payers have no control over how their credentials and any other data or personal information are accessed, processed, used and stored by the person issuing an electronic funds transfer credit payment instruction on their behalf (e.g. account numbers and account statements may be stored and utilised without the payer’s informed consent). This undermines the public’s trust and confidence and security of the NPS. |
| 2.5.5 | Exposure to fraud: Rogue entities may pose as persons issuing electronic funds transfer credit payment instructions on behalf of payers, using screen scraping, on fraudulent e-commerce sites to capture payers’ online banking access credentials. Such entities may impersonate the payer and conduct any activity that the payer would have access to on their online banking platform (e.g. making real-time payments to themselves, applying for a personal loan, increasing transaction limits and ultimately initiating payments to mule transactional accounts). Similar to a lack of data privacy, fraud weakens the public’s trust, and confidence in and integrity and security of the NPS. |
| 2.5.6 | Risk of financial loss or non-delivery of the goods/services purchased: electronic funds transfer credit payments are final and irrevocable in nature and payers may face challenges when lodging disputes to reverse a transaction in the event of the beneficiary not honouring the agreement (e.g. not delivering the goods or delivering incorrect or counterfeit goods). Payers might also be held liable for the interest payable on such amounts when payment was made from the credit card account or overdraft facilities of the payer. This would significantly and negatively impact the efficiency, integrity and security of the NPS. |