The South African Reserve Bank (SARB) has unveiled a draft directive designed to establish robust compliance measures for entities involved in Instant EFT payments. With the aim of safeguarding consumer data and privacy, this is poised to have a far-reaching impact on the digital payment landscape.
Stakeholders are currently invited to provide their feedback on the directive, which is expected to be enforceable from Friday, 23 June 2023.
No ad to show here.
The surge in popularity of digital payment methods, particularly Instant EFT, has raised concerns about the need for comprehensive legislation to protect consumers and businesses alike. By introducing this directive, SARB aims to ensure that companies offering these payments prioritise stringent measures to safeguard customer information and maintain compliance with regulatory standards.
Highlighting the significance of Instant EFT payments, Junaid Dadan, president of Stitch, stated, “An Instant EFT payment is an automated form of bank transfer designed to be embedded in online purchase flows. This is different from a manual bank transfer because the payment is created automatically.
“Customers don’t need to manually type account numbers, bank information, references, etc., so there’s less friction. Instant EFT payments are faster and easier for customers and make reconciliation much more streamlined for finance teams at the businesses they’re paying into.”
The draft directive tackles critical concerns associated with Instant EFT payments, including end user security, informed consent, clear and transparent information regarding payment processes, robust data privacy and encryption measures, fraud prevention, compliance with established clearing systems, and more.
In addition to addressing these concerns, the directive outlines registration requirements for entities issuing Instant EFT payments, ensuring they possess the necessary in-house expertise and adhere to specific policies. Operational requirements are also outlined, emphasising the need for companies to implement effective risk mitigation strategies, regularly assess vulnerabilities, and establish fair and formal dispute resolution mechanisms.
Traceability of transactions, insurance and liability management policies, and reporting requirements are additional areas covered by the directive, reflecting the comprehensive approach taken by SARB to regulate Instant EFT payments in South Africa.
Recognising the importance of compliance and security, Third Party Payments Providers (TPPPs) such as Stitch have already taken proactive steps to meet SARB’s requirements. Stitch is listed with the Payment Association of South Africa (PASA) as a TPPP and SO (System Operator), indicating their adherence to PASA’s stringent standards. These TPPPs conduct regular penetration tests using certified external vendors to ensure robust security measures and protect customer data.
Stitch has furthermore implemented multiple measures to bolster security, including Multi-Factor Authentication (MFA) for transaction authorisation, transparent communication with customers throughout the payment process, obtaining explicit consent before using online banking credentials for Instant EFT transactions, clearly informing users about the sharing of credentials with a third party, and maintaining a dedicated compliance team well-versed in South Africa’s fintech landscape.
The release of the SARB directive represents a significant step towards regulating Instant EFT payments in South Africa. By establishing a clear framework for businesses operating in this space, SARB aims to enhance consumer confidence and trust in Instant EFT as a secure and seamless digital payment method.
For further details on the SARB directive, stakeholders are encouraged to visit the official SARB website.