Safer online shopping

Be careful when using your personal and card information to shop online. We do our best to provide world-class security on your accounts, but only you can stop scammers from tricking you into giving them access.

Although it has been around for decades already, online shopping only really took off in South Africa during the COVID-19 pandemic. The convenience of home delivery, together with how easy it is to compare prices online, made it the perfect choice for everybody with reliable internet connections. But as its popularity grows, so it attracts more scammers and criminals. Just like in real life, it’s important to stay alert and avoid being targeted.

Fortunately, we have several solutions in place to improve your shopping safety. For instance, when you buy something online with your Standard Bank card, you may receive a one-time PIN (OTP) via SMS or email to authorise your transaction. The OTP protects you from fraudsters who may have stolen your Standard Bank card details elsewhere.

When buying online, you will be required to provide the following:

  • Your card number (on the front of the card)
  • Card expiry date
  • Card validation code (CVC) (the last 3 digits on the back of your card)

Note: the bank will never ask you for your OTP.

These services are a good foundation for your online shopping safety. But there are other ways that criminals can target you which don’t rely on your Standard Bank card at all. How can you defend yourself from fraudsters and scammers? 

How to shop safely online

  • Only pay for goods or services from online companies you recognise and trust. If you are unsure, our Escrow service will provide peace of mind.
  • Look for security symbols in the URL such as an unbroken lock or key (you will find it to the left of the website address, or URL, at the top of your browser).
  • Make sure the URL begins with ‘https’ and not ‘http’.
  • Keep a record of your transactions and payment confirmations and verify them against your bank statement.
  • If you need to pay for goods or services via email, use our Escrow service.
  • Never share your OTP and Standard Bank card PIN with anyone. Standard Bank staff will NEVER ask you for these details for any reason.
  • Don’t use internet cafés or public Wi-Fi to shop online or access your mobile banking app or internet banking.

Watch out for these scams

There are many ways that scammers can try to defraud you out of your money. These are some of the most common:

  • Phishing scams involve fake emails that seem to come from your bank, SARS or other important institutions. They might include frightening messages (including scam warnings!) or simply look like monthly statements. They always include a link, which might download malware onto your computer or device but usually takes you to a website that looks like a legitimate login page. When you try to log in, they steal your username and password.
  • Spear phishing is a more targeted version of phishing. Scammers will use social media to research a company’s senior management or financial staff to find out who their colleagues are and then customise fake emails. These might look like an invoice from a regular client or a demand from the CEO that an urgent payment be made. These messages are often very convincing. Sometimes the goal is to steal login details by making you click a fake link, as with regular phishing. Other times, the fraudster is trying to trick you into sharing confidential information or making unauthorised payments.
  • Change of banking details scams happen when a hacker can get into your company email and intercept invoices. They edit them, replacing payment information with their own bank details, and then send them on to your customers. Your customers have no reason to suspect anything is wrong and pay their bills into the new, fake account. This scam can also be done via spear phishing.

How to protect yourself

  • Never click links in emails or SMSs. Rather enter the website URL manually and then navigate to the required page.
  • Be suspicious. If your CEO doesn’t normally mail you personally, then you should be suspicious if they suddenly ask you to make payments. Contact them directly (don’t click ‘reply’ or you could end up speaking to the scammer!) and ask them to confirm. If they are too busy, speak to their PA.
  • Pay attention to details. Scammers often try to fake email addresses by registering a similar domain. If you received an email from the fake address ‘[email protected]’, would you have noticed that the first ‘d’ was swapped for a ‘b’?
  • Stay alert. Unusual behaviour should always be checked. If you receive an invoice that you weren’t expecting, or if the banking details for a payment have changed, call or email your regular contact and ask them about it.
  • Protect your information. Information such as bank details, company registration numbers and contact details are very useful for scammers targeting your company. Shred any documents containing such information before dumping them and be very careful whom you provide this information to.
  • Consider using AVS. Account verification services (AVS) help you check who owns a bank account to ensure that you are paying the right person or entity.
  • Use our Escrow serviceThis will protect both buyers and sellers from payment disputes and fraud by ensuring that money is paid on time and that the expected goods or services have been delivered.