I like the card system that BNZ uses (as per the first page), as well as authentication on their app. Seems to work quite well.

zespri:

 

michaelmurfy:

 

It is also vitally important you don't use systems like POLi as this goes against your internet banking terms of use (as systems like POLi "man in the middle you" and login to your internet banking to make a payment) - banks can detect when such systems are used and whilst they allow them, they may use this against you if you get compromised in the future.

 

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.

 

I remember watching my parents use POLi more than a decade ago when I was in my teens and thinking, this doesn't seem right.

I suppose if you're trying to explain this to someone non-technical, say that it's like having some third party follow you into the bank and watch you transfer money into their account, while collecting all your personal banking information and that they *could* come in later and pretend to be you. Oh and if they do, you're screwed because you broke the terms and conditions with your bank.

I've used both Dashlane and Onepass.

Neither of them have proven foolproof in their execution, especially when teamed with Mac OS which cheerfully generates the least memorable passwords in the history of mankind if you are not careful about what you click - and then neither of those two apps seem to remember the passwords Safari created. Dashlane won't generate passwords in iOS as far as I can tell although it will - in a different part of the app - in OSX.

Is Lastpass any better?

zespri:

 

This is something I find very puzzling. POLi should not exist the way it is and has been, yet, it's allowed. I'm a technical person, so I know how bad it is, but to convince a non-techie, that POLi is much worse than, say paying via a credit card, or internet banking is very difficult, because it's all the same to them. When POLi first appeared on my radar I was hoping that it would be closed down soon, so apparently it is insecure. Yet it keeps being around a year after year.

 

Do you know who owns POLi? The Australian Government. It's a subsidiary of Australia Post. The banks won't do anything to irritate the government after last year's royal commissions.

1024kb: Co-operative Bank received a serve from me regarding their account security. My initial complaint was that they limit passwords (stop right there!) to 10 characters, a stupidity which has not changed. The more concerning issue - one that was corrected - had the app refusing special character input when creating a password. It would allow specials as input when confirming an existing password but not when creating. This issue was addressed by the developer.

Westpac Australia is worse. Password is six characters (ONLY). Alphanumeric. No special characters. Case insensitive. Default 2FA is SMS, and only on transfers to new payees. Of course if you call them up and claim you roam internationally a lot they'll send you an RSA SecurID token for free.

rugrat:

 

I haven't used it but see some places have EFT POS available as an online payment.

 

To use looks like need banking applic on phone, guessing it gives a code to type into website.

 

Places I've seen it is Skinny top up, and KFC ordering online.

 

With the Skinny one BNZ wasn't on list of banks that support it, but I use mobile top up in bank applic anyway, and the KFC used credit card.

 

Is EFTPOS one safe?

 

Yup, that's a Paymark innovation - Online EFTPOS - https://www.paymark.co.nz/products/online-eftpos/.

Kyanar:

 

rugrat:

 

I haven't used it but see some places have EFT POS available as an online payment.

 

To use looks like need banking applic on phone, guessing it gives a code to type into website.

 

Places I've seen it is Skinny top up, and KFC ordering online.

 

With the Skinny one BNZ wasn't on list of banks that support it, but I use mobile top up in bank applic anyway, and the KFC used credit card.

 

Is EFTPOS one safe?

 

 

Yup, that's a Paymark innovation - Online EFTPOS - https://www.paymark.co.nz/products/online-eftpos/.

 

Thanks, hopefully more banks support it in future. Looks like only four at moment, with  two of them being what I recognize as big ones -ASB, Westpac.

chevrolux:

 

So why can't POLi just get vetted and certified for use with the banks? And until that point, the banks block it.

 

Because you are dead right, paying a surcharge just for the "privilege" of using a credit card is bollocks. 

 

Either that, or the banks/card companies pull their heads our of their asses in term of their transaction fees.

 

The cynical answer is the banking system doesn't want to disrupt the Visa/Mastercard gravy train.

It'd be fairly amusing to see them try and deny fraud claim based on POLi. If they can detect the POLi transactions and do nothing about it they are failing a basic duty of care if they later deny a fraud claim. They'd probably do it, in line with all their standard operating procedure but of charging the most but delivering the least. The publicity would be explosive.

Handle9:

 

The cynical answer is the banking system doesn't want to disrupt the Visa/Mastercard gravy train.

 

It'd be fairly amusing to see them try and deny fraud claim based on POLi. If they can detect the POLi transactions and do nothing about it they are failing a basic duty of care if they later deny a fraud claim. They'd probably do it, in line with all their standard operating procedure but of charging the most but delivering the least. The publicity would be explosive.

 

Again, the primarily Australian-owned banks aren't going to upset POLi because of who owns it - Australia Post, and by extension the Australian Government. The same government that instituted a royal commission into the same banks last year in an attempt to not find anything, but accidentally uncovered evidence of rampant irresponsible and in some cases downright illegal behaviour.

Guys. This is way off topic. Please start a new thread if you want to continue discussing it.