Anyone used POLi Payments ?

Forums › Off topic › Anyone used POLi Payments ?

1 | 2 | 3 | 4 | 5

2044 posts

Uber Geek

ID Verified

Lifetime subscriber

#1964443 26-Feb-2018 14:13

@michaelmurfy Yep I don't need convincing of the issues, I was just very surprised that the majority of banks made no mention of POLi. As someone else pointed out, given the apparent endorsement by large organisations like AirNZ, I doubt if most people would go searching further and would simply see it as a way of avoiding Credit Card fees.

littlehead

214 posts

Master Geek

#1964547 26-Feb-2018 14:43

stinger:

Having said that, the Australian banks have introduced Pay ID last month, which allows you to pay anyone instantly (less than one minute) without needing to know the recipients BSB and account number. Would be nice if the banks introduced that here, especially since the big four NZ banks are Australian owned.

There are security issues with PayID as well, though of a different sort.

Back to POLi, the first time I saw this i thought it was malware. Back then it was either the ActiveX control or the ClickOnce mini browser version, and my mother asked me to help her with it. I immediately pulled the network cable and did virus scans etc. I thought the website store had been hacked. I was about to start the process of backing up and wiping the machine when I did more research on POLi and found it was "legit".

POLi to me is incredibly bad, and when people have asked me about it, I always tell them to stay away from it.

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#1964691 26-Feb-2018 17:24

surfisup1000:

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case).

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart ~~money laundering~~ deposit ATMs.

MileHighKiwi

782 posts

Ultimate Geek

ID Verified

Lifetime subscriber

#1964729 26-Feb-2018 18:51

sbiddle:
MileHighKiwi:
sbiddle:
The Reserve Bank inquiry into interchange fees was supposed to come out around the middle of last year. There has been silence from the incoming government who were very vocal about this when in opposition.

An announcement from banks and credit card companies is imminent. Don't get your hopes up though, the changes are minimal.

Umm this has nothing to do with banks or credit card companies - it's the Reserve Bank leading the inquiry and the ultimate outcome will be slashing of interchange to follow recent changes in Australia and in the UK and EU.

I'm not sure about the RBNZ but MBIE has completed a review of interchange fees and written to card schemes seeking 'clarity' on the fees. Some card schemes may be taking proactive measures to address some of the issues raised in the review....

Card schemes set the maximum interchange level and banks set their rates accordingly, usually at the maximum level permitted. Then they add their processing margin. Acquiring banks pay interchange to issuing banks, They also pay additional scheme fees to the card companies. Card schemes Don't charge merchants directly. Therefore banks are absolutely involved in this review and any changes as a result, because they administer the fees.

dafman

3928 posts

Uber Geek

Trusted

#1964733 26-Feb-2018 19:16

Use POLi all the time for air tickets. Just used it tonight for Jetstar booking. No issues, works fine.

Surprised to read what I have, but happy to use it for low value flights which I'm not prepared to pay $5 extra to the credit card companies.

surfisup1000

5288 posts

Uber Geek

#1964741 26-Feb-2018 19:33

Kyanar:

surfisup1000:

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case).

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart money laundering deposit ATMs.

Call them a phishing site and lay a police complaint.

dafman

3928 posts

Uber Geek

Trusted

#1964801 26-Feb-2018 21:32

surfisup1000:

Kyanar:

surfisup1000:

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case).

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart money laundering deposit ATMs.

Call them a phishing site and lay a police complaint.

I don't get this. Definitely not a phishing site. If you don't want to use POLi, then don't. End of.

Leave me, and the thousands of happy users who have never had an issue with it, to happily keep using it.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

debo

307 posts

Ultimate Geek

#1964833 26-Feb-2018 22:41

From Air New Zealand's web site on Poli:

"POLi is an online payment option you can use to safely pay for your flights directly from your bank account.

Internet banking is a great payment option if you do not have a credit card, or would prefer not to add to your credit card balance. When you pay with POLi the transaction is completed within the security of your bank's online banking service and at no time are your personal banking login details disclosed to Air New Zealand or POLi. "

How can you be in breach of bank's T&Cs if you at no time disclose your login details?

An interesting read on AirNZ credit card fees in Australia after their CC rules changed-

www.ausbt.com.au/air-new-zealand-introduces-new-1-1-credit-card-booking-fee

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1964866 27-Feb-2018 07:40

debo:

When you pay with POLi the transaction is completed within the security of your bank's online banking service and at no time are your personal banking login details disclosed to Air New Zealand or POLi. "

How can you be in breach of bank's T&Cs if you at no time disclose your login details?

This is generic text used by POLi - and is basically a load of rubbish because it doesn't really mean what you probably think it does. POLi is effectively a MITM attack presenting you with a fake login site hosted by POLi on its servers acting as a reserve proxy, and then taking your login details when you enter them and inserting them into your bank site behind the scenes to complete the transaction.

Your details are are at no point logged by POLi, but you are entering your banking details into a 3rd party website, which breaches the T&C of ANZ, ASB, BNZ, Westpac and Kiwibank just to name a new. ASB had a huge public spat with POLi a few years ago.

I don't believe there is a risk in using POLi, but that doesn't change the fact it's an incredibly dodgy product offering that I would certainly never touch because I don't want to support it.

If anybody objects to paying Air NZ credit card fees you can just use your OneSmart card which doesn't incur any.

kiwifidget

"Cookie"
3423 posts

Uber Geek

Lifetime subscriber

#1964888 27-Feb-2018 09:08

If you changed your banking password after each POLi use, would you be better protected?

Delete cookies?! Are you insane?!

solutionz

589 posts

Ultimate Geek
Inactive user

#1964991 27-Feb-2018 11:28

sbiddle:

Your details are are at no point logged by POLi, but you are entering your banking details into a 3rd party website...

I don't believe there is a risk in using POLi...

That's a big assumption.

POLi certainly have the ability to log your credentials so from a security standpoint you have to assume they are; either directly or indirectly though debugging logs, server cache, cloudbleed-like vulnerabilities (it would be impossible for them to prove they aren't) or malware install on the POLi servers.

This introduces an attack vector whereby a third party could gain access to your banking credentials and thus your funds via POLi.

When you log directly into your internet banking; your password in encrypted locally and sent encrypted to the bank va SSL.

When you login via POLi; your password is encrypted by you and sent to them, then decrypted by them, then re-encrypted and sent to the bank.

At the point the credentials are sitting there decrypted on POLi servers they are highly vulnerable to all sorts of attack, and your bank is not likely to cover you for those losses.

michaelmurfy

meow
13260 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1964998 27-Feb-2018 11:40

kiwifidget:

If you changed your banking password after each POLi use, would you be better protected?

Most banks fraud systems would detect this as ongoing behavior and would likely flag you as a high risk depending on the system. Even if you use it for a transaction and change your password you're passing a whole lot more details over to them (and much more than I'd feel comfortable with). For example, whats to say they're not doing a dump of your statements, spending habits and other personal details like account balances?

Technically the answer is yes but really the answer is no as some banks have information contained in internet banking only you (and the banks staff members) should ever see. With some internet banking systems there is other considerations to take in account too since they provide almost enough information for identity theft.

Only you, and you alone should log into your internet banking. No third parties, no friends, no other family members etc.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

dafman

3928 posts

Uber Geek

Trusted

#1965025 27-Feb-2018 12:17

Four reasons why I am more than comfortable using POLI:

1. POLi is promoted by Air NZ, Jetstar, NZ Transport Agency (a NZ government department!), and the Warehouse. Air NZ state on their website "POLi is an online payment option you can use to safely pay for your flights directly from your bank account." So all these significant NZ organisations reputations are on the line and they are comfortable with promoting the service. Imagine the immense negative publicity if payments promoted by some of our biggest companies as safe went astray!

2. POLi is owned by Australia Post who are owned by the Australian government.

3. My bank is happy to allow access via POLi

4. No additional payment processing fees.

PhantomNVD

2619 posts

Uber Geek
Inactive user

#1965030 27-Feb-2018 12:27

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?

stinger

628 posts

Ultimate Geek
Inactive user

#1965033 27-Feb-2018 12:33

PhantomNVD:

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?

I assume that the app on your smart phone stores your username/customer id and password encrypted, and uses the pin or fingerprint to decrypt it.

1 | 2 | 3 | 4 | 5