Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicAnyone used POLi Payments ?
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
stinger
628 posts

Ultimate Geek
Inactive user


  #1965034 27-Feb-2018 12:35
Send private message

dafman:

 

2. POLi is owned by Australia Post who are owned by the Australian government.

 

 

Well that's my confidence shattered, three breaches in four weeks http://www.news.com.au/technology/australia-post-hit-by-security-breach-again/news-story/46046eb996a740452ac8cd9b55cdfe0e



solutionz
589 posts

Ultimate Geek
Inactive user


  #1965035 27-Feb-2018 12:36
Send private message

PhantomNVD:

 

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?

 

 

Not necessarily, usually your device is issue a token (like a cookie) by the app server which remains valid under a defined set of circumstances.

coffeebaron
6235 posts

Uber Geek

Trusted
Lifetime subscriber

  #1965053 27-Feb-2018 13:17
Send private message

PhantomNVD:

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?


Are you using a 3rd party banking app?




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com



michaelmurfy
meow
13260 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1965054 27-Feb-2018 13:19
Send private message

dafman:

 

1. POLi is promoted by Air NZ, Jetstar, NZ Transport Agency (a NZ government department!), and the Warehouse. Air NZ state on their website "POLi is an online payment option you can use to safely pay for your flights directly from your bank account." So all these significant NZ organisations reputations are on the line and they are comfortable with promoting the service. Imagine the immense negative publicity if payments promoted by some of our biggest companies as safe went astray!

 

2. POLi is owned by Australia Post who are owned by the Australian government.

 

3. My bank is happy to allow access via POLi

 

Trust me. Your bank is not happy with anyone using POLi. It is hard to stop as POLi scrape internet banking sites. They also don't have any API access. Many banks have asked them to stop however all they do is remove the banks logo from the site and call it a day. This goes for all banks, it a massive security risk you're exposing yourself to.

 

For your first point - they don't care. They get the money and for your second point again that doesn't matter, it is still a third party service. If you're happy with a third party logging into your internet banking and collecting your data then so be it but I bet if you specifically asked your bank then by now they've classed your bank account as compromised even if you're using 2FA.

 

You're knowingly breaking your internet banking terms and conditions with using any third party service since you're passing your login details directly across to that service. I also know full well what data they're collecting when you login as everything is logged against your account with any bank in NZ.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

reven
3743 posts

Uber Geek

Trusted

  #1965058 27-Feb-2018 13:31
Send private message

it comes down to.

 

- if you accept the fact that buy entering your username/password into a 3rd party, that if something happens along the way, and your money is taken (which could be done in the future, they could save the username/password latter for a massive attack) the bank will say "tough".

 

 

 

I tell everyone not to use it.  its just stupid.  if a company charges more for a credit card payment (PBTech), they simple do not get my business.  There are plenty of other companies out there willing to take my money in a safe/protected/insured by the bank way.

 

I dont care who owns it, Im sure its security is a lot less than the banks security.  and if the bank security is compromised, its the banks problem, they will refund your money.  POLI will tell you to bugger off.

solutionz
589 posts

Ultimate Geek
Inactive user


  #1965083 27-Feb-2018 13:53
Send private message

I comes down to risk management.

 

For most users it is probably not worth the risk; over debit card, credit card or bank transfer.

 

I personally do still use POLi in very specific cases to help mitigate other risks such as exchange rate fluctuations, fees, opportunity loss and extended exposure with bank transfer & processing.

 

In these cases however I use a dedicated online banking login with access to only that account (a separate bank to my normal banking) for that purpose with 2FA enabled.

mattwnz
20164 posts

Uber Geek


  #1965151 27-Feb-2018 14:45
Send private message

reven:

 

it comes down to.

 

- if you accept the fact that buy entering your username/password into a 3rd party, that if something happens along the way, and your money is taken (which could be done in the future, they could save the username/password latter for a massive attack) the bank will say "tough".

 

 

 

I tell everyone not to use it.  its just stupid.  if a company charges more for a credit card payment (PBTech), they simple do not get my business.  There are plenty of other companies out there willing to take my money in a safe/protected/insured by the bank way.

 

 

 

 

You can still pay by direct credit to these companies though can't you? Some like mightyape uses ASB banks online eftpos as an option too, where it connects directly to the bank, rather than using a third party system. I am guessing that is safer, as I am guessing that is supported by the bank?

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
stinger
628 posts

Ultimate Geek
Inactive user


  #1965160 27-Feb-2018 15:09
Send private message

mattwnz:

 

You can still pay by direct credit to these companies though can't you? Some like mightyape uses ASB banks online eftpos as an option too, where it connects directly to the bank, rather than using a third party system. I am guessing that is safer, as I am guessing that is supported by the bank?

 

 

With AirNZ and Jetstar it's POLI or credit card (with surcharge) payments only.

dafman
3928 posts

Uber Geek

Trusted

  #1966948 2-Mar-2018 10:34
Send private message

Ok, I asked and Kiwibank have advised that their internet banking guarantee will not apply if POLi is used. That's enough to convince me to cease use.

Paul1977
5047 posts

Uber Geek


  #1966965 2-Mar-2018 11:16
Send private message

I used it once a couple of years ago. That was when they were basically mirroring the banks login page, logos and all. Since it was a purchase from a major company (AirNZ if I recall) I assumed it was some sort of redirection to the banks actual portal, and therefore safe. I didn't realise until years later when I read this thread that it wasn't.

 

Nothing bad happened; but I would never use it again knowing what I know now, and my password has changed since then so if the login details were collected they are of no use anymore.

surfisup1000
5288 posts

Uber Geek


  #1971418 8-Mar-2018 21:01
Send private message

I asked air NZ as to why they were encouraging users to break the terms and conditions of their banks...this response....

 

"By way of explanation, good privacy practice is at the heart of Air New Zealand's culture. We want to make sure all our customers understand our privacy obligations and appreciate that they must treat the personal information we hold with care and respect. Please be assured, we take all reasonable steps to ensure that the personal information we hold is protected against loss, and unauthorised access, use, modification or disclosure. That said, all feedback is of value to us, please be assured, I will be passing your feedback onto our online banking team, to look into this in an internal review. "

 

I don't agree they took reasonable steps at all , because my bank still says the poli payment method breaches my agreement with the bank.  It would have been easy enough to run it by the banks first. 

 

I'm not sure the extent of the contract breach yet. Maybe if there is any future fraudulent activity on my account whether it is POLI related or not, the bank can perhaps claim that because i used poli once in the past, too bad, my loss. Effectively my account needs to be closed and reopened under a different number to reinstate compliance with the banking T&C's.

 

Air NZ say they will take a further look, but there is only one option unless my bank changes their stance. 

MurrayM
2456 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1971513 9-Mar-2018 08:34
Send private message

I wonder if the banks are keeping track of accounts that are using POLi so if there are ever any unauthorised payments/withdrawls/etc made on the account in the future they can point to the use of POLi and decline to reimburse the account holder.

michaelmurfy
meow
13260 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1971522 9-Mar-2018 08:58
Send private message

@MurrayM trust me when I say it is very easy to spot a customer that has used POLi at the bank where I work. I would assume it is the same with the other Banks. I know with another bank it actually triggers a flag in their fraud detection software.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MurrayM
2456 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1971540 9-Mar-2018 09:12
Send private message

michaelmurfy: @MurrayM trust me when I say it is very easy to spot a customer that has used POLi at the bank where I work. I would assume it is the same with the other Banks. I know with another bank it actually triggers a flag in their fraud detection software.

 

Oh I indeed trust you and thought it would be easy for the banks to spot. I was just wondering if any bank would track it and use that as an excuse to deny reimbursing the account holder if there were ever any unauthorised transactions in the future, eg "Sorry, we see that 17 months ago you used POLi to buy an airline ticket from Air NZ. Since you broke our rules we're declining to reimburse you for that transaction that happened yesterday that you claim to know nothing about."

richms
28191 posts

Uber Geek

Trusted
Lifetime subscriber

  #1971541 9-Mar-2018 09:13
Send private message

Surely these business customers that operate poli are violating their agreement with their bank about unauthorized access to the banks computers? So just kick the companies that accept poli payments out of the banking system totally for breaking those T&C's?




Richard rich.ms

1 | 2 | 3 | 4 | 5
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright