Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
3368 posts

Uber Geek

Trusted

  # 735157 19-Dec-2012 20:44
Send private message

(Sorry to stray a bit off topic, but I think this is sort relevant since more frequent clearance should mean less need for something like poli at all)

So what you're saying is any payments to my kiwibank (or an ASB account) should show up pretty quick (within at most 4 hours if I'm reading that stuff article right) regardless of what bank they originate from? If so, nice! I hadn't realised this.


608 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 735159 19-Dec-2012 20:47
Send private message

sidefx:
AKLWestie:
I think all the banks need to participate.  However, that 5 times a day transfer means the number of transfers between banks, it is up to the recipient's bank to determine when to post / credit the payment to the receiver's account.

I believe currently only Kiwibank and ASB do hourly clearence for their customers.


So surely if I make a payment from my kiwibank acccount to an ASB account, that would show up within the hour (or at least 2 hours?) in theory?  


Yes, I tried it personally.  I think if you transfer between ASB and Kiwibank between 7am and 11pm (roughly), it should show up within 1 to 2 hours.

I remember using my ASB account to pay someone having a Kiwibank account for a trademe transaction.  He got the money with a few hours and send me the parcel right away.

 
 
 
 


3115 posts

Uber Geek

Trusted
Subscriber

  # 735163 19-Dec-2012 20:55
Send private message

sidefx: (Sorry to stray a bit off topic, but I think this is sort relevant since more frequent clearance should mean less need for something like poli at all)

So what you're saying is any payments to my kiwibank (or an ASB account) should show up pretty quick (within at most 4 hours if I'm reading that stuff article right) regardless of what bank they originate from? If so, nice! I hadn't realised this.



No.  Westpac, TSB and ANZ still only process outbound transactions once a day at 10pm.

22743 posts

Uber Geek

Trusted
Subscriber

  # 735194 19-Dec-2012 21:47
Send private message

Well from BNZ pay arrives into my ASB and did into the former bank direct account by 5 pm most days. Sometimes it was delayed till 8pmish.




Richard rich.ms

5579 posts

Uber Geek

Trusted
Lifetime subscriber

  # 735216 19-Dec-2012 22:32
Send private message

Regardless of how secure or not Poli is, there is no way I will use it. It also flies in the face of banks warning their customers, only ever log in to your Internet banking by typing in the bank website address directly, do click on links to get to it.
So even if it is all secure and bank approved, the way it is done is just bad.

A smarter way would be some real time code generation and bank intergration i.e.:
-Buy something
-Pay by Poli
-Here is your code nkcds7cyscbs7s
-Go to your bank website
-Log in
-Click on the Pay by Poli link
-Enter the code
-Payment details all entered etc
-Bank fires a "paid" or "declined" message back to Poli




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


441 posts

Ultimate Geek


  # 735239 20-Dec-2012 04:40
Send private message

Skolink:
coffeebaron: Looks like ASB aren't keen on this
https://www.asb.co.nz/story24389.aspx


Just saw that too! I wonder why I got such a generic response from ASB when I asked about handing over my details to PoLi, way back in August.


Probably the person who replied to you didn't really understand well enough why this was a bad thing and didn't raise it higher. (Or perhaps they did, but only in a 'look in to this' manner rather then a 'this customer needs help' manner so it took this long for it to be given proper consideration.) This isn't that surprising, actually I would suggest it's somewhat to be expected.

Interesting enough from http://www.itnews.com.au/News/326827,banks-concerned-over-poli-security.aspx ANZ, BNZ and Kiwibank have also issued warnings.

While I can't find a press release http://www.westpac.co.nz/who-we-are/newsroom/media-releases-2012/ , Westpac is now warning people on Twitter https://twitter.com/WestpacNZ not to enter credentials on any non official site, despite some in August being told using Poli violated the T&C but they'll let it slide....

When I first read this on ASB and looked in to it, I was surprised it took so long, this entire thread confirms plenty of  people noticed this a long time ago. You have to wonder how it took so long for it to raise to the necessary level at the banks or for them to do something. May be they all decided to turn a blind eye to avoid annoying customers but once ASB brought it to the fore, they realised they couldn't be seen to be publicly endorsing something like that given the mixed message and risk it may pose if people start to think entering their details in to other websites is something the banks allows.

Edit: Interesting enough, reading further bank is another one who told a customer it was okay even if they were violating ANZ's T&C, because they evidentally had a relationship with Poli. As per earlier and https://comms.anz.co.nz/betterinternetbanking/article/detail.html?id=15009 , it seems this has changed their minds although like Westpac they don't single out Poli. Interesting enough they also warn against using account aggregation services despite as per previous discussions evidentally having one themselves http://www.anz.com/anz-moneymanager/ . Well technically it's okay to use the ANZ service since even if it's run by someone else ANZ doesn't consider it a third party so basically what they're suggesting is it's okay to violate other banks T&C, just don't violate ours ;-)

Awesome
4868 posts

Uber Geek

Trusted
Subscriber

  # 735329 20-Dec-2012 10:16
Send private message

Be interesting to see if POLi makes another press release today after slamming ASB yesterday, before all the other banks joined the chorus




Twitter: ajobbins


 
 
 
 


8 posts

Wannabe Geek


  # 735395 20-Dec-2012 11:49
Send private message

An email from Air New Zealand. My question included a link to ASB's security warning. I simply asked what their position is.

Thank you for your email regarding our POLi payment facility.

Air New Zealand has been offering POLi as a form of payment for more than four years with no security issues. Maintaining the privacy and protecting the security of our customers’ banking details is paramount and would not tolerate a situation where these were put these at risk. We remain fully confident in the integrity of each form of payment we accept. Your bank details are not stored or kept by the providers of POLi.


Kind Regards

3115 posts

Uber Geek

Trusted
Subscriber

  # 735408 20-Dec-2012 11:58
Send private message

echoflight: An email from Air New Zealand. My question included a link to ASB's security warning. I simply asked what their position is.

Thank you for your email regarding our POLi payment facility.

Air New Zealand has been offering POLi as a form of payment for more than four years with no security issues. Maintaining the privacy and protecting the security of our customers’ banking details is paramount and would not tolerate a situation where these were put these at risk. We remain fully confident in the integrity of each form of payment we accept. Your bank details are not stored or kept by the providers of POLi.


Kind Regards


Their statement is actually a lie too.  POLi specifically said that they may keep your bank account number when you use their service (see the terms and conditions).

Awesome
4868 posts

Uber Geek

Trusted
Subscriber

  # 735448 20-Dec-2012 12:35
Send private message

Kyanar: Their statement is actually a lie too.  POLi specifically said that they may keep your bank account number when you use their service (see the terms and conditions).


It's probably not so much a lie, but more a show of ignorance. I'm sure POLi gave them a nice sales pitch about how secure the system is, and the retailers (Not being IT, Security or payments experts) probably don't know any better.

The simple matter is that no matter what POLi say, they MUST in fact store your banking username or password details at some point, if even only momentarily as they pass through their reverse proxy to the bank's website. Even if the software was 'audited' by the banks, there is nothing to stop POLi (or someone else with malicious intentions) changing something on the system to then start storing or sending the login details that have been passed through the proxy.

The banks should be pushing to stop POLi doing this immediately. If nothing else, it sends a bad message to consumers that it is OK to use your banking login details on a website other than your banks official site.

They are also faking the SSL information. If you click on their little padlock next to their bank URL box, you get a nice HTML pop up window that resembles the browsers own dialogue box with the SSL info, but it's just an HTML page they have created. This again is poor practise as it sends a message that is OK to believe SSL info in a pop up window, and not officially from the browser.

The whole approach POLi uses is bad. It sends the wrong messages about online payment security and the banks should get it killed. There is clearly a market here for this, but POLi needs to work with the banks to come up with a more secure approach, perhaps using a secure payment gateway.

POLi is nothing more than a 'best intentions' man in the middle attack.

A few other news articles are popping up now too:
http://www.scmagazine.com.au/News/326952,banks-concerned-over-poli-security.aspx
http://www.zdnet.com/au/nz-bank-claims-payment-processor-is-siphoning-user-details-7000008995/
http://www.stuff.co.nz/business/money/8101389/Banks-bristle-over-web-go-between





Twitter: ajobbins


8 posts

Wannabe Geek


  # 735470 20-Dec-2012 13:15
Send private message

I responded to the Air New Zealand email simply by supplying them some additional links, and suggesting that they keep an eye on what is happening.

No doubt that it is as you say, ignorance.

15283 posts

Uber Geek


  # 735478 20-Dec-2012 13:25
Send private message

I am just wondering about liability, should someone use a third party system, and then someone suffers a loss from their bank account (possibly even unrelated to the third party system). The banks make it pretty clear from their press releases and terms, that it wouldn't be covered under their terms if you use any third party system. Certainly I wouldn't be happy using a retailers third party payment system, only to learn that it has invalided my online banking agreement with my bank.  
Would it be the retailer using the system who could be liable? Probably best to use on an account with a very small balance, and just have the account solely for this purpose, just to be 100% safe. Or use a bank that endorses the third party system.

1297 posts

Uber Geek


  # 735655 20-Dec-2012 17:22
Send private message

Somebody should submit this to slashdot, don't have the energy to write it up myself, but it's a story that would probably get quite some interest there.

Or the DailyWTF, whichever ;-)




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


BDFL - Memuneh
65025 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

Awesome
4868 posts

Uber Geek

Trusted
Subscriber

  # 735659 20-Dec-2012 17:30
Send private message

mattwnz: I am just wondering about liability, should someone use a third party system, and then someone suffers a loss from their bank account (possibly even unrelated to the third party system). The banks make it pretty clear from their press releases and terms, that it wouldn't be covered under their terms if you use any third party system. Certainly I wouldn't be happy using a retailers third party payment system, only to learn that it has invalided my online banking agreement with my bank.  
Would it be the retailer using the system who could be liable? Probably best to use on an account with a very small balance, and just have the account solely for this purpose, just to be 100% safe. Or use a bank that endorses the third party system.


POLi's terms and conditions state they aren't liable for any loses as a result of using the system, so you would be pretty much on your own. Unless your bank or POLi decided to cover it in good faith, you would probably have to fight one of them in court for it.




Twitter: ajobbins


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.