Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
2483 posts

Uber Geek

Trusted

  # 734946 19-Dec-2012 14:25
Send private message

 Please be rest assured that your customers personal information is secure with POLi.To clarify some concerns raised by ASB directly:

• At no point do we capture the customer usernames or passwords
• ASB has never taken the opportunity to audit the POLi software

First point: POLi Express reverse proxies do 'capture' customer usernames and passwords. How else could they log in on our behalf?

Second point: I wouldn't be surprised that ASB hasn't audited them because they don't need to.


As for spoofing, remember this is a reverse proxy, so technically they are providing a service which is sort of like a tunnel and not a direct page from POLi Payments. I'm not sure if I should get tied up with the definitions, but stuff like trademark issues might not be a strong a case compared to the security implications, though it might fall under impersonation. Modification of pages by POLi's reverse proxy may classify it as content by them, but that would need to be decided within the available legal framework.




Find me on Twitter!

I posted 1, 2 x 10^3 times!

8 posts

Wannabe Geek


  # 734947 19-Dec-2012 14:27
Send private message

I have been approached by POLi in the past, so to speak on how I feel about them:

I believe that POLi could in fact be trying to provide a genuine service which will save us all a lot of Credit Card surcharges, and I have never heard of anyone suddenly being $100 short in their account or anything of the like after using POLi. However (and this is a big however), POLi has previously told their online merchants that at no point in time will they have access to the users personal details - this is a blatant lie (as has been previously shown).

If they are providing a legitimate service, then I see no reason why they should refuse an audit from the banks of NZ. If I ignore everything else that I know about POLi, I still wouldn't trust their service based purely on this fact.

If anyone is interested, this is POLi's implementation Guide.
http://www.polipayments.com/Assets/Docs/POLiHostedPageMIG.pdf

 
 
 
 


2318 posts

Uber Geek

Trusted

  # 734948 19-Dec-2012 14:28
Send private message

RedJungle: POLi released a statement to customers:
----------------------------------------------


As a gesture of good faith to ASB Bank we have reverted to POLi2 for ASB transactions as we seek to engage with ASB Bank management to resolve the issue. Thank you for your continued Support of the POLi service and we will advise you of developments as they occur.



Is PoLi2 the version that spoofs the bank pages rather than proxies them? How would that work in the case of AirNZ which only supports PoLi1 - does that mean ASB customers cant use POLi with AirNZ?

22741 posts

Uber Geek

Trusted
Subscriber

  # 734949 19-Dec-2012 14:28
Send private message

They are placing content owned by ASB available at a non ASB operated URL, that is all that it takes to be infringing on trademarks.




Richard rich.ms

2318 posts

Uber Geek

Trusted

  # 734951 19-Dec-2012 14:31
Send private message

richms: They are placing content owned by ASB available at a non ASB operated URL, that is all that it takes to be infringing on trademarks.




The question then is, does ASB (or any other banks) have the balls to block them, at the risk of pissing off otherwise ignorant customers who use POLi to skip CC fees

28437 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 734953 19-Dec-2012 14:33
Send private message

nickb800:
Behodar: I'm just shocked that reputable retailers such as Air NZ support this service (and by extension think that it's a good idea).


[warning: cynical viewpoint] It helps them justify their $4 credit card payment fee*, because they can say 'but hey, theres a free alternative - PoLi'


*Which is a total rort if the fare is under ~$200, as it is a fixed fee to cover CC surcharge, which is typically around 2% for Visa and Mastercard (hard to get an accurate figure)


Air New Zealand publically claim their credit card fees are an average fee, and don't actually recover the full costs.

To me this is nothing but the biggest joke for an excuse I've ever heard - somebody paying a $1000 long haul fare pays the exact same price as somebody buying a $10000 business class fare because Air NZ don't operate on a cost recovery basis. IMHO if you want to put a $10000 fare on your credit card you should pay the full cost of processing that fare, and not be subsidised by other people flying.

6804 posts

Uber Geek

Trusted
Lifetime subscriber

  # 734954 19-Dec-2012 14:34
Send private message

nickb800: The question then is, does ASB (or any other banks) have the balls to block them, at the risk of pissing off otherwise ignorant customers who use POLi to skip CC fees

I can't think of a technical reason not to; it should be trivial to block any requests coming in from POLi IP addresses.

 
 
 
 


28437 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 734956 19-Dec-2012 14:37
Send private message

Who's actually using the new POLi for payments?

710 posts

Ultimate Geek

Trusted

  # 734973 19-Dec-2012 15:09
Send private message

sbiddle: Who's actually using the new POLi for payments?


Why would I want to do something stupid like that?

Seriously.  Ever since the introduction of POLi I've steered well clear of it.
Moves by the likes of Air New Zealand to introduce surcharges to credit card payments (but keep POLi free) inspired me to foot the bill on the surcharge, not use POLi.

Much kudos to ASB for taking a stand and making a point of highlighting the issues with the implementation - though ever since the implementation of POLi and the widespread adoption (The Warehouse, NZTA, Air New Zealand leap out at me as major examples) despite the behavior being exactly the kind of thing that should raise eyebrows (piggybacking on your Internet Banking session? Intercepting credentials? Noone thinks this is bad?) ... arrrrgh!

Agree with the poster who said POLi are probably trying to offer a legit, useful service.  Unfortunately all the banks should've stomped on it in the first place. There has to be a better way.




No signature to see here, move along...

28437 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 734977 19-Dec-2012 15:19
Send private message

I actually meant what companies are using the new POLi for payments, I was keen to look at it.

377 posts

Ultimate Geek


  # 734978 19-Dec-2012 15:20
Send private message

ajobbins: I've only ever come across it on Air NZ but never used it.

If NZ didn't change the rules to allow credit card surcharges it wouldn't be an issue using a credit card - but especially for the cheaper fares, the Air NZ card fees are disproportionally high and IMHO, a total rip off.

Funnily enough, here in Oz CC surcharges have been common for a long time - however the government is looking at outlawing them shortly - the total opposite of what NZ did.


Nothing like a late reply...

NZ didn't change the rules, Visa and Mastercard, and the Banks did

192 posts

Master Geek


  # 734980 19-Dec-2012 15:22
Send private message

How hard can it be for vendors (or an intermediary) to offer plain-old bank transfers, with some form of reference as a payment option?  Of course they would need to maintain bank accounts at each major bank so that payments could be verified in real-time (am I correct in saying that all NZ banks have real-time transfers within their number range?).  It wouldn't be as smooth as paying by credit card, but it would mean we could do away with POLi...

1297 posts

Uber Geek


  # 734981 19-Dec-2012 15:23
Send private message

BlakJak: 
Agree with the poster who said POLi are probably trying to offer a legit, useful service.  Unfortunately all the banks should've stomped on it in the first place. There has to be a better way.


Agree, banks should have stomped on POLi right from day one, I don't understand what the banks stood to gain in allowing them to exist even with the marginally less dubious "custom web browser" style implementation they had before.  Perhaps with the custom-browser their legal recourse would have been limited, but I think that the new implementation should surely open up aspects for closing them down.

POLi shows there is a market for this type of product (but I could have told them that long before POLi existed), the banks should be joining forces to produce a similar product, run by or at least authorised and audited by, the banks, they could still charge transaction fees, and they have the bonus of no charge-backs to deal with, win-win.








---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


2318 posts

Uber Geek

Trusted

  # 734982 19-Dec-2012 15:23
Send private message

sbiddle: I actually meant what companies are using the new POLi for payments, I was keen to look at it.


Looks like The Warehouse do according to http://www.geekzone.co.nz/forums.asp?forumid=48&topicid=107374&page_no=6#734926 (im guessing that it is the new POLi based on the non-functional links)

1297 posts

Uber Geek


  # 734986 19-Dec-2012 15:26
Send private message

dannyres: How hard can it be for vendors (or an intermediary) to offer plain-old bank transfers, with some form of reference as a payment option?  Of course they would need to maintain bank accounts at each major bank so that payments could be verified in real-time (am I correct in saying that all NZ banks have real-time transfers within their number range?).  It wouldn't be as smooth as paying by credit card, but it would mean we could do away with POLi...


Getting automated downloadable feeds of your account transactions from the bank is an exercise in extreme expense at least for most banks.  Only very large organisations need apply is my understanding.

Also, too many people enter an incorrect reference, or incorrect amount, or incorrect account.

These reasons are why POLi exists, if it wasn't, then yes, your idea would work just fine.





---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.