Has anyone else ever used PoLi ???

Forums › Off topic › Has anyone else ever used PoLi ???

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

2483 posts

Uber Geek

Trusted

#734946 19-Dec-2012 14:25

Please be rest assured that your customers personal information is secure with POLi.To clarify some concerns raised by ASB directly:

• At no point do we capture the customer usernames or passwords
• ASB has never taken the opportunity to audit the POLi software

First point: POLi Express reverse proxies do 'capture' customer usernames and passwords. How else could they log in on our behalf?

Second point: I wouldn't be surprised that ASB hasn't audited them because they don't need to.

As for spoofing, remember this is a reverse proxy, so technically they are providing a service which is sort of like a tunnel and not a direct page from POLi Payments. I'm not sure if I should get tied up with the definitions, but stuff like trademark issues might not be a strong a case compared to the security implications, though it might fall under impersonation. Modification of pages by POLi's reverse proxy may classify it as content by them, but that would need to be decided within the available legal framework.

Find me on Twitter!

I posted 1, 2 x 10^3 times!

GoodSync

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).

echoflight

8 posts

Wannabe Geek

#734947 19-Dec-2012 14:27

I have been approached by POLi in the past, so to speak on how I feel about them:

I believe that POLi could in fact be trying to provide a genuine service which will save us all a lot of Credit Card surcharges, and I have never heard of anyone suddenly being $100 short in their account or anything of the like after using POLi. However (and this is a big however), POLi has previously told their online merchants that at no point in time will they have access to the users personal details - this is a blatant lie (as has been previously shown).

If they are providing a legitimate service, then I see no reason why they should refuse an audit from the banks of NZ. If I ignore everything else that I know about POLi, I still wouldn't trust their service based purely on this fact.

If anyone is interested, this is POLi's implementation Guide.
http://www.polipayments.com/Assets/Docs/POLiHostedPageMIG.pdf

nickb800

2715 posts

Uber Geek

Trusted

#734948 19-Dec-2012 14:28

RedJungle: POLi released a statement to customers:
----------------------------------------------

As a gesture of good faith to ASB Bank we have reverted to POLi2 for ASB transactions as we seek to engage with ASB Bank management to resolve the issue. Thank you for your continued Support of the POLi service and we will advise you of developments as they occur.

Is PoLi2 the version that spoofs the bank pages rather than proxies them? How would that work in the case of AirNZ which only supports PoLi1 - does that mean ASB customers cant use POLi with AirNZ?

richms

27873 posts

Uber Geek

Trusted

Lifetime subscriber

#734949 19-Dec-2012 14:28

They are placing content owned by ASB available at a non ASB operated URL, that is all that it takes to be infringing on trademarks.

Richard rich.ms

nickb800

2715 posts

Uber Geek

Trusted

#734951 19-Dec-2012 14:31

richms: They are placing content owned by ASB available at a non ASB operated URL, that is all that it takes to be infringing on trademarks.

The question then is, does ASB (or any other banks) have the balls to block them, at the risk of pissing off otherwise ignorant customers who use POLi to skip CC fees

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#734953 19-Dec-2012 14:33

nickb800:
Behodar: I'm just shocked that reputable retailers such as Air NZ support this service (and by extension think that it's a good idea).

[warning: cynical viewpoint] It helps them justify their $4 credit card payment fee*, because they can say 'but hey, theres a free alternative - PoLi'

*Which is a total rort if the fare is under ~$200, as it is a fixed fee to cover CC surcharge, which is typically around 2% for Visa and Mastercard (hard to get an accurate figure)

Air New Zealand publically claim their credit card fees are an average fee, and don't actually recover the full costs.

To me this is nothing but the biggest joke for an excuse I've ever heard - somebody paying a $1000 long haul fare pays the exact same price as somebody buying a $10000 business class fare because Air NZ don't operate on a cost recovery basis. IMHO if you want to put a $10000 fare on your credit card you should pay the full cost of processing that fare, and not be subsidised by other people flying.

Behodar

10294 posts

Uber Geek

Trusted

Lifetime subscriber

#734954 19-Dec-2012 14:34

nickb800: The question then is, does ASB (or any other banks) have the balls to block them, at the risk of pissing off otherwise ignorant customers who use POLi to skip CC fees

I can't think of a technical reason not to; it should be trivial to block any requests coming in from POLi IP addresses.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#734956 19-Dec-2012 14:37

Who's actually using the new POLi for payments?

BlakJak

1243 posts

Uber Geek

Trusted

#734973 19-Dec-2012 15:09

sbiddle: Who's actually using the new POLi for payments?

Why would I want to do something stupid like that?

Seriously. Ever since the introduction of POLi I've steered well clear of it.
Moves by the likes of Air New Zealand to introduce surcharges to credit card payments (but keep POLi free) inspired me to foot the bill on the surcharge, not use POLi.

Much kudos to ASB for taking a stand and making a point of highlighting the issues with the implementation - though ever since the implementation of POLi and the widespread adoption (The Warehouse, NZTA, Air New Zealand leap out at me as major examples) despite the behavior being exactly the kind of thing that should raise eyebrows (piggybacking on your Internet Banking session? Intercepting credentials? Noone thinks this is bad?) ... arrrrgh!

Agree with the poster who said POLi are probably trying to offer a legit, useful service. Unfortunately all the banks should've stomped on it in the first place. There has to be a better way.

No signature to see here, move along...

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#734977 19-Dec-2012 15:19

I actually meant what companies are using the new POLi for payments, I was keen to look at it.

jfanning

438 posts

Ultimate Geek

#734978 19-Dec-2012 15:20

ajobbins: I've only ever come across it on Air NZ but never used it.

If NZ didn't change the rules to allow credit card surcharges it wouldn't be an issue using a credit card - but especially for the cheaper fares, the Air NZ card fees are disproportionally high and IMHO, a total rip off.

Funnily enough, here in Oz CC surcharges have been common for a long time - however the government is looking at outlawing them shortly - the total opposite of what NZ did.

Nothing like a late reply...

NZ didn't change the rules, Visa and Mastercard, and the Banks did

rattewisday

203 posts

Master Geek

#734980 19-Dec-2012 15:22

How hard can it be for vendors (or an intermediary) to offer plain-old bank transfers, with some form of reference as a payment option? Of course they would need to maintain bank accounts at each major bank so that payments could be verified in real-time (am I correct in saying that all NZ banks have real-time transfers within their number range?). It wouldn't be as smooth as paying by credit card, but it would mean we could do away with POLi...

sleemanj

1485 posts

Uber Geek

#734981 19-Dec-2012 15:23

BlakJak:
Agree with the poster who said POLi are probably trying to offer a legit, useful service. Unfortunately all the banks should've stomped on it in the first place. There has to be a better way.

Agree, banks should have stomped on POLi right from day one, I don't understand what the banks stood to gain in allowing them to exist even with the marginally less dubious "custom web browser" style implementation they had before. Perhaps with the custom-browser their legal recourse would have been limited, but I think that the new implementation should surely open up aspects for closing them down.

POLi shows there is a market for this type of product (but I could have told them that long before POLi existed), the banks should be joining forces to produce a similar product, run by or at least authorised and audited by, the banks, they could still charge transaction fees, and they have the bonus of no charge-backs to deal with, win-win.

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

nickb800

2715 posts

Uber Geek

Trusted

#734982 19-Dec-2012 15:23

sbiddle: I actually meant what companies are using the new POLi for payments, I was keen to look at it.

Looks like The Warehouse do according to http://www.geekzone.co.nz/forums.asp?forumid=48&topicid=107374&page_no=6#734926 (im guessing that it is the new POLi based on the non-functional links)

sleemanj

1485 posts

Uber Geek

#734986 19-Dec-2012 15:26

dannyres: How hard can it be for vendors (or an intermediary) to offer plain-old bank transfers, with some form of reference as a payment option? Of course they would need to maintain bank accounts at each major bank so that payments could be verified in real-time (am I correct in saying that all NZ banks have real-time transfers within their number range?). It wouldn't be as smooth as paying by credit card, but it would mean we could do away with POLi...

Getting automated downloadable feeds of your account transactions from the bank is an exercise in extreme expense at least for most banks. Only very large organisations need apply is my understanding.

Also, too many people enter an incorrect reference, or incorrect amount, or incorrect account.

These reasons are why POLi exists, if it wasn't, then yes, your idea would work just fine.

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12