Anyone used POLi Payments ?

Forums › Off topic › Anyone used POLi Payments ?

Mark

1615 posts

Uber Geek

#230479 25-Feb-2018 22:22

My wife was booking laser tag for the kids birthday and the email confirmation has how to pay the booking fee, the first option use POLi Payment.

Anyone used them ? Because it is a hideous idea if you did!

It asks what bank you are, then asks you to type in your customer ID and Password for your bank!

I wonder how much help your bank will give you if you've given out your login details to a 3rd party over the interweb :-(

1 | 2 | 3 | 4 | 5

2619 posts

Uber Geek
Inactive user

#1964117 25-Feb-2018 22:28

Everybody here slags on them.

I’ve had to use it once or twice, and never had an issue.

Try search ‘POLI’ and you’ll see heaps of prior discussions 😉

NordVPN

Protect your online activity with NordVPN (affiliate link).

coffeebaron

6073 posts

Uber Geek

Trusted

Lifetime subscriber

#1964119 25-Feb-2018 22:31

I certainly wouldn't use it.

Rural IT and Broadband support.

Broadband troubleshooting and master filter installs.
Starlink installer
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

michaelmurfy

cat
12221 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1964131 25-Feb-2018 22:38

I work for a large bank. They don't support this system at all and think it is incredibly dangerous.

Behind the scenes POLi is literally logging into your banking on a virtual machine hosted in AWS. Because of this, it is also very easy for banks to detect POLi and mark it in their fraud detection systems. From this point you've actually breaking the internet banking terms of conditions with most banks since you handed over your details to a third party.

Just don't do it, ever. First off payments can't be reversed or dishonored if made (you get no buyer protection) and second even if they don't have a record of fraud it doesn't take much for somebody to scrape your details - all it takes these days is allowing custom CSS (see here: https://news.ycombinator.com/item?id=16422696).

Using a Credit Card / Debit Card gives you some sort of buyer protection and fraud protection shopping online.

I honestly can't stress this enough - just don't use it.

Michael Murphy | https://murfy.nz
Referral Links: Tessie | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Intravix

108 posts

Master Geek

#1964133 25-Feb-2018 22:41

PhantomNVD: Everybody here slags on them.

I’ve had to use it once or twice, and never had an issue.

Try search ‘POLI’ and you’ll see heaps of prior discussions 😉

Probably because the solution is questionable at best and goes against a lot of the things people are told to think when it comes to online security. Using it also violates multiple banks' terms and conditions (rightfully, given you are providing your access details to a third party).

Mark

1615 posts

Uber Geek

#1964142 25-Feb-2018 23:01

Oh a VM farm in AWS? That makes me even more pleased I loudly told the webpage to F'off when I read what it wanted me to do :-)

Amazing that Poli list so many big company names who use them, absurd security choice to give your customers.

mattwnz

19378 posts

Uber Geek

#1964149 25-Feb-2018 23:11

Intravix:

Probably because the solution is questionable at best and goes against a lot of the things people are told to think when it comes to online security. Using it also violates multiple banks' terms and conditions (rightfully, given you are providing your access details to a third party).

If that is the case, why aren't banks warning about doing it, including sending out brochures etc to customers. I have used it and haven't had any problems, and is the only way to pay some companies without incurring additional credit card fees. But I use it from a bank and account that has minimal cash with. Otherwise I would pay by direct credit which is IMO just as easy.

richms

26394 posts

Uber Geek

Trusted

Subscriber

#1964152 25-Feb-2018 23:29

They have already had to remove all the banks logos from the service.

Really banks should lock any account that logs in from those IPs, and only unlock after a long and thorough investigation has happened. That will get some negative news about poli going when someone cant pay something else because poli got their account locked.

Richard rich.ms

michaelmurfy

cat
12221 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1964156 25-Feb-2018 23:51

mattwnz: If that is the case, why aren't banks warning about doing it, including sending out brochures etc to customers. I have used it and haven't had any problems, and is the only way to pay some companies without incurring additional credit card fees. But I use it from a bank and account that has minimal cash with. Otherwise I would pay by direct credit which is IMO just as easy.

The bank I work for has warned its customers multiple times - people don't listen and do it anyway. If we were to block POLi then those customers would likely just go to another bank. In-fact there was an internet banking release not too long ago that unintentionally broke POLi and we had customers telling us to fix it.

ripdog

548 posts

Ultimate Geek
Inactive user

#1964162 26-Feb-2018 02:31

So, when are these banks going to get off their asses and provide a solution like POLi? It fills an incredibly useful gap in every bank's services - low cost, instant confirmation bank transfers initiated from the merchant website.

It's incredibly frustrating to hear banks ragging on POLi for years, but making absolutely no effort to provide a more secure replacement. It seems especially disingenuous when the banks then push credit cards as the alternative - the payment method which so often comes with multiple percentage points of surcharge attached. I wonder how much of that goes to the bank?

Speaking as a kiwibank customer, I wouldn't trust a bank's security advice as far as I can throw it. Kiwibank still has their ridiculous 'keepsafe' system, which they claim is a second factor of authentication. It isn't, of course, because the second factor is only useful if it's an object which can not be easily replicated.

michaelmurfy

cat
12221 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1964164 26-Feb-2018 07:02

ripdog: So, when are these banks going to get off their asses and provide a solution like POLi? It fills an incredibly useful gap in every bank's services - low cost, instant confirmation bank transfers initiated from the merchant website.

Even if a bank offered such a solution to do instant verification bank payments I still wouldn't use it over a credit card due to the fact bank transfers can't be reversed. I can't speak of what is in the pipeline but lets say a solution may be coming. You have to remember, it has to be secure for all parties.

It's incredibly frustrating to hear banks ragging on POLi for years, but making absolutely no effort to provide a more secure replacement. It seems especially disingenuous when the banks then push credit cards as the alternative - the payment method which so often comes with multiple percentage points of surcharge attached. I wonder how much of that goes to the bank?

Some merchants charge way too much and pocket it. Others charge 2.5% which is around the cost incurred to them. The thing is, you're getting payment protection out of this which people don't understand. I've seen it multiple times where a customer has made a payment via POLi to Jetstar and Jetstar have cancelled the flight - the problem is the customer is in the mercy of Jetstar as they paid with POLi where is in most cases you could load a dispute with your bank if you paid with a credit card and get your money back in these situations. To me, that buyer protection is worth it.

Honestly, if you know what I know about this and have seen the type of stuff the fraud teams deal with then you too wouldn't use POLi either.

Speaking as a kiwibank customer, I wouldn't trust a bank's security advice as far as I can throw it. Kiwibank still has their ridiculous 'keepsafe' system, which they claim is a second factor of authentication. It isn't, of course, because the second factor is only useful if it's an object which can not be easily replicated.

Technically it still is but it is old and not great. It is still, in most cases, better than nothing. It is also a terrible attitude to have because you've got to think your bank has seen it all. If they say something then you should follow it.

timmmay

19629 posts

Uber Geek

Trusted

Lifetime subscriber

#1964166 26-Feb-2018 07:15

Mark: Oh a VM farm in AWS? That makes me even more pleased I loudly told the webpage to F'off when I read what it wanted me to do :-)

AWS is quite secure if set up correctly, definitely more secure than running Javascript on the average web browser given how poor some people are at keeping OS / software / etc up to date.

Lias

5227 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1964171 26-Feb-2018 07:46

I've used Poli regularly over the last few years, never had an issue. If the banks want to wipe it out, all they need to do is stop merchants charging additional fees for credit cards, or offer a safe alternative that costs the customer nothing and is as convenient and quick.

Banks need to tighten up on merchants charging fees, and incidentally they need to make paywave mandatory.. so sick of going to shops, even major chains, and "no paywave" stickers on the eftpos machines.

I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1964185 26-Feb-2018 08:01

Lias:

I've used Poli regularly over the last few years, never had an issue. If the banks want to wipe it out, all they need to do is stop merchants charging additional fees for credit cards, or offer a safe alternative that costs the customer nothing and is as convenient and quick.

Banks need to tighten up on merchants charging fees, and incidentally they need to make paywave mandatory.. so sick of going to shops, even major chains, and "no paywave" stickers on the eftpos machines.

Credit card fees have nothing to do with the banks. They're goverened by the Reserve Bank, and the sole reason they are now legal is because of a Court case the Commerce Commission took against credit card companies that backfired badly on them. One of the consequences of the court case was effectively making credit card surcharges legal in NZ (they weren't previously). This backfired badly with credit card companies pushing Platinum cards with even higher interchange rates.

Many stores that intentionally don't have Paywave take this approach because they don't want to see their credit card fees skyrocket.

The Reserve Bank inquiry into interchange fees was supposed to come out around the middle of last year. There has been silence from the incoming government who were very vocal about this when in opposition.

coffeebaron

6073 posts

Uber Geek

Trusted

Lifetime subscriber

#1964186 26-Feb-2018 08:06

ASB do a product called "Online EFTPOS". But low adoption at this stage, and of course only applicable if you're an ASB customer.

Rural IT and Broadband support.

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

Aredwood

3885 posts

Uber Geek

#1964187 26-Feb-2018 08:07

ASB have a system to accept eftpos payments online. But my understanding is that it only works with ASB accounts.

https://www.asb.co.nz/banking-with-asb/online-eftpos-and-asb-mobile.html

Edit - Coffeebaron beat me to it.

1 | 2 | 3 | 4 | 5