Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
1042 posts

Uber Geek
+1 received by user: 157

Subscriber

  Reply # 1964443 26-Feb-2018 14:13
2 people support this post
Send private message

@michaelmurfy Yep I don't need convincing of the issues, I was just very surprised that the majority of banks made no mention of POLi. As someone else pointed out, given the apparent endorsement by large organisations like AirNZ, I doubt if most people would go searching further and would simply see it as a way of avoiding Credit Card fees.


118 posts

Master Geek
+1 received by user: 28


  Reply # 1964547 26-Feb-2018 14:43
Send private message

stinger:

 

Having said that, the Australian banks have introduced Pay ID last month, which allows you to pay anyone instantly (less than one minute) without needing to know the recipients BSB and account number. Would be nice if the banks introduced that here, especially since the big four NZ banks are Australian owned.

 

 

There are security issues with PayID as well, though of a different sort.

 

Back to POLi, the first time I saw this i thought it was malware. Back then it was either the ActiveX control or the ClickOnce mini browser version, and my mother asked me to help her with it. I immediately pulled the network cable and did virus scans etc. I thought the website store had been hacked. I was about to start the process of backing up and wiping the machine when I did more research on POLi and found it was "legit".

 

POLi to me is incredibly bad, and when people have asked me about it, I always tell them to stay away from it.


3031 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 1964691 26-Feb-2018 17:24
Send private message

surfisup1000:

 

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case). 

 

 

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart money laundering deposit ATMs.


444 posts

Ultimate Geek
+1 received by user: 223


  Reply # 1964729 26-Feb-2018 18:51
Send private message

sbiddle:

MileHighKiwi:
sbiddle:
The Reserve Bank inquiry into interchange fees was supposed to come out around the middle of last year. There has been silence from the incoming government who were very vocal about this when in opposition.


An announcement from banks and credit card companies is imminent. Don't get your hopes up though, the changes are minimal.



Umm this has nothing to do with banks or credit card companies - it's the Reserve Bank leading the inquiry and the ultimate outcome will be slashing of interchange to follow recent changes in Australia and in the UK and EU.



I'm not sure about the RBNZ but MBIE has completed a review of interchange fees and written to card schemes seeking 'clarity' on the fees. Some card schemes may be taking proactive measures to address some of the issues raised in the review....

Card schemes set the maximum interchange level and banks set their rates accordingly, usually at the maximum level permitted. Then they add their processing margin. Acquiring banks pay interchange to issuing banks, They also pay additional scheme fees to the card companies. Card schemes Don't charge merchants directly. Therefore banks are absolutely involved in this review and any changes as a result, because they administer the fees.

2365 posts

Uber Geek
+1 received by user: 1096

Trusted
Subscriber

  Reply # 1964733 26-Feb-2018 19:16
Send private message

Use POLi all the time for air tickets. Just used it tonight for Jetstar booking. No issues, works fine.

 

Surprised to read what I have, but happy to use it for low value flights which I'm not prepared to pay $5 extra to the credit card companies.


3730 posts

Uber Geek
+1 received by user: 1212


  Reply # 1964741 26-Feb-2018 19:33
Send private message

Kyanar:

 

surfisup1000:

 

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case). 

 

 

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart money laundering deposit ATMs.

 

 

Call them a phishing site and lay a police complaint. 


2365 posts

Uber Geek
+1 received by user: 1096

Trusted
Subscriber

  Reply # 1964801 26-Feb-2018 21:32
Send private message

surfisup1000:

 

Kyanar:

 

surfisup1000:

 

I had no idea it wasn't endorsed by banks (because you'd think the banks would have shut it down if that were the case). 

 

 

Hard for them to shut it down. Australian banks aren't exactly popular, and if they were to attack Australia Post (who own POLi) the government would likely retaliate fiercely. Just look at Commbank's experience over their smart money laundering deposit ATMs.

 

 

Call them a phishing site and lay a police complaint. 

 

 

I don't get this. Definitely not a phishing site. If you don't want to use POLi, then don't. End of.

 

Leave me, and the thousands of happy users who have never had an issue with it, to happily keep using it.


109 posts

Master Geek
+1 received by user: 33


  Reply # 1964833 26-Feb-2018 22:41
Send private message

From Air New Zealand's web site on Poli:

 

"POLi is an online payment option you can use to safely pay for your flights directly from your bank account.

 

Internet banking is a great payment option if you do not have a credit card, or would prefer not to add to your credit card balance. When you pay with POLi the transaction is completed within the security of your bank's online banking service and at no time are your personal banking login details disclosed to Air New Zealand or POLi. "

 

How can you be in breach of bank's T&Cs if you at no time disclose your login details? 

 

 

 

An interesting read on AirNZ credit card fees in Australia after their CC rules changed- 

 

 www.ausbt.com.au/air-new-zealand-introduces-new-1-1-credit-card-booking-fee

 

 


26955 posts

Uber Geek
+1 received by user: 6401

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1964866 27-Feb-2018 07:40
3 people support this post
Send private message

debo:

 

When you pay with POLi the transaction is completed within the security of your bank's online banking service and at no time are your personal banking login details disclosed to Air New Zealand or POLi. "

 

How can you be in breach of bank's T&Cs if you at no time disclose your login details? 

 

 

This is generic text used by POLi - and is basically a load of rubbish because it doesn't really mean what you probably think it does. POLi is effectively a MITM attack presenting you with a fake login site hosted by POLi on its servers acting as a reserve proxy, and then taking your login details when you enter them and inserting them into your bank site behind the scenes to complete the transaction.

 

Your details are are at no point logged by POLi, but you are entering your banking details into a 3rd party website, which breaches the T&C of ANZ, ASB, BNZ, Westpac and Kiwibank just to name a new. ASB had a huge public spat with POLi a few years ago.

 

I don't believe there is a risk in using POLi, but that doesn't change the fact it's an incredibly dodgy product offering that I would certainly never touch because I don't want to support it. 

 

If anybody objects to paying Air NZ credit card fees you can just use your OneSmart card which doesn't incur any.

 

 


1438 posts

Uber Geek
+1 received by user: 315

Subscriber

  Reply # 1964888 27-Feb-2018 09:08
Send private message

If you changed your banking password after each POLi use, would you be better protected?





Life is too short to remove USB safely.


530 posts

Ultimate Geek
+1 received by user: 125

Subscriber

  Reply # 1964991 27-Feb-2018 11:28
Send private message

sbiddle:

 

Your details are are at no point logged by POLi, but you are entering your banking details into a 3rd party website...

 

I don't believe there is a risk in using POLi...

 

 

That's a big assumption.

 

POLi certainly have the ability to log your credentials so from a security standpoint you have to assume they are; either directly or indirectly though debugging logs, server cache, cloudbleed-like vulnerabilities (it would be impossible for them to prove they aren't) or malware install on the POLi servers.

 

This introduces an attack vector whereby a third party could gain access to your banking credentials and thus your funds via POLi.

 

When you log directly into your internet banking; your password in encrypted locally and sent encrypted to the bank va SSL.

 

When you login via POLi; your password is encrypted by you and sent to them, then decrypted by them, then re-encrypted and sent to the bank.

 

At the point the credentials are sitting there decrypted on POLi servers they are highly vulnerable to all sorts of attack, and your bank is not likely to cover you for those losses.

 

 


Meow
7791 posts

Uber Geek
+1 received by user: 3849

Moderator
Trusted
Lifetime subscriber

  Reply # 1964998 27-Feb-2018 11:40
One person supports this post
Send private message

kiwifidget:

 

If you changed your banking password after each POLi use, would you be better protected?

 

Most banks fraud systems would detect this as ongoing behavior and would likely flag you as a high risk depending on the system. Even if you use it for a transaction and change your password you're passing a whole lot more details over to them (and much more than I'd feel comfortable with). For example, whats to say they're not doing a dump of your statements, spending habits and other personal details like account balances?

 

Technically the answer is yes but really the answer is no as some banks have information contained in internet banking only you (and the banks staff members) should ever see. With some internet banking systems there is other considerations to take in account too since they provide almost enough information for identity theft.

 

Only you, and you alone should log into your internet banking. No third parties, no friends, no other family members etc.





2365 posts

Uber Geek
+1 received by user: 1096

Trusted
Subscriber

  Reply # 1965025 27-Feb-2018 12:17
Send private message

Four reasons why I am more than comfortable using POLI:

 

1. POLi is promoted by Air NZ, Jetstar, NZ Transport Agency (a NZ government department!), and the Warehouse. Air NZ state on their website "POLi is an online payment option you can use to safely pay for your flights directly from your bank account." So all these significant NZ organisations reputations are on the line and they are comfortable with promoting the service. Imagine the immense negative publicity if payments promoted by some of our biggest companies as safe went astray!

 

2. POLi is owned by Australia Post who are owned by the Australian government.

 

3. My bank is happy to allow access via POLi

 

4. No additional payment processing fees.


2479 posts

Uber Geek
+1 received by user: 678


  Reply # 1965030 27-Feb-2018 12:27
Send private message

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?


402 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1965033 27-Feb-2018 12:33
Send private message

PhantomNVD:

 

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?

 

 

I assume that the app on your smart phone stores your username/customer id and password encrypted, and uses the pin or fingerprint to decrypt it.


1 | 2 | 3 | 4 | 5
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.