Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
504 posts

Ultimate Geek
+1 received by user: 135


  Reply # 1965034 27-Feb-2018 12:35
Send private message

dafman:

 

2. POLi is owned by Australia Post who are owned by the Australian government.

 

 

Well that's my confidence shattered, three breaches in four weeks http://www.news.com.au/technology/australia-post-hit-by-security-breach-again/news-story/46046eb996a740452ac8cd9b55cdfe0e


569 posts

Ultimate Geek
+1 received by user: 141

Subscriber

  Reply # 1965035 27-Feb-2018 12:36
Send private message

PhantomNVD:

 

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?

 

 

Not necessarily, usually your device is issue a token (like a cookie) by the app server which remains valid under a defined set of circumstances.


 
 
 
 


5293 posts

Uber Geek
+1 received by user: 2322

Trusted
Lifetime subscriber

  Reply # 1965053 27-Feb-2018 13:17
Send private message

PhantomNVD:

So how does this relate to the app on my phone... which must also store my login details as it requires a totally separate pin (or fingerprint) to authenticate, having only once asked for my 'true' login details?


Are you using a 3rd party banking app?




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


Mr Snotty
8089 posts

Uber Geek
+1 received by user: 4057

Moderator
Trusted
Lifetime subscriber

  Reply # 1965054 27-Feb-2018 13:19
Send private message

dafman:

 

1. POLi is promoted by Air NZ, Jetstar, NZ Transport Agency (a NZ government department!), and the Warehouse. Air NZ state on their website "POLi is an online payment option you can use to safely pay for your flights directly from your bank account." So all these significant NZ organisations reputations are on the line and they are comfortable with promoting the service. Imagine the immense negative publicity if payments promoted by some of our biggest companies as safe went astray!

 

2. POLi is owned by Australia Post who are owned by the Australian government.

 

3. My bank is happy to allow access via POLi

 

Trust me. Your bank is not happy with anyone using POLi. It is hard to stop as POLi scrape internet banking sites. They also don't have any API access. Many banks have asked them to stop however all they do is remove the banks logo from the site and call it a day. This goes for all banks, it a massive security risk you're exposing yourself to.

 

For your first point - they don't care. They get the money and for your second point again that doesn't matter, it is still a third party service. If you're happy with a third party logging into your internet banking and collecting your data then so be it but I bet if you specifically asked your bank then by now they've classed your bank account as compromised even if you're using 2FA.

 

You're knowingly breaking your internet banking terms and conditions with using any third party service since you're passing your login details directly across to that service. I also know full well what data they're collecting when you login as everything is logged against your account with any bank in NZ.





3405 posts

Uber Geek
+1 received by user: 687

Trusted

  Reply # 1965058 27-Feb-2018 13:31
One person supports this post
Send private message

it comes down to.

 

- if you accept the fact that buy entering your username/password into a 3rd party, that if something happens along the way, and your money is taken (which could be done in the future, they could save the username/password latter for a massive attack) the bank will say "tough".

 

 

 

I tell everyone not to use it.  its just stupid.  if a company charges more for a credit card payment (PBTech), they simple do not get my business.  There are plenty of other companies out there willing to take my money in a safe/protected/insured by the bank way.

 

I dont care who owns it, Im sure its security is a lot less than the banks security.  and if the bank security is compromised, its the banks problem, they will refund your money.  POLI will tell you to bugger off.


569 posts

Ultimate Geek
+1 received by user: 141

Subscriber

  Reply # 1965083 27-Feb-2018 13:53
One person supports this post
Send private message

I comes down to risk management.

 

For most users it is probably not worth the risk; over debit card, credit card or bank transfer.

 

I personally do still use POLi in very specific cases to help mitigate other risks such as exchange rate fluctuations, fees, opportunity loss and extended exposure with bank transfer & processing.

 

In these cases however I use a dedicated online banking login with access to only that account (a separate bank to my normal banking) for that purpose with 2FA enabled.


14454 posts

Uber Geek
+1 received by user: 1904


  Reply # 1965151 27-Feb-2018 14:45
Send private message

reven:

 

it comes down to.

 

- if you accept the fact that buy entering your username/password into a 3rd party, that if something happens along the way, and your money is taken (which could be done in the future, they could save the username/password latter for a massive attack) the bank will say "tough".

 

 

 

I tell everyone not to use it.  its just stupid.  if a company charges more for a credit card payment (PBTech), they simple do not get my business.  There are plenty of other companies out there willing to take my money in a safe/protected/insured by the bank way.

 

 

 

 

You can still pay by direct credit to these companies though can't you? Some like mightyape uses ASB banks online eftpos as an option too, where it connects directly to the bank, rather than using a third party system. I am guessing that is safer, as I am guessing that is supported by the bank?


504 posts

Ultimate Geek
+1 received by user: 135


  Reply # 1965160 27-Feb-2018 15:09
Send private message

mattwnz:

 

You can still pay by direct credit to these companies though can't you? Some like mightyape uses ASB banks online eftpos as an option too, where it connects directly to the bank, rather than using a third party system. I am guessing that is safer, as I am guessing that is supported by the bank?

 

 

With AirNZ and Jetstar it's POLI or credit card (with surcharge) payments only.


2463 posts

Uber Geek
+1 received by user: 1143

Trusted
Subscriber

  Reply # 1966948 2-Mar-2018 10:34
Send private message

Ok, I asked and Kiwibank have advised that their internet banking guarantee will not apply if POLi is used. That's enough to convince me to cease use.


2464 posts

Uber Geek
+1 received by user: 703


  Reply # 1966965 2-Mar-2018 11:16
Send private message

I used it once a couple of years ago. That was when they were basically mirroring the banks login page, logos and all. Since it was a purchase from a major company (AirNZ if I recall) I assumed it was some sort of redirection to the banks actual portal, and therefore safe. I didn't realise until years later when I read this thread that it wasn't.

 

Nothing bad happened; but I would never use it again knowing what I know now, and my password has changed since then so if the login details were collected they are of no use anymore.


3891 posts

Uber Geek
+1 received by user: 1274


  Reply # 1971418 8-Mar-2018 21:01
One person supports this post
Send private message

I asked air NZ as to why they were encouraging users to break the terms and conditions of their banks...this response....

 

"By way of explanation, good privacy practice is at the heart of Air New Zealand's culture. We want to make sure all our customers understand our privacy obligations and appreciate that they must treat the personal information we hold with care and respect. Please be assured, we take all reasonable steps to ensure that the personal information we hold is protected against loss, and unauthorised access, use, modification or disclosure. That said, all feedback is of value to us, please be assured, I will be passing your feedback onto our online banking team, to look into this in an internal review. "

 

I don't agree they took reasonable steps at all , because my bank still says the poli payment method breaches my agreement with the bank.  It would have been easy enough to run it by the banks first. 

 

I'm not sure the extent of the contract breach yet. Maybe if there is any future fraudulent activity on my account whether it is POLI related or not, the bank can perhaps claim that because i used poli once in the past, too bad, my loss. Effectively my account needs to be closed and reopened under a different number to reinstate compliance with the banking T&C's.

 

Air NZ say they will take a further look, but there is only one option unless my bank changes their stance. 


1524 posts

Uber Geek
+1 received by user: 186


  Reply # 1971513 9-Mar-2018 08:34
Send private message

I wonder if the banks are keeping track of accounts that are using POLi so if there are ever any unauthorised payments/withdrawls/etc made on the account in the future they can point to the use of POLi and decline to reimburse the account holder.


Mr Snotty
8089 posts

Uber Geek
+1 received by user: 4057

Moderator
Trusted
Lifetime subscriber

  Reply # 1971522 9-Mar-2018 08:58
Send private message

@MurrayM trust me when I say it is very easy to spot a customer that has used POLi at the bank where I work. I would assume it is the same with the other Banks. I know with another bank it actually triggers a flag in their fraud detection software.




1524 posts

Uber Geek
+1 received by user: 186


  Reply # 1971540 9-Mar-2018 09:12
Send private message

michaelmurfy: @MurrayM trust me when I say it is very easy to spot a customer that has used POLi at the bank where I work. I would assume it is the same with the other Banks. I know with another bank it actually triggers a flag in their fraud detection software.

 

Oh I indeed trust you and thought it would be easy for the banks to spot. I was just wondering if any bank would track it and use that as an excuse to deny reimbursing the account holder if there were ever any unauthorised transactions in the future, eg "Sorry, we see that 17 months ago you used POLi to buy an airline ticket from Air NZ. Since you broke our rules we're declining to reimburse you for that transaction that happened yesterday that you claim to know nothing about."


21631 posts

Uber Geek
+1 received by user: 4440

Trusted
Subscriber

  Reply # 1971541 9-Mar-2018 09:13
Send private message

Surely these business customers that operate poli are violating their agreement with their bank about unauthorized access to the banks computers? So just kick the companies that accept poli payments out of the banking system totally for breaking those T&C's?





Richard rich.ms

1 | 2 | 3 | 4 | 5
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.