Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersYNAB Automated NZ Bank Feeds?
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
antonknee
1133 posts

Uber Geek
+1 received by user: 1145


  #2985160 20-Oct-2022 09:28
Send private message

TommySharp:

 


What are the bank opinions on POLI payments then because this seems to be the exact same where you enter your credentials into a 3rd party system?

 

 

 



 

Banks HATE Poli. For example ANZ and the others.  

 

 



michaelmurfy
meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2985169 20-Oct-2022 09:53
Send private message

I remember last year when the DDOS attacks were happening we blocked POLi + Account2account as part of bot protection of the WAF. I personally was happy blocking it, they pose a massive security risk but the problem was customers far and wide started complaining to the contact centre about it being unavailable.

 

In the end we had to whitelist it... Nobody was happy with this decision but customers think it is a bank feature and don't understand that banks have nothing to do with it.

 

For payments Online Eftpos is absolutely awesome in helping to fill this gap but really all banks need to adopt it.

 

Rule of thumb - if you're entering your internet banking login in a third party system this is both against your internet banking T&C's as well as fully unsupported and not endorsed by any bank.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

KrazyKid
1247 posts

Uber Geek
+1 received by user: 616


  #2985238 20-Oct-2022 11:28
Send private message

Interesting that a bank actively whitelisted POLI.

 

That could be seen as the bank endorsing the use of use of POLI in my eyes.

 

While I'm not a lawyer I would feel it could be a good arguement if that bank ever tried to enfore the T&C's against someone for using POLI.

 

 



mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #2985261 20-Oct-2022 12:29
Send private message

allowlist




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

ANglEAUT
altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted
Lifetime subscriber

  #2985284 20-Oct-2022 14:08
Send private message

michaelmurfy: ... For payments Online Eftpos is absolutely awesome ...

 

As you say, for payments & I agree with you. Unfortunately it doesn't give use the ability to download out banking transactions.

 

 




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

allan
2073 posts

Uber Geek
+1 received by user: 899

ID Verified
Lifetime subscriber

  #2985333 20-Oct-2022 14:24
Send private message

michaelmurfy:

 

For payments Online Eftpos is absolutely awesome in helping to fill this gap but really all banks need to adopt it. 

 

I was just looking to see what banks offered it and see that Heartland stopped offering it in July, supposedly because hardly anyone was using it. Seems short-sighted.

 

https://www.heartland.co.nz/onlineeftpos  

 
 
 
 

Shop now at Mighty Ape (affiliate link).
ripdog
548 posts

Ultimate Geek
+1 received by user: 373
Inactive user


  #2985351 20-Oct-2022 15:27
Send private message

The UX of Online Eftpos is awful. Having to type in my mobile number, switch apps, log in (and hope fingerprint login works and doesn't just do nothing, looking at you ASB), hope the transaction has appeared (sometimes takes over a minute to appear), approve it once, switch back to the browser, hope that hasn't been OOM killed, and finally confirm paying.

 

What even happens when the browser was killed due to OOM? Does my transaction just disappear into the ether, dooming me to hours on the phone trying to get it reversed? Can it even be reversed? Am I begging the merchant to refund me?

 

Why can't I just OAUTH into my bank like every civilised secure service allows?! Why do banks think they're too damn good to use the highly secure and user-friendly systems that work well for extremely important systems like email?

 

 

 

EDIT: And while I'm here, I just want to laugh at banks calling other services insecure. Kiwibank doesn't even offer 2-factor at all, ASB and Westpac offer it via SMS (insecure), but only occasionally require you to type a code.

PolicyGuy
1821 posts

Uber Geek
+1 received by user: 1771

ID Verified
Lifetime subscriber

  #2985389 20-Oct-2022 16:43
Send private message

ripdog:

 

EDIT: And while I'm here, I just want to laugh at banks calling other services insecure. Kiwibank doesn't even offer 2-factor at all, ASB and Westpac offer it via SMS (insecure), but only occasionally require you to type a code.

 

 

Kiwibank does offer and use 2FA for Internet Banking, but not for session login - they use a stored Q&A, click-on-the-letters scheme for that.
The 2FA is unfortunately only SMS based, but better than nothing, I guess. I'd much prefer that Authy was available as an option.

ripdog
548 posts

Ultimate Geek
+1 received by user: 373
Inactive user


  #2985393 20-Oct-2022 17:05
Send private message

PolicyGuy:

 

ripdog:

 

EDIT: And while I'm here, I just want to laugh at banks calling other services insecure. Kiwibank doesn't even offer 2-factor at all, ASB and Westpac offer it via SMS (insecure), but only occasionally require you to type a code.

 

 

Kiwibank does offer and use 2FA for Internet Banking, but not for session login - they use a stored Q&A, click-on-the-letters scheme for that.
The 2FA is unfortunately only SMS based, but better than nothing, I guess. I'd much prefer that Authy was available as an option.

 

 

It hardly counts as security when it's only triggered by *algorithms* on certain transfers, but yes, I forgot about that. Still, SMS-based 2FA is not 2FA at all as phone numbers can be trivially stolen.

KiwiSurfer
1722 posts

Uber Geek
+1 received by user: 993

ID Verified
Lifetime subscriber

  #2985908 21-Oct-2022 16:49
Send private message

ripdog:

 

It hardly counts as security when it's only triggered by *algorithms* on certain transfers, but yes, I forgot about that. Still, SMS-based 2FA is not 2FA at all as phone numbers can be trivially stolen.

 

 

I think the Kiwibank "algorithm" (if you can even call it that) is quite simple.

 

It'll ask you to authenticate the addition of a new payee the first time you make a payment to them.

 

But once that's done all future payments don't require any extra authentication.

 

Been like that for all payments I've done the last couple of years.

1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright