POLi Payments: Difference between revisions
Content deleted Content added
Undid revision 788785763 by 124.189.156.174 (talk) |
No edit summary Tags: Visual edit Mobile edit Mobile web edit |
||
| Line 22: | Line 22: | ||
| accessdate=2016-10-27 }}</ref> |
| accessdate=2016-10-27 }}</ref> |
||
POLi enables consumers to pay for goods or services directly from a merchant's website without the need for a credit card, but by using a direct connection to the user's internet banking. A benefit is that the merchant receives an instant receipt |
POLi enables consumers to pay for goods or services directly from a merchant's website without the need for a credit card, but by using a direct connection to the user's internet banking. A benefit is that the merchant receives an instant receipt. Consumers do not have to register to use POLi.<ref>{{cite web|url=http://www.polipayments.com/consumer|title=Buy - Pay with confidence from your internet banking|publisher=|accessdate=26 October 2016}}</ref> |
||
POLi Payments is used in Australia and New Zealand with its largest merchants being Jetstar, Virgin Australia, Air New Zealand, Sportsbet and Sportingbet. |
POLi Payments is used in Australia and New Zealand with its largest merchants being Qantas, Jetstar, Virgin Australia, Air New Zealand, Sportsbet and Sportingbet. |
||
==Previous versions== |
|||
POLi Version 3 is entirely in-browser,{{citation needed|date=June 2013}}. This version was released in July 2012 and enabled payments on Macs and mobile devices; neither was possible on previous versions. |
POLi Version 3 is entirely in-browser,{{citation needed|date=June 2013}}. This version was released in July 2012 and enabled payments on Macs and mobile devices; neither was possible on previous versions. |
||
Like normal internet bankings payments, customers are not able reverse POLi payments once made. |
|||
Version 2 is a [[.NET Framework]] [[ClickOnce]] application. This version is still operational in New Zealand Payments for several banks. This version to was built with security at the expense of user experience, as the process of downloading the .NET ClickOnce application is poor, and requires additional plugins for Firefox<ref>{{cite web|url=https://addons.mozilla.org/en-us/firefox/addon/ffclickonce/|title=FFClickOnce|publisher=|accessdate=26 October 2016}}</ref> and Chrome.<ref>https://chrome.google.com/webstore/detail/clickonce-for-google-chro/eeifaoomkminpbeebjdmdojbhmagnncl?hl=en</ref> |
|||
POLi Version 1 was an [[ActiveX]] control. This version was used by some, but never gained traction due to security concerns with ActiveX. This version is no longer operational. Greg Day, a security analyst at [[McAfee]] stated "Using ActiveX for online payments is the kind of thing that would make me run a mile. [It] is probably the most used route for hackers to get in ... and steal personal information.".<ref name="guardian">{{cite web|url=https://www.theguardian.com/technology/2008/mar/20/hacking.security|title=Experts cast a wary eye over new online payment systems|first=Sean|last=Hargrave|date=20 March 2008|publisher=|accessdate=26 October 2016|via=The Guardian}}</ref><ref>[http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=22582 Symantec] - example of a breach of an online payment system ActiveX control</ref> Since 2008 the system has been operating on the .NET technology platform. This still gives rise to possible security breaches via downloading untrusted software, and the possible infiltration of [[malware]].<ref name="thereg">[http://forums.theregister.co.uk/forum/1/2008/03/18/poli_online_bank_payment_roll_out/ Forum at The Register]<br />"they are installing an ActiveX control (shudder) whose only purpose is to make payments to arbitrary bank accounts when the user logs into their online banking. There is another name for software that does that. Internet Banking Trojan."<br />"What a fantastic way to phish"<br />"Not meaning to be paranoid, but how can I be sure that the merchant's website is anymore genuine, and the POLi script anymore trustworthy than the average phishing email?"<br />"Not only is this an opportunity to phish people's bank details, you don't get the payment protection of using a credit card either."<br />"Score out of 4: 1. MSIE only = fail, 2. Active X = fail, 3. Direct access to my bank acct = fail, 4. No CC protection = fail"</ref> |
|||
==Concerns== |
|||
Although POLi Payments stresses that security is a high priority for POLi,<ref>[http://www.polipayments.com/consumer.html How POLi works] "Simple and secure"</ref><ref>{{cite web|url=http://www.cio.com/article/2383927/outsourcing/how-bug-bounty-programs-bring-big-savings-and-better-security.html|title=How Bug Bounty Programs Bring Big Savings and Better Security|first=Paul|last=Rubens|publisher=|accessdate=28 October 2016}}</ref> concerns remain regarding exposing the user's banking credentials to POLi, and liability for fraudulent transactions.<ref>[https://transaction.apac.paywithpoli.com/POLiTandC.aspx?merchantcode=6100103#disclaimer POLi Terms and Conditions - Disclaimer and Indemnity] "We will not be liable to you or any other party for any loss or damage, however caused (including through negligence), that you may directly or indirectly suffer in connection with your use of POLi™, including, without limitation, any loss or damage that arises as a result of your download or use of the third party software referred to above.", and <br />"If You believe that there has been an unauthorised or mistaken transaction, You should contact your financial institution and endeavour to address the issue under the terms and conditions applicable to your internet banking facility."</ref><ref>{{cite web |
|||
| title=Banks concerned over POLi security |
|||
| author=Juha Saarinen, IT News |
|||
| year=2012 |
|||
| url=http://www.itnews.com.au/news/banks-concerned-over-poli-security-326827 |
|||
| accessdate=2016-10-27 }}</ref><ref>{{cite web |
|||
| title=Banks warn of increased risk of online fraud |
|||
| author= George Lekakis, The New Daily |
|||
| year=2016 |
|||
| url=http://thenewdaily.com.au/money/your-budget/2016/04/14/banks-warn-online-fraud/ |
|||
| accessdate=2016-10-27 }}</ref> |
|||
[[ASB Bank]], one of New Zealand's largest banks, has responded to POLi with a release stating that POLi is "spoofing/mirroring" their on-line banking pages and capturing customer information, and "due to the serious security and fraud risks" recommending that their customers not use it.<ref name="asbwarning">{{cite web |
|||
| title=Important security information for ASB and Bank Direct customers making online payments using POLi |
|||
| author= |
|||
| year=2012 |
|||
| url=https://www.asb.co.nz/story12032.aspx |
|||
| archiveurl=https://web.archive.org/web/20130210010817/https://www.asb.co.nz/story12032.aspx |
|||
| archivedate=2013-02-10 |
|||
| accessdate=2016-10-26 }} (Note appears on page under date heading of 19 Dec 2012)</ref><ref>{{cite web |
|||
| title=Important security information - online payments using POLi |
|||
| author=ASB Bank |
|||
| year=2012 |
|||
| url=http://www.scoop.co.nz/stories/BU1212/S00741/important-security-information-online-payments-using-poli.htm |
|||
| accessdate=2014-02-25 }}</ref><ref>{{cite web |
|||
| title=NZ bank claims payment processor is capturing user details |
|||
| author=ZDNet, Michael Lee |
|||
| year=2012 |
|||
| url=http://www.zdnet.com/article/nz-bank-claims-payment-processor-is-capturing-user-details/ |
|||
| accessdate=2016-10-27 }}</ref> The release also claims that ASB has asked POLi to remove support for ASB customers from their service. POLi responded to the ASB advisory with an announcement, refuting the claims,<ref name="poliwarningresponse">{{cite web |
|||
| title=POLi response to ASB Advisory |
|||
| author= |
|||
| url=http://polipayments.com/assets/docs/POLiAnnouncment19-12-12v1.0.pdf |
|||
| accessdate=2012-12-19 }}</ref> and apparently reverting the version of the payment system.<ref name="asbwarning" /> |
|||
[[ANZ New Zealand]],<ref name="anzwarning">{{cite web |
|||
| title=Important information for ANZ Internet Banking customers using POLi to make payments online |
|||
| author= |
|||
| url=https://comms.anz.co.nz/betterinternetbanking/article/detail.html?id=15009 |
|||
| accessdate=2012-12-19 }}</ref> [[Bank of New Zealand]],<ref name="bnzwarning">{{cite web |
|||
| title=Important security update for BNZ customers using POLi to make online payments |
|||
| author= |
|||
| url=http://www.bnz.co.nz/about-us/media/archives/important-security-update-poli |
|||
| archiveurl=https://web.archive.org/web/20130307212525/http://www.bnz.co.nz/about-us/media/archives/important-security-update-poli |
|||
| archivedate=2013-03-17 |
|||
| accessdate=2016-10-26 }} "Providing log in details to a third party presents very serious security risks and contradicts both the New Zealand Code of Banking Practice and our terms and conditions."</ref> [[Kiwibank]],<ref name=kiwibank>{{cite web |
|||
| title=Twitter: "We advise against using POLiPayments..." |
|||
| author=Kiwibank Limited |
|||
| url=https://twitter.com/KiwibankNZ/status/281228162996772865 |
|||
| accessdate=2014-06-17 }}"We advise against using POLiPayments as it invalidates our internet banking guarantee & is not secure"</ref> [[Commonwealth Bank]],<ref>{{cite web |
|||
| title=NZ bank claims payment processor is capturing user details |
|||
| author=Michael Lee |
|||
| url=http://www.zdnet.com/au/nz-bank-claims-payment-processor-is-siphoning-user-details-7000008995/ |
|||
| accessdate=2014-02-25 }} "The Commonwealth Bank does not have any working agreement with POLi Payments, and, as such, the payment site is not endorsed or supported by the bank. The bank urges customers making online payments to do so via the bank's own NetBank site, which guarantees the customer's security," CBA told ZDNet.</ref> [[Westpac]]<ref>{{cite web |
|||
| title=Who’s got your back when you’re banking? |
|||
| author=John Dunkerley |
|||
| url=http://myob.com.au/blog/whos-got-your-back-when-youre-banking/ |
|||
| accessdate=2014-02-25 }}</ref> and [[Police Bank]]<ref>{{cite web |
|||
| title=POLi Not Recommended for Payments |
|||
| url=http://www.policebank.com.au/poli-not-recommended-for-payments/ |
|||
| archiveurl=https://web.archive.org/web/20150918053315/http://www.policebank.com.au/poli-not-recommended-for-payments |
|||
| archivedate=2015-09-18 |
|||
| accessdate=2016-10-26 |
|||
}}</ref> are also warning customers against using POLi. ANZ and Kiwibank have further advised that use of POLi invalidated the bank's online guarantee, potentially making the customer liable for any losses if their online banking account were to be compromised.<ref name=kiwibank /> POLi's terms and conditions note "We are not making any representation that we or POLi™ have the approval or, an affiliation with, or any licence from or agreement with your financial institution to operate or make POLi™ available for use by you."<ref>{{cite web |
|||
| title=POLi(TM) Terms & Conditions |
|||
| author= |
|||
| url=http://www.polipayments.com/terms |
|||
| accessdate=2016-10-27 }}</ref> |
|||
Unlike payments via [[credit cards]], payments made via POLi are not able to be reversed by the bank.<ref> |
|||
{{cite web |
|||
| title=POLi - How Transactions Work |
|||
| url=http://www.polipayments.com/Assets/Docs/POLiPaymentsBrochure.pdf |
|||
| archiveurl=https://web.archive.org/web/20120323224735/http://www.polipayments.com/Assets/Docs/POLiPaymentsBrochure.pdf |
|||
| archivedate=2015-03-15 |
|||
| accessdate=2016-10-27 |
|||
}} page 6 (from the Merchant's perspective) "Unlike a credit card, once you receive a payment it can't be reversed by the bank."</ref><ref>[http://forums.theregister.co.uk/forum/1/2008/03/18/poli_online_bank_payment_roll_out/ Forum at The Register] "the price seems to be the loss of any consumer protection"</ref> |
|||
Version 1 and 2 that used the [[ActiveX]] and .NET platforms have additional security concerns regarding the integrity of this software and compatibility with non-Windows platforms. |
|||
==References== |
==References== |
||
Revision as of 13:38, 3 July 2017
 | |
| Company type | Private company |
|---|---|
| Industry | Online banking |
| Founded | 2006 |
| Headquarters | Melbourne, Australia |
| Products | Electronic commerce |
| Website | www |
POLi Payments Pty Ltd (formerly known as Centricom[1]) is an online payments company based in Melbourne, Australia. It is the developer and provider of POLi, an online payment system that is used by merchants and consumers in Australia and New Zealand. POLi Payments has been acquired by SecurePay Holdings, a fully owned subsidiary of Australia Post.[2]
POLi enables consumers to pay for goods or services directly from a merchant's website without the need for a credit card, but by using a direct connection to the user's internet banking. A benefit is that the merchant receives an instant receipt. Consumers do not have to register to use POLi.[3]
POLi Payments is used in Australia and New Zealand with its largest merchants being Qantas, Jetstar, Virgin Australia, Air New Zealand, Sportsbet and Sportingbet.
POLi Version 3 is entirely in-browser,[citation needed]. This version was released in July 2012 and enabled payments on Macs and mobile devices; neither was possible on previous versions.
Like normal internet bankings payments, customers are not able reverse POLi payments once made.
References
- ^ "Centricom Pty, Ltd.: Private Company Information - Businessweek". Retrieved 26 October 2016.
- ^ "Ahmed Fahour's letter to ecommerce startups: Australia Post will accelerate you". 2015. Retrieved 27 October 2016.
- ^ "Buy - Pay with confidence from your internet banking". Retrieved 26 October 2016.
Further reading
- Baltazar, Michelle (2012). "Just debit it: Centricom". Financial Standard.
