On one side we have POLi, the payment processor that wraps around your browser as you login to your online banking, and watches as you make a direct credit payment to a merchant. The benefit to you as a consumer is there is no credit card surcharge payable for the merchant, so they pass this benefit onto you.
On the other side, we have the big banks: Kiwibank, BNZ, ASB, ANZ and Westpac. Four of the five big boys don’t recommend using POLi. Uncompetitive practices from the bank? As much as I hate to do it, I’m siding with the banks on this one.
Ever since I became aware of POLi, the concept made me very uncomfortable, but I can see why it’s alluring.
As a merchant, if you want to accept credit cards, you will be hit with a surcharge, no way around it. Based on volume and risk, I think a fair average would be 2%. If you can offer direct credit to customers, there is no surcharge, so 100% of the money paid is yours. The issue with direct credit is customers are notoriously bad at actually doing it, and/or including the right reference, so reconciliation is a nightmare later on.
POLi fixes this. It “holds the hand” of the customer, watches as the login to their online banking, forwards them to the right page, puts in the right references, and confirms that they actually make payment. It’s like you’re sitting next to them, guiding them the whole way through.
I think, any system that has the potential of collecting your online banking credentials is a very bad idea. I’m not the only one: read what Kiwibank think from an article in yesterday’s Herald:
"In relation to a provider such as POLi, we have concerns with the process they follow to complete their payments.
"Fundamentally, their process is to obtain customer information [access numbers and passwords] and make the payment via their own systems.
"This increases the risk to our clients and to Kiwibank as we are unable to ensure that the customer information has been handled with the appropriate level of security."
The article goes on to quote BNZ saying they would stand behind customers in the event of fraud, however giving your online banking credentials would be a breach of their terms and conditions.
POLi then push it back on the banks saying:
… transactions were processed on banks' systems and therefore it would be a bank's responsibility to reimburse the customer if fraud were to occur.
What happens if POLi is collecting your login details and they have a data breach? It’s through no fault of your own that your accounts are being drained. Surely you could hit POLi up about it?
"Our [POLi’s] terms and conditions clearly state that we do not provide consumer protection"
If your credentials were compromised you are potentially looking at being stuck in no-mans land. Your bank says “not our fault, you gave out your banking username/password, read our T&Cs”. POLi then point the finger at the banks as they haven’t done their job properly.
My suggestion: pay with credit card, and take the surcharge on the chin. It’s well worth the protections it gives you, plus you are staying well within your banks T&Cs. Win, win.
Other related posts:
Cyber attacks on NZ small business
How one database query can fix HOP cards
Review: Navman MiVUE680
comments powered by Disqus