I was lucky enough to be interviewed by Xero about my thoughts around growing your business using technology and social media.
It’s very cafe orientated, but I think the concepts apply to all businesses. You can head over to Xero’s blog to read all about it.
Phishing attacks really are the worst. They are a page that looks exactly like a legitimate login page you are familiar with (such as Google, Facebook, Twitter etc) but behind the scenes they are actually sending your email address and password to a third party. With these details they can cause all sorts of havoc.
Today Google has announced Password Alert which is a Chrome extension that will warn you if you enter your details into a site that isn’t one theirs. Everyone can slip up if you’re not paying close attention, so this app should help keep your login details safe.
I highly recommend this if you are a Google + Chrome user. I have seen far too many client’s details being compromised from a moment’s inattention.
We’ve just launched a product called HostedPay which allows you to setup SagePay as a payment service in Xero. This means your customers can pay your Xero invoices with SagePay.
When payment has been successfully made in SagePay, the details of the payment are automatically entered into Xero, making bank reconciliation really easy.
More info is available on the HostedPay site. We’re offering a 30 day free trial so you really have nothing to lose.
On one side we have POLi, the payment processor that wraps around your browser as you login to your online banking, and watches as you make a direct credit payment to a merchant. The benefit to you as a consumer is there is no credit card surcharge payable for the merchant, so they pass this benefit onto you.
On the other side, we have the big banks: Kiwibank, BNZ, ASB, ANZ and Westpac. Four of the five big boys don’t recommend using POLi. Uncompetitive practices from the bank? As much as I hate to do it, I’m siding with the banks on this one.
Ever since I became aware of POLi, the concept made me very uncomfortable, but I can see why it’s alluring.
As a merchant, if you want to accept credit cards, you will be hit with a surcharge, no way around it. Based on volume and risk, I think a fair average would be 2%. If you can offer direct credit to customers, there is no surcharge, so 100% of the money paid is yours. The issue with direct credit is customers are notoriously bad at actually doing it, and/or including the right reference, so reconciliation is a nightmare later on.
POLi fixes this. It “holds the hand” of the customer, watches as the login to their online banking, forwards them to the right page, puts in the right references, and confirms that they actually make payment. It’s like you’re sitting next to them, guiding them the whole way through.
I think, any system that has the potential of collecting your online banking credentials is a very bad idea. I’m not the only one: read what Kiwibank think from an article in yesterday’s Herald:
"In relation to a provider such as POLi, we have concerns with the process they follow to complete their payments.
"Fundamentally, their process is to obtain customer information [access numbers and passwords] and make the payment via their own systems.
"This increases the risk to our clients and to Kiwibank as we are unable to ensure that the customer information has been handled with the appropriate level of security."
The article goes on to quote BNZ saying they would stand behind customers in the event of fraud, however giving your online banking credentials would be a breach of their terms and conditions.
POLi then push it back on the banks saying:
… transactions were processed on banks' systems and therefore it would be a bank's responsibility to reimburse the customer if fraud were to occur.
What happens if POLi is collecting your login details and they have a data breach? It’s through no fault of your own that your accounts are being drained. Surely you could hit POLi up about it?
"Our [POLi’s] terms and conditions clearly state that we do not provide consumer protection"
If your credentials were compromised you are potentially looking at being stuck in no-mans land. Your bank says “not our fault, you gave out your banking username/password, read our T&Cs”. POLi then point the finger at the banks as they haven’t done their job properly.
My suggestion: pay with credit card, and take the surcharge on the chin. It’s well worth the protections it gives you, plus you are staying well within your banks T&Cs. Win, win.
For a few months now, I’ve thought about blogging what it’s like to be a cafe owner. As Kiwis, we spend a lot of time in cafes, but don’t really know what goes on behind the scenes.
I’m hoping to post regularly to this new blog about what’s involved in running a cafe. I’ll still keep blogging here, but will keep the cafe related stuff to my new blog.
Click to read my first post - Why do I pay more for soy?