Centricom
 |
A major contributor to this article appears to have a close connection with its subject. It may require cleanup to comply with Wikipedia's content policies, particularly neutral point of view. Please discuss further on the talk page. (February 2012) |
| Type | Private company |
|---|---|
| Industry | Online banking |
| Founded | 2006 |
| Headquarters | Melbourne, Australia |
| Products | Electronic commerce |
| Website | www.polipayments.com |
Centricom Pty Ltd trading as POLi Payments is an online payments company based in Melbourne, Australia. It is the developer and provider of POLi, an online payment system that is used by merchants and consumers in Australia and New Zealand. The POLi product is due to also launch in India in mid 2012.[citation needed]
POLi allows consumers to pay for goods or services directly from a merchants website without the need for a credit card. The key benefit is that the merchant receives an instant receipt allowing them to provide the goods or services to the customer immediately. POLi Link allows a POLi payment to be initiated from a merchant created URL. This URL can be placed within a text message, email or on an electronic PDF.
As at 2 February 2012, POLi requires customers to use Microsoft Windows. A new version of POLi is expected in February 2012 that will be device agnostic and smart phone/tablet compatible.[citation needed]
[edit] Concerns
Although Centricom stresses that security is a high priority for POLi,[1] experts have criticised the security,[2] noting the "potential security risk each system poses is that users need to download software to allow POLi and eWise to fill out payment forms on their behalf."[3] and that "neither system operator is promising they will bear responsibility for any losses suffered through their technology becoming compromised"[3][4]
The system once used ActiveX which caused some security concerns. Greg Day, a security analyst at McAfee stated "Using ActiveX for online payments is the kind of thing that would make me run a mile. [It] is probably the most used route for hackers to get in ... and steal personal information.".[3][5]
Since 2008 the system has been operating on the .NET technology platform and has had passed security audits performed by VeriSign and Security Assessments. This still gives rise to possible security breaches via downloading untrusted software, and the possible infiltration of malware.[6] A new version due for release is largely addressing these security concerns by removing the need for consumers to download any software.[7]
Unlike payments via credit cards, payments made via POLi are not able to be reversed by the bank.[8][9]
Sentiment at online bulletin boards has reflected these security concerns.[6]
[edit] References
- Baltazar, Michelle (2012). "Just debit it: Centricom", Financial Standard, Financial Standard Article.
- ^ POLi support - Is POLi secure?
- ^ Fraud and Scam news - New online payment systems: Banks wary of backing them
- ^ a b c Guardian UK - Experts cast a wary eye over new online payment systems
- ^ POLi Terms and Conditions - Disclaimer and Indemnity "We will not be liable to you or any other party for any loss or damage, however caused (including through negligence), that you may directly or indirectly suffer in connection with your use of POLi™, including, without limitation, any loss or damage that arises as a result of your download or use of the third party software referred to above.", and
"If You believe that there has been an unauthorised or mistaken transaction, You should contact your financial institution and endeavour to address the issue under the terms and conditions applicable to your internet banking facility." - ^ Symantec - example of a breach of an online payment system ActiveX control
- ^ a b Forum at The Register
"they are installing an ActiveX control (shudder) whose only purpose is to make payments to arbitrary bank accounts when the user logs into their online banking. There is another name for software that does that. Internet Banking Trojan."
"What a fantastic way to phish"
"Not meaning to be paranoid, but how can I be sure that the merchant's website is anymore genuine, and the POLi script anymore trustworthy than the average phishing email?"
"Not only is this an opportunity to phish people's bank details, you don't get the payment protection of using a credit card either."
"Score out of 4: 1. MSIE only = fail, 2. Active X = fail, 3. Direct access to my bank acct = fail, 4. No CC protection = fail" - ^ According to the POLi payments home page "Coming soon: non-download POLi will be browser agnostic and provide an enhanced user experience."
- ^ POLi payments brochure page 7 (from the Merchant's perspective) "Unlike a credit card, once you receive a payment it can't be reversed by the bank."
- ^ Forum at The Register "the price seems to be the loss of any consumer protection"
