27 April, 2009

The Nerdery: s03e05: POLi

So over the holiday I got another nice letter from the NZTA, telling me they want another $210 for the pleasure of having a motor vehicle for another year. Oh well, another thing to go online and do. I find online transactions to be wonderful – they’re instantaneous, convenient, and incredibly secure.

But this time round they’ve sent out a flier for their online services – which I always use anyway. Why is it that no company/government agency ever remembers that I already use their online services, and send me emails? But on this flier they included an advert for a service called POLi. I was curious, and did some digging. Turns out, POLi is an application which you download, and once installed interacts with your browser for arranging direct debit payments from your bank account. You click some buttons, select your bank, type your username and password and the application takes care of entering the receiver’s bank details and payment amount.

… Now, just in case you’ve missed the plot, lets rewind a bit, say a decade ago. Since the inception of online transactions, banks, security companies, and governments have been warning us not to disclose our passwords to anyone. They’ve been warning us not to install software that could compromise security. They’ve been warning us to only interact with trusted services; i.e., the bank providing us with a bank account. And so I have two very simple questions; WHY IN BLUE HELL IS THIS SERVICE ALLOWED TO EXIST AT ALL, AND WHY IS A GOVERNMENT AGENCY PROMOTING IT?!?!?!?!

This is exactly the kind of thing that all those warnings are supposed to be preventing us from doing; giving our details out to someone we can’t trust. No, you can’t trust POLi. They don’t hold your money. They don’t process the transaction. They aren’t a bank and don’t try to meet the requirements of being one. They are simply a private company which people are handing over their passwords to. It’s reckless and irresponsible, especially for a government agency. It’s insane that it’s even considered an option. Those capable of using online banking are more than capable of entering in an account number and payment amount.

Also, there are reasons why credit cards are preferred for online transactions; speed, broad acceptance, and if there is any hint of fraud you can arrange to get your money back. Direct debit is popular in this country because it’s a way of avoiding the per-transaction fees of credit cards, and apart from having a bank account theres nothing required to set up. But you don’t get any of the security against fraud.

I’ve heard of applications like POLi before. It’s spyware, which is often used for fraud and identity theft. It’s inconceivable that anyone would knowingly install spyware, so why is POLi being promoted?