Security for merchants
POLi protects you and your customers.
Overview of POLi
POLi is able to provide consumers a convenient and affordable method of payment by operating a proxy. The proxy service means that the customers are simply accessing their original bank site via the POLi servers.
The proxy enables us to confirm the fate of the transaction upon payment completion to allow the merchant to provision the goods or services immediately.
POLi's ISO 27001 certification
The POLi Payments ISMS scope includes all information assets and information technology used by POLi Payments to provide its services.
The certification number is 10114664. View the certification status here.
ISO27001 is a global information security management standard issued by the International Organization for Standardization.
This gives POLi partners the confidence of independently audited security management and annual statements of applicability to meet audit requirements.
Best in class security features
- No caching of requests is performed on our servers
- POLi does not capture or store usernames or passwords
During a POLi transaction, no one can access or see your internet banking login credentials.
All communication via POLi takes place using HTTPS transport level security and no sensitive information is stored (not even cached).
Please see POLi's Vulnerability Disclosure Policy for more information
- Maintaining compliance and certification of the ISO27001:2013 Information Security standard
- POLi will perform regular external security vulnerability scanning on the system
- POLi will undertake a regular penetration test with a recognised security firm, and
- Any Australian or New Zealand bank is able to review the security credentials of the POLi system
- All communication is over SSL using 2048 bit SSL Certificates.
- POLi uses a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
- POLi has numerous server side transaction integrity checks to ensure no tampering
- Windows updates, and virus protection updates are applied regularly to POLI's servers.
- Only required personnel have access to the production environment
- Data centre is a Tier 3 data centre with ISO27001 and ASIO T4 certifications.
- POLi performs file system scanning for file system changes, protecting against unauthorised changes.
- POLi protects against potential attacks with multiple layers of Firewall security
That’s the beauty of having POLi. It automatically pre-populates both the correct amount and the other payment details into the internet banking screen without customers having to type in anything.
We’ve offered POLi as an option on our checkout since 2010. Our online customers have really taken to it and we appreciate the extra business we generate from this low cost channel
The introduction of POLi as a payment method on www.thewarehouse.co.nz and www.redalert.co.nz has provided our customers the convenience of paying directly from their bank account without using a credit card. We’re very pleased with the contribution that POLi is making to the success of our online channel