POLi is designed to keep your customers' data safe
We’ve built POLi with security in mind. We’re fully certified, do not collect or store merchant or customer data, and perform regular security vulnerability scans to ensure we maintain your safety.
How does POLi keep payments secure?
POLi is able to provide your customers a convenient and affordable method of payment by operating a proxy. The proxy service means that customers are simply accessing their original bank site via the POLi servers.
This proxy enables us to secure and confirm every transaction upon payment completion to allow merchants to provision goods and services immediately.
POLi's ISO 27001 certification
The POLi Payments ISMS scope includes all information assets and information technology used by POLi Payments to provide its services.
The certification number is 10114664. View the certification status here.
ISO27001 is a global information security management standard issued by the International Organization for Standardization.
This gives POLi partners the confidence of independently audited security management and annual statements of applicability to meet audit requirements.
Best in class security features
- No caching of requests is performed on our servers
- POLi does not capture or store usernames or passwords
During a POLi transaction, no one can access or see your internet banking login credentials.
All communication via POLi takes place using HTTPS transport level security and no sensitive information is stored (not even cached).
Please see POLi's Vulnerability Disclosure Policy for more information
- Maintaining compliance and certification of the ISO27001:2013 Information Security standard
- POLi will perform regular external security vulnerability scanning on the system
- POLi will undertake a regular penetration test with a recognised security firm, and
- Any Australian or New Zealand bank is able to review the security credentials of the POLi system
- All communication is over SSL using 2048 bit SSL Certificates.
- POLi uses a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
- POLi has numerous server side transaction integrity checks to ensure no tampering
- Windows updates, and virus protection updates are applied regularly to POLI's servers.
- Only required personnel have access to the production environment
- Data centre is a Tier 3 data centre with ISO27001 and ASIO T4 certifications.
- POLi performs file system scanning for file system changes, protecting against unauthorised changes.
- POLi protects against potential attacks with multiple layers of Firewall security
What our customers think of POLi
The Whiskey Shop
We’ve been using POLi Pay for a while now and are very happy to have added it as an option. It’s saved us money and given our customers another payment option which they’ve really appreciated.
That’s the beauty of having POLi. It automatically pre-populates both the correct amount and the other payment details into the internet banking screen without customers having to type in anything.
The beauty of POLi is that it is a smooth and seamless process. I just pay the bill at the end of the month and it basically takes care of itself.
We’ve offered POLi as an option on our checkout since 2010. Our online customers have really taken to it and we appreciate the extra business we generate from this low cost channel
The introduction of POLi as a payment method on www.thewarehouse.co.nz and www.redalert.co.nz has provided our customers the convenience of paying directly from their bank account without using a credit card. We’re very pleased with the contribution that POLi is making to the success of our online channel
POLi fully automated the release process of processing orders. We automatically release as paid before we see the money in our account and ship the same day. POLi is consistent and reliable, therefore we place our utmost confidence in it.