POLi is able to provide consumers a convenient and affordable method of payment by operating a proxy. The proxy service means that the customers are simply accessing their original bank site via the POLi servers.

The proxy enables us to confirm the transactions complete. There are many other examples of this technique being used including Blackberry, Nokia, and Opera Mini who all proxy all traffic through their own servers including SSL traffic.

POLi does not collect data such as usernames and passwords. Please see our Privacy Policy for more information.
  • No caching of requests is performed on our servers
  • We do not capture or store usernames or passwords

During a POLi transaction, no one can access or see your internet banking login credentials.

All communication via POLi takes place using HTTPS transport level security and no sensitive information is stored (not even cached).

In order to maintain our high security standards POLi Payments has undertaken the following:
  • We will perform regular external security vulnerability scanning on the system
  • We will undertake a regular penetration test with a recognised security firm, and
  • Any Australian or New Zealand bank is able to review the security credentials of the POLi system
  • All communication is over SSL using 2048 bit SSL Certificates.
  • We use a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
  • We have numerous server side transaction integrity checks to ensure no tampering
  • Windows updates, and virus protection updates are applied regularly to our servers.
  • Only required personnel have access to the production environment
  • Data centre is a Tier 3 data centre with ISO27001 and ASIO T4 certifications.
  • We perform file system scanning for file system changes, protecting against unauthorised changes.
  • We protect against potential attacks with multiple layers of Firewall security