POLi is able to provide consumers a convenient and affordable method of payment by operating a proxy. The proxy service means that the customers are simply accessing their original bank site via the POLi servers.

The proxy enables us to confirm the transactions complete. There are many other examples of this technique being used including Blackberry, Nokia, and Opera Mini who all proxy all traffic through their own servers including SSL traffic.

ISO/IEC 27001:2013 Certification – POLi Payments Australia

The POLi Payments ISMS scope includes all information assets and information technology used by POLi Payments to provide its services.

Our certification number is 10114664. View our certification status here.

ISO27001 is a global information security management standard issued by the International Organization for Standardization.

This gives POLi partners the confidence of independently audited security management and annual statements of applicability to meet audit requirements.

POLi does not collect data such as usernames and passwords. Please see our Privacy Policy for more information.
  • No caching of requests is performed on our servers
  • We do not capture or store usernames or passwords

During a POLi transaction, no one can access or see your internet banking login credentials.

All communication via POLi takes place using HTTPS transport level security and no sensitive information is stored (not even cached).

Please see our Responsible Disclosure Program for more information

In order to maintain our high security standards POLi Payments has undertaken the following:
  • Maintaining compliance and certification of the ISO27001:2013 Information Security standard
  • We will perform regular external security vulnerability scanning on the system
  • Any Australian or New Zealand bank is able to review the security credentials of the POLi system
  • All communication is over SSL using 2048 bit SSL Certificates.
  • We use a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
  • We have numerous server side transaction integrity checks to ensure no tampering
  • Windows updates, and virus protection updates are applied regularly to our servers.
  • Only required personnel have access to the production environment
  • We perform file system scanning for file system changes, protecting against unauthorised changes.
  • We protect against potential attacks with multiple layers of Firewall security