"Here's how you shop with POLi:
1) Select the POLi logo.
2) POLi will present you with a list of banks- select your bank.
3) Login as you normally would to begin an internet banking session.
4) POLi calls up your "pay anyone" screen and automatically fills in the merchant's details and the amount of the purchase.
5) Simply click "Pay" to purchase with money that's in your bank account. "
So I have to trust the merchant's website enough to allow a script to remain active while I log into my bank account, answer all the usual security questions and then have it fill in the payments form for me?
Not meaning to be paranoid, but how can I be sure that the merchant's website is anymore genuine, and the POLi script anymore trustworthy than the average phishing email? Using an ActiveX control, as it does, I'm also forced to use MSIE, which I don't like...
Also, of course, when I pay with Visa or Mastercard, I have some insurance against fraud. When I bay by BACS, I have none.
It's a lovely idea, but flawed, no?