ASB is warning customers against using the POLi website, saying the popular online payment service is spoofing its secure website and the Bank Direct website, which could potentially leak customer information.
The bank said its fraud monitoring operations discovered that when customers wanted to make a payment through a POLi-affiliated website, it was presented with what appeared to be a genuine ASB FastNet Classic and Bank Direct NetDirect website, and asked to log on.
However, these were POLi's identical spoofs or mirrors of the actual site, which captured the security details and logged on to the site on behalf of the customers to complete the transaction.
"Note that these are not our secure websites and we are unable to audit the security of the POLi service," the bank said in a statement today, adding "we are not associated with, and have never endorsed, POLi".
The bank has requested POLi immediately remove their unauthorised mirror sites.
POLi is a popular payment intermediary, which allows customers to make payments online and through various websites without handing over their credit card details.
It also provides online payment services for customers who don't own credit cards.
The site is affiliated with about 30 partner companies in New Zealand and Australia, including Jetstar, Virgin Australia, Flight Centre Australia and CMC Markets to name a few.