What Is Account2Account
Account2Account is an online payment service developed by payments company Windcave.
It is designed to be an alternative payment option to credit cards, and allows the merchant to receive payments from customers directly into their bank accounts.
Usually there are no fees charged to the customer, as it is no different to making a standard internet banking payment.
The reason Account2Account is helpful to both merchants and customers is it removes the need to wait 1-2 business days for the internet banking payment to clear. Because you log in to your internet banking via the Account2Account portal, it confirms the payment instantly with the merchant, meaning they can start to send/deliver your purchase immediately.
How Does Account2Account Work?
Whenever you want to make a purchase online, select the Account2Account payment option.
For example, here is the Account2Account screen for an order at The Warehouse:
You will be asked to select your bank and then to log in to your internet banking account.
Then you will be guided through making an internet transfer to the merchant.
Once the payment goes through, the merchant is notified that the payment has succeeded and can start processing your order right away.
That's it - your payment is complete.
Costs Involved With Account2Account
One the reasons POLi has become more popular is because it doesn't require any fees.
Bank transfer is a popular option for payments within online shopping, but the issue is the payments take too long to clear.
Usually you need to wait 2 or 3 business days before it goes through and the merchant confirms it on their side.
Account2Account gives you the advantage of paying by free bank transfer, but with instant confirmation.
Is Account2Account Safe?
Account2Account assures both merchants and customers that all sensitive data is processed securely and no usernames or passwords are stored or even captured on their servers.
For this reason, they say the service is completely safe.
However, several of NZ banks feel differently.
ASB has publicly stated on their website they do no support customers using Account2Account.
Kiwibank is another NZ bank that advises its customers not to use Account2Account.
ANZ has also publicly stated that it does not endorse its customers to use Account2Account.
The reason for this is quite obvious if you have actually used Account2Account.
You are required to enter your internet banking username and password within the Account2Account payment window, which is obviously against your intuition when it comes to safety.
Banks are very clear that you should NEVER give your internet banking details to anyone, no matter how trustworthy they may seem.
Some bank have even warned it is against their internet banking terms and conditions to share your internet banking details, meaning you may jeopardise your ability to claim fraud protection or compensation in the event your bank account is compromised.
This leaves customers like you and me in an interesting position.
The convenience of services like Account2Acccount is great, but banks say don't use it.
So what do we do?
How To Use Account2Account (More) Safely
In my personal opinion, I think using Account2Account isn't necessary.
Simply pay by credit card, and where there is a surcharge, pay by bank transfer.
However, if you want to utilise the convenience of POLi, there are a couple of things you can do to mitigate your risk.
Change your password
After you enter your internet banking details, change your password as soon as the transaction has been made.
This should go a long way to protecting your account.
While Account2Account could potentially still have your username, at least your password is now secure again.
You should do this after every purchase using Account2Account.
Have a separate bank account
If you use Account2Account regularly, consider opening a new bank account just for that specific purpose.
Most NZ banks offer a free checking account, so this shouldn't cost you anything extra to do this.
Open a new account at a different bank, so it's completely detached for the rest of your banking. Keep only a limited amount of funds in it, so in the case it does get compromised, you won't lose a lot.
This is much safer than using your regular bank account which is tied to all your savings and investments.
Even though the above may still not appease your bank, it should be enough to use Account2Account safely with minimal risk.
I'm puzzled by the advice of ANZ, ASB & Kiwibank re not to use Account2Account.
I can understand their reservations about Poli which uses screen scraping to 'spoof' the banks' web pages.
However Account2Account uses the banks' own published APIs to enable user log on, retrieve the account list and enter the payment details.
They also validate that Windcave itself is allowed to invoke the APIs in the first place.
Why would they publish APIs, allow 3rd party access to them, and then advise their customers not to use them?