>Yes, I've spoken to them. They don't see an issue.
This is exactly why the PCI Security Standards Council is a thing. They need to have someone straight up tell them something at least as serious as "fix this, or we will no longer take your credit card payments". Honestly, it's better off being "we aren't taking your credit card payments, you should know better. Fix this and go through a security audit and we might reinstate you".
But this isn't a credit card payment. This is for direct debit.
I've sadly seen all sorts of stuff spring up around this in australia, like https://polipayments.com/Buy (which e.g. is one of the only ways a normal person can pay for a jetstar flight without a credit card surcharge)
What's wrong with just sending money from your acct# to their acct# with a reference number/code to identify that transaction as you, other businesses work this way (such as my power and phone bills from diff. companies), but the NZTA for example requires me to use either a credit card (which is fine) or POLi, which is garbage.
"no one can see your bank details" it says on https://www.polipayments.com/security which is a fraudulent claim, yeah the hell you can, its being sent to your server, not my bank, this is crazy. It also says they don't cache anything -- all kinds of criminals claim they're up to no harm. POLi says they're up to no harm, why should I believe them? There is NO EXCUSE for using POLi vs. just paying with your bank, if a business offers POLi and not bank transfer directly or a credit card, i would never even remotely entertain doing business with them. NZTA is not a business though, it's a government agency. You can do it in person though (transfer ownership of a car for example), or by CC, so whatever, I don't understand who would ever use POLi, the naive? Hopefully they go bankrupt in the near future.
It is for a credit card payment - the article mentions they paid via AmEx, their card was charged, and then a day later the website asked them to provide the login to their AmEx account as proof that they are the card holder. (Some/many AmEx cards come direct from AmEx itself, not via a bank.)
It appears that AmEx offers both, I have a credit card Amex via my bank that has both a spending limit & doesn't have to be paid off each month (though I always do anyway). But I learned something today, thank you!
American Express offers something like 30+ products (there's like six versions of the Platinum card alone). Some are charge cards and some are credit cards, they offer a wide variety of both.
Fun fact, they have a limit to how many credit cards you have have with them (6?) But no limit on the number of charge cards they will issue you.
That's excluding AMEX cards issued by third parties.
This is exactly why the PCI Security Standards Council is a thing. They need to have someone straight up tell them something at least as serious as "fix this, or we will no longer take your credit card payments". Honestly, it's better off being "we aren't taking your credit card payments, you should know better. Fix this and go through a security audit and we might reinstate you".