Caswino Promo

POLi-enabled gaming platforms and software


1) Key thesis

POLi connects at the cash register level (payment gateway/orchestrator), and not at the game provider level.
Whether the site supports POLi is determined by the payment integration of the casino platform, and not by those whose slots (NetEnt, Pragmatic, Playtech, etc.) are hosted.
Functional coverage of POLi - deposits only. Withdrawal of funds is carried out by alternative methods (bank transfer, cards, wallets).
Jurisdictions: in Australia, POLi operations are discontinued (September 2023), online casinos/slots for Australian customers are prohibited by federal law (IGA 2001); in New Zealand, POLi continues to operate and can be supported by licensed operators.

2) Types of gaming platforms where POLi is technically supported

1. Browser casinos (web client):
  • Support via Hosted Payment Page (HPP) or redirect/app switch to online banking.
  • Compatible with SPA/SSR frameworks (React/Vue/Next/Nuxt) when redirects are correctly configured and the transaction status is returned.
    • 2. Native iOS/Android apps (for NZ):
    • Two patterns: in-app webview (built-in cash register) or app-switch/deep link to a banking application/browser with return to the casino according to the URL scheme.
    • Correct processing of universal links/Android intents and timeouts is required.
      • 3. Desktop clients (rare):
      • Use built-in browser/external redirect. Requires whitelists for callback domains.
        • 4. White-label/turnkey casino platforms:
        • If the platform's payment orchestrator has a connector to POLi and the operator works in NZ, POLi is available out of the box (HPP or server-to-server via API).

        💡Important: game engines and content providers (slots, live casinos) do not dictate POLi support; they are isolated from payment logic.

        3) POLi integration patterns

        Redirect/HPP (most common):
        • The casino sends a request → the user goes to the bank page → authenticates/2FA → returns to return\_ url → the cash desk receives a successful/unsuccessful status.

        Minimum PCI obligations, high stability.
        Server-to-server + customer-redirect (hybrid):
        • The casino server creates a payment session with the POLi provider, the front-end leads the user on redirects; confirmation of status - by webhook.

        Convenient for idempotence and accurate reconciliation.
        The full API approach is rarely used (due to bank authorization, the user still goes to the bank).

        Critical: correct implementation of webhook/notify\_ url, idempotency, re-processing of statuses in case of network failures.

        4) Compatibility with casino software and infrastructure

        Frontend: any modern frameworks; it is important to comply with CSP, correctly configure SameSite/Lax for cookies in the redirect chain.
        Backend: Compatible with generic stacks (Node/Java/PHP/.NET). We need queues for asynchronous statuses, retrays and audit logs.
        Payment orchestrators/gateways: POLi support is determined by the presence of a connector. If the orchestrator has it, the inclusion at the box office is reduced to setting up the merchant and callback-urls.
        KYC/AML/behavioral analytics: independent of deposit method; triggers on the volume/frequency of replenishment work the same for POLi.
        Mobile SDKs: usually not required; it is enough for the app-switch to work correctly and return by deeplink.

        5) UX and Security

        2FA and SCA are on the bank side. The application must keep the cash register session alive until it returns (timeout ≥ 5-10 minutes).
        Anti-CSRF: Before redirecting, generate a one-time state and check it after returning.
        Falls webview: if the user "closed" the banking window, show "resume payment "/" choose another method. "
        Clear statuses: processing → success/fail → next step *; for fail - give alternatives (card, transfer bank, PayID in AU for legal services).
        Reconciliation: conduct a complete reconciliation of transactions by merchant references and bank reports; Store all statuses with exact timestamps.

        6) POLi limitations

        Deposits only. POLi withdrawal is not supported.
        Limits are set by the bank and the operator, not POLi.
        No recurring write-offs. Each payment is manually initiated by the user.
        Dependence on Internet banking availability. Planned bank activities = temporary failures.

        7) Regional features and legal context

        Australia (AU):
        • POLi operations discontinued (September 2023).
        • Online casinos/slots for AU residents are prohibited by the federal Interactive Gambling Act 2001.
        • For legal products (bookmakers, lotteries, etc.) alternatives are used: PayID/Osko, bank cards, Apple Pay/Google Pay.
          • New Zealand (NZ):
          • POLi is functional; licensed operators may offer it at the box office.
          • Requirements: local license, KYC/AML, correct integration of redirect and webhooks, clear limits and responsible play policy.

          8) Platform Owner Checklist (NZ)

          1. Configure return\_ url/notify\_ url, enable idempotency.
          2. Implement retrai webhooks and delayed status desynchronization.
          3. Enable final screens: success/failure/unknown, with CTA (repeat/alternative).
          4. Test scripts: bank cancellation, timeout, communication drop, closed webview.
          5. Register deposit limits in UI and validation on client/server.
          6. Update Returns Policy - Returns are made through an operator, not a POLi.
          7. Prepare operational reconciliation: daily reports, status comparison, manual analysis of disputed payments.
          8. Configure logging (payment\_ id, user\_ id, bank\_ ref, redirect/return time, 2FA result, webhook latency).
          9. Conduct UAT/pentest of payment and audit flows.
          10. Add FAQ to the cashier: "Why didn't the payment go through? , ""Where is the check? , ""What is the limit? ».

          9) What does not affect POLi support

          Set of slot providers/live casinos.
          Site/application framework as such (if redirects/sessions are configured correctly).
          Bonus scheme (activation/promo code) is business logic, not payment infrastructure.

          10) The bottom line

          POLi is a cash register/payment orchestrator integration compatible with web casinos, mobile applications and white-label platforms. It provides quick deposits through a bank redirect and webhooks, but does not support withdrawal and is subject to bank/operator limits. In Australia, the method is no longer used and is not applicable to online slots due to legislation; in New Zealand remains a working solution with correct technical and legal settings.