Typically the payment process is be managed by a dedicated payment gateway through an iframe and not the merchant so it should in principle be slightly more secure than it looks. Someone mentioned Poli, one such gateway in Oz.
As being shut down is a genuine business risk they strive for legitimacy - id be surprised if it was in-country and operating without at least tacit agreement of banks. Even slow moving banks could counter against this type of browser automation technically - not to mention legal action. No large merchant would fancy negative security related PR either.
Honestly speaking - the payments industry is full of hacks like this. Look at US p2p systems built on ACH refunds. Or using 3D Secure for identity verification. Or processing pre-auths of 1 cents and rolling back to add a card to a wallet.
Banks are slow and competitive, schemes are just slow, central banks often take a wait-and-see approach. When they get their act together systems like this tend to be replaced or evolved into more sensible and durable solutions - but that can take awhile.
And in the meantime everyone tries every avenue possible to reduce fees or provide a better UX (in this case at the expense of consumer protection).
As being shut down is a genuine business risk they strive for legitimacy - id be surprised if it was in-country and operating without at least tacit agreement of banks. Even slow moving banks could counter against this type of browser automation technically - not to mention legal action. No large merchant would fancy negative security related PR either.
Honestly speaking - the payments industry is full of hacks like this. Look at US p2p systems built on ACH refunds. Or using 3D Secure for identity verification. Or processing pre-auths of 1 cents and rolling back to add a card to a wallet.
Banks are slow and competitive, schemes are just slow, central banks often take a wait-and-see approach. When they get their act together systems like this tend to be replaced or evolved into more sensible and durable solutions - but that can take awhile.
And in the meantime everyone tries every avenue possible to reduce fees or provide a better UX (in this case at the expense of consumer protection).