Online card payments still suck(fynbos.app) |
Online card payments still suck(fynbos.app) |
1. https://en.wikipedia.org/wiki/Unified_Payments_Interface
2. ₹10 is roughly $0.12 (as of today).
[0] https://www.frbservices.org/financial-services/fednow/about....
Cred recently added support for adding alias instead of real name. Many UPI apps also associate your phone number automatically to your UPI ID so you are handing out your phone number whenever you pay.
Sweden has Swish [2] since 2012 which is more limited in scope than UPI and very similar to Pix.
It makes life very easy, I do have some reservations on privacy with this kind of centralisation of financial transaction though.
Everything is wrong with that system, and yet credit card companies don't seem to have sufficient incentive to fix it. And yet they have too much power outside Netherland for anyone to introduce a better alternative.
[0] Lego! Why do you not support iDeal? If Steam can do it, so can you.
I am sure tons of doctors' offices, hotels, online businesses, daycares, etc have my hand written card number and CVC code or whatever laying around, but even if someone did use it fraudulently, I would just click the dispute button on the transaction and I assume I would not hear about it again.
When I buy something, I just have to scan the QR code with my banking app and authorise the payment, and that's it.
And sometimes it may go unnoticed for a while, and it happened to me at least once.
Everywhere else the banks have forced poor UX onto merchants in the name of shifting liability and improved security.
This is why the US rolled out chip cards with a signature while everyone else has been using chip and PIN for years.
I doubt iDeal is much harder to support than other payment systems, so the only reason not to support it is because they don't really consider Netherland an important market. I don't care about Amazon ignoring us, but I'm a bit disappointed about Lego.
I believe you need to sign up with a Dutch acquirer/CPSP to get iDEAL payments sorted out, so there is an entry barrier for many international shops to accept iDEAL payments. This is pretty much the same for other payment providers such as CB, UPI, LankaQR, even AliPay too, so that effort is probably worth it.
I’ll pay the credit card transaction fees. Peace of mind.
Apparently because the commission is sky high. In other parts of the EU that's been regulated and I can buy as low as two apples with a credit card.
If you're a tourist in NL, bring cash.
Quite quickly this system was adopted by small companies before it was made official and they quickly introduced a user to company variation, a tad costly but the ease of just scanning a QR-code to pay has made it a hit (The QR code always has a recipient, optionally with a sum and infotext also I think).
Many countries in Europe and Asia have much better payment solutions than the states.
Sadly you are correct that the mentality of the browser vendors is VERY card (and US) centric so accommodations for other payment methods get very little attention.
This is not a fault of the working group participants who have tried to push for everything from iDEAL to crypto but in the end it's pretty clear we're heading for a wallet-dominated world and we all know who those wallets will come from unless we push back.
Please don't be ridiculous, I understand you have to instill fear in the people reading this for them to use your service, but the security of what you described before to today has improved by orders of magnitude:
- I'm going to guess no HTTPS 20 years ago (it was formally specified 22 years ago).
- Merchant employee has access to the raw data of your credit card. Lowest paid one probably, since it's manual data entry.
- Send this data using email, which is not secure neither at the sending point, receiving point or transportation.
- To the ordering service, again a lowly paid employee with access to the raw credit card data.
- In none of these points, except the first, the payment amount was confirmed/verified by the client.
- At none of these points the author of the order is verified to be the legit owner of the card.
Today, sure it's still complex, but we basically have 2FA, card tokenization, client verification of payments, forced HTTPS, etc. which remove all of the insecure points mentioned above.
Disclaimer: I recently joined Stripe, opinions my own though ofc
Cards should've been deprecated as a payment method long ago.
Brazil's Pix, Netherlands's iDEAL, Poland's BLIK, etc, are all better payment methods that follow a push model (i.e., the customer actively confirms the purchase on their phone) instead of pull model (i.e., I send my card details to the store and it forwards it to the card network).
I really hope the EU gets its shit together and moves forward with TIPS[0]. I would love for this to become a requirement for all banks in the Eurozone.
[0] https://www.ecb.europa.eu/paym/target/tips/html/index.en.htm...
At least the credit card networks achieved some degree of industry standardization. I can pay with my freaking phone and it requires my fingerprint to validate the payment. I'm not clear what lack of convenience you're referring to
By the way, most countries still have cash. What is important, because the credit card network is known for going offline once in a while.
Some card issuers don't require it done via a phone if that's important for you.
And some (looking at you, DBS) toggle seemingly at random between requiring it via SMS or via their mobile app.
It seems like this is something to do with changes in 3DSecure; what's frustrating so much is that noone can provide me information what's going on, it's simply doesn't work.
Unless I missed a paragraph, the author never describes and ideal alternative.
The issue I have is that we've taken 20 years to find a better alternative than raw card data in Web forms and as a result we're gonna be stuck with a choice of only those 2 wallets when we could have a had wallets as diverse as websites if we'd been able to work together on a solution that was appropriate to the Web platform.
I get that I/we have ceded control of funds flows to card networks like Visa and processors like Stripe. Even if I didn’t work for Stripe, I would be okay with this as a merchant due to the convenience.
What am I missing? What do you envision is better for consumers and/or merchants?
Stripe would have been good in the first years of internet commerce, now it is outdated, worse, it's dangerous
To make a payment, because my web wallet is already linked, I just select which wallet I want to make a payment from. No need to type out my credit card number. Apple pay has some of the similar convenience, but that's vendor locked and a dead end.
Consumers can keep using their tokenized credit cards, debit cards, etc, but their money would be moved using the bitcoin time chain, instead of hundred of CSV files.
Why haven't the W3C participants even mentioned bitcoin for standardizing web payments? I believe it's because of politics and business. Bitcoin can't be controlled and manipulated and it's not an easy truth to swallow. I hope this changes.
It doesn't necessarily need to. The other solutions are dependent on fixing the existing financial system, while the premise behind cryptocurrencies like Bitcoin is to outright replace the existing financial system. Bitcoin, in other words, offers a path to deprecate and phase out the old systems entirely.
Whether that'll actually happen is pretty uncertain, to say the least, but it's a possibility that other solutions generally lack.
Also, don't forget that 2FA etc are not ubiquitous, especially not in the US.
As I implied, PCI DSS is lipstick on a pig. We could have done much better in the last 20 years. Now Apple and Google are doing it for us and we won't have any choice but to get further locked into their walled gardens.
Apple and Google pay I feel like will somehow get stuck in the USA, I'm from Spain and I can def not see how, seeing how convenient payments are over there, they will get any meaningful penetration. It's funny because every year that I've come back to Spain (now I live in Japan) there's been a totally different but more convenient way of payments there. I need to write about it some day. Like, I'm the last person who expected payment methods would have a 1-year turnaround in the "old school" country of Spain! But somehow it happened, and that while not locking foreigners out (which is common e.g. in Japan, where you have all these "strange" payment methods that are inscrutable for tourists).
So while it became a formal specification in 2000, browsers where already supporting it at the time.
Currently it's about $0.85 USD to send ETH or $2.50 USD to send ERC20[1]. Most people will suggest not using a L1 as a payment system, but instead something application-specific like a rollup or state channel. In Ethereum those will be in the range of 5 - 20 cents per transaction[2], and may be much lower after EIP-4844[3].
Other non-Ethereum blockchains and L2s have similar range of low fees.
Cheaper payments can be sent on a zero-knowledge Layer 2 like starknet or zksync. Beta services but usable (except the whole on-ramp off-ramp part). Once sharding is implemented, fees are likely to drop to sub-cent levels.
Ideally payments would be anonymized on a privacy-preserving L3, but I don’t think those exist yet
I'm talking about Bitcoin with The Lightning Network.
Most payments I make over Lightning, regardless of size, carry a fee of fractions of a cent. On an average day I make 50+ payments over lightning - on aggregate the fees add up to less than $.01
I like where your head's at but the fact that it's possible to do an overthrow of the system if you have 51% of the miners worries me.
You may want to look into this further as it is fascinating. For example, a theoretical reorg to unspend or respend your own transaction does not allow signing transactions for others.
Centralized systems are much easier to capture and historically always are.
A 51% attack on Bitcoin/Lightning isn't impossible, but incredibly unlikely.
https://www.swanbitcoin.com/fact-check-darpa-funded-report-o...
All people have used for it is gambling, speculation and ruining the planet.
Nobody, not even merchants are using Bitcoin for payments.
The amount of transactions the Bitcoin blockchain handles does not impact how many transactions can be done in Bitcoin via higher layers like the Lightning Network.
I think the reason is that secure and trustless payment methods are a new thing that only came up a few years ago, and nothing like it existed before in the history of mankind.
There have been higher layers like banknotes that "represented" gold, but it always involved trust to use them.
With cryptographic solutions like Bitcoin+Lightning, no trust is needed anymore.
I am pretty sure that contactless payments around here do all support credit cards btw as AFAIK that's how Apple Pay and Google Wallet work, but I haven't tried it much.
Either way, we never had credit cards in the Netherlands (they exist, but aren’t popular). The predecessor to iDEAL was the paper ‘acceptgiro’ [1]. The big difference there is that that was a postpaid scheme (you’d receive the acceptgiro along with your goods, fill and sign it, and send it to your bank to be processed).
Presumably if you're initiating an online purchase, you have access to WiFi?
The card issuer can send you a one time link to a web portal by email or using an iframe, where you log in and confirm the transaction.
Account transfers are much faster as well, which is true for most (all?) SEPA countries. I know the US is actively working on a faster/cheaper transfer system but realistically that is still 5+ years away for most consumers.
I keep hearing about these horror stories but I've only actually experienced it once, years ago in mainland China.
I (also a US citizen) moved back to Europe this summer and opened accounts in both DE and NL; I only had to provide my passport, SSN, and proof of address and I was good to go.
Am I just preternaturally lucky, or what?
Second, I dutifully listened to the employees who tried to tell me to sign up via the various apps. I went in person to the ABN bank building in Eindhoven where a lady at the front gave me a business card to call a phone number with a disconnected line to attempt to open an account.
Third, I listened to the Reddit when they said Bunq had severely declined in quality and just coming off of Simple in the USA, I was hesitant to join a neobank in a new country with no physical presence should I have a problem that needed to be solved immediately.
Finally, I was not totally aware of FACTA and what that meant for me as a customer. I eventually created an account at the Regiobank in my small village, but I didn’t know about the requirements so my account was delayed for use for two weeks while they manually updated my details.
Consequently, after the shitshow at ABN, I walked down the street to ING and was able to make an appointment for the next day. However, because INGs entire sign up is app driven now, I was left without a login because I signed up in person due to the FACTA requirement. I’ve requested the login to be reset and mailed to me twice (an option they offer, I assume for old folks) and I still can’t access my account online or in the app. I opened the account in mid-September.
So yeah, some of it was my fault, but as far as ING and ABN are concerned, it’s pure incompetence.
Did you chose a bank that has an international footprint (and would be forced to comply to FATCA sooner or later)? I'm not shocked about it. It is indeed true if you want to use a more local bank though. I heard that most neobanks in Asia (which tend to have higher interest rates) forbid US persons (as defined in FATCA) because they're focused on locals and don't want the overhead of FATCA compliance.
So there's no misconception. Bitcoin is as slow as ever, and handles very few transactions. It's other layers that provide more transactions. They store those transactions and then dump it in a batch to blockchain.
Congrats. You've invented batch transactions. Something that traditional banking systems has been doing since the middle ages.
> secure and trustless payment methods are a new thing that only came up a few years ago, and nothing like it existed before in the history of mankind.
Very doubtful. All that crypto space has invented so far has been known to mankind for generations (and in some cases for millenia). Moreover, for actual usefulness you need trust and enforcement, none of which are provided by crypto.
> With cryptographic solutions like Bitcoin+Lightning, no trust is needed anymore.
Except, you know, when I order something on Amazon, I expect the goods I ordered to actually arrive, so I trust Amazon, trust the seller, trust the postal service etc. to deliver this to me.
And if the goods don't arrive? I trust my bank to revert the transaction.
How much resources are used to produce something is determined by the value of that something. At the moment, about $6B worth of Bitcoin is mined per year. So roughly $6B of resources are used to mine Bitcoin. About half of it is hardware and half of it is energy.
At the same time, about $150B of gold is mined every year. So roughly $150B of resources are put into gold mining. Energy, dynamite, melting, transportation etc. The use of these resources is just as "bad" for the climate.
So if you wanted to do something for the climate, going against gold mining would be more than 20x more effective than going against Bitcoin mining.
Additionally, the production of Bitcoin is halving every 4 years. While the production of Gold will go on indefinitely.
How much resources are used to produce something is defined literally by How much resources are used to produce something.
> about $150B of gold is mined every year. So roughly $150B of resources are put into gold mining.
Kid. Go and read something about a thing called "Value added".
> So if you wanted to do something for the climate, going against gold mining would be more than 20x more effective thatn going against Bitcoin mining.
No, it wouldn't.
Bitcoin can't compete with that.
Even if tomorrow nobody accepts gold you can still use it in electronics and such.
When he asked if I was talking about ETH, I told them I wasn't.
You're hijacking a thread to push your form of maximalism.
Would you like to discuss the differences between ETH/Altcoins and Bitcoin/Lightning? Or would you rather just label me a maximalist to dismiss the claim?
You must go through an exchange which is subject to the same KYC and anti-money-laundering regulations as a bank. So it's not actually any easier. After all, banks can also create any number of additional accounts for you in their internal system once you're a customer.
Bitcoin ATMs exist. From what I can make out (IANAL), KYC / anti-money-laundering regulations mostly kick in for turning cryptocurrency into fiat rather than the other way around - which is probably why most Bitcoin ATMs are "buy only".
Hello, my name is money laundering.
Why do you think the bank has those "requirements"? Do you think they just hate their customers, or do you think the government enforces this regulation onto the banks to prevent money laundering? Because it's definitely the latter.
... and it's already coming for crypto.
If the merchant charges extra for credit card purchases, then it becomes something to consider.
Yes and no. Neobanks weren't a thing when I was getting settled in Asia (I think Simple launched in the US ~two years after I landed), but I use Bunq - which, as far as I know, has no US operations - in NL and my local Sparkasse in DE.
Yes. Most people seem to blame FATCA, but while it's a pain in the ass for me personally, no bank I've ever used has blinked at it. They just ask for my SSN and a declaration of tax residency and move on.