this post was submitted on 09 Nov 2023
239 points (98.8% liked)

Europe

8324 readers
1 users here now

News/Interesting Stories/Beautiful Pictures from Europe ๐Ÿ‡ช๐Ÿ‡บ

(Current banner: Thunder mountain, Germany, ๐Ÿ‡ฉ๐Ÿ‡ช ) Feel free to post submissions for banner pictures

Rules

(This list is obviously incomplete, but it will get expanded when necessary)

  1. Be nice to each other (e.g. No direct insults against each other);
  2. No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
  3. No posts linking to mis-information funded by foreign states or billionaires.

Also check out [email protected]

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 12 points 1 year ago (3 children)

I could imagine something like an IBAN protocol - open an IBAN link as in iban://AB26374838388 directly with your banking app and auto fill the bank transfer menu. Only add the amount of money you want to transfer.

No idea what other implications that would have e.g. for security though

[โ€“] [email protected] 14 points 1 year ago (3 children)

Oh, add an ?amount=32โ‚ฌ as well as a text=Pizza parameter and you're almost there ...

[โ€“] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

Separate ?amount=32 and currency=Euro to add currency support.

[โ€“] [email protected] 3 points 1 year ago (1 children)

I thought about that, but I think it's actually more error prone, because people might just be setting ?amount=32 and leaving out currency which might lead to unexpected behaviour. Implementors tend to interpret this differently and one app might take the default currency and the other might fail to accept it, and that kind of different behaviour is a common source of security issues. Having a single unified parameter that must always contain the value and currency "solves" that issue.

[โ€“] LufyCZ 1 points 1 year ago

Makes it a bit more annoying to parse, though I definitely see your point.

However, you're still proposing a standard: "has to include both the currency and the amount in the parameter", so why not split them up at that point?

[โ€“] [email protected] 2 points 1 year ago

Dammit we've just made UPI

[โ€“] [email protected] 1 points 1 year ago (2 children)

Idont't think that's a good idea, too many peoplr quickly pressing pay and then they tealizef only afyer paying thay there's an extra 0

[โ€“] [email protected] 4 points 1 year ago (1 children)

There's still plenty of steps that your bank app can (and will) take to verify this is as intended. Requiring the user to "parse" the URI is not scalable anyway, the app needs to present the information clearly (i.e. "Do you really want to transfer 123.45โ‚ฌ to IBAN abcd, you have not transferred money to this IBAN before, the IBAN indicates a bank in " where the money amount is clearly highlighted).

[โ€“] [email protected] 1 points 1 year ago

I agree, still having to input the money manually is the best failsafe, how many people are used to just automatically hitting whatever button to make a message go away for example (even more with the cookies), best failsafe is inputting the money manually, you'd never mistakenly/automatically do that.

[โ€“] [email protected] 2 points 1 year ago (1 children)

You know, it's good to put failsafes and all, but at some point it's just PEBKAC.

[โ€“] [email protected] 2 points 1 year ago

Ah yes, PEBKAC, the most common error after ID-10T.

[โ€“] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)
[โ€“] [email protected] 3 points 1 year ago

True, my bank also supports this. I already saw QR-Codes on some invoices but never used it... will try it out next time.

[โ€“] [email protected] 1 points 1 year ago (1 children)

Main problem I see is that as it stands it's insanely easy to forge a SEPA mandate. Ever had to fill one out? It's literally just a piece of paper saying "I, John Doe, allow XXX to take money for services rendered from my acount AB1234. [signature]". The wonder of legacy processes built for companies with fax-based workflows...

I believe only some "trusted" commercial customers are authorized to turn in SEPA mandates (I know my ISP went into some bankruptcy proceedings and lost their ability to use their SEPA mandates for instance), but still, that makes me somewhat wary about who I give my IBAN to. I'd certainly not put it up online for anyone to see.

[โ€“] LufyCZ 2 points 1 year ago

Didn't know it was this simple, that's stupid.

I believe though that in today's day and and of banking apps this should be very easily solvable with inapp confirmations

Let's hope the old way dies