We Indians take it for granted, but UPI[1] is a brilliant system. We make payments for something as small as ₹1 if needed. Transaction of ₹10[2] for a cup of tea is a very regular and ordinary happening.
Cred recently added support for adding alias instead of real name. Many UPI apps also associate your phone number automatically to your UPI ID so you are handing out your phone number whenever you pay.
I'm still disappointed every time I try to order something at a webshop and they don't support iDeal[0]. That's how online payment should work. Of course it's only a Dutch system, so it's not going to be supported by all international webshops (although Steam does), but if anyone has the scope to introduce a more secure form of online payment, surely it's Visa and MasterCard? Why don't they introduce an iDeal-like payment protocol that the whole world can use? Why do I still have to type those 16 numbers into a web form, when the banking app on my phone already knows what those numbers are? Why does anyone else need to know those numbers, and why are those numbers enough to authorise payment?
Everything is wrong with that system, and yet credit card companies don't seem to have sufficient incentive to fix it. And yet they have too much power outside Netherland for anyone to introduce a better alternative.
[0] Lego! Why do you not support iDeal? If Steam can do it, so can you.
Why should I care about credit card security? I have zero liability, and in 17 years of using them, I maybe had to ask the bank to issue a new credit card number once, and that would have been many years ago.
I am sure tons of doctors' offices, hotels, online businesses, daycares, etc have my hand written card number and CVC code or whatever laying around, but even if someone did use it fraudulently, I would just click the dispute button on the transaction and I assume I would not hear about it again.
The Netherlands have iDeal, India has UPI, Brazil has Pix, Switzerland has Twint, there are quite some solutions for easy and simple payments floating around. Next step is to figure out how to integrate all these for international payments.
Yeah, we had an overwhelming majority of Dutch users using iDEAL to a point that we didn't see any decrease in sales when we had our credit card payment gateway down.
I believe you need to sign up with a Dutch acquirer/CPSP to get iDEAL payments sorted out, so there is an entry barrier for many international shops to accept iDEAL payments. This is pretty much the same for other payment providers such as CB, UPI, LankaQR, even AliPay too, so that effort is probably worth it.
No. iDeal sucks. No insurance. Go read on some Dutch websites where they discuss online purchase issues. First question they ask: paid with credit card? Open dispute. Paid with iDeal: much harder as they have your money. If they’re not associated with some kind of governing body your only recourse is a lawyer.
I’ll pay the credit card transaction fees. Peace of mind.
In Poland, we have this wonderful system called BLIK. You provide nothing except a single-use 6-digit code, then you confirm the payment in your bank's mobile app. It works in online payments, physical stores and ATMs, it supports bank transfers using just a phone number, and recently it's been upgraded to support contactless payments as well https://en.wikipedia.org/wiki/Blik
Sounds a lot like Swish in Sweden (and I think Vipps in Norway). It basically started as a user to user system that works by tying a persons phone-number so you can send momey to anyone you have a phone-number for.
Quite quickly this system was adopted by small companies before it was made official and they quickly introduced a user to company variation, a tad costly but the ease of just scanning a QR-code to pay has made it a hit (The QR code always has a recipient, optionally with a sum and infotext also I think).
It's odd that confirmation systems like you mention are almost never used in the US for ordering. Seems like that would solve the problem of delivery drivers stealing your food or iPhone.
It's actually about what is supported natively in Web browsers and what the vendors of those browsers have done to make it better.
Sadly you are correct that the mentality of the browser vendors is VERY card (and US) centric so accommodations for other payment methods get very little attention.
This is not a fault of the working group participants who have tried to push for everything from iDEAL to crypto but in the end it's pretty clear we're heading for a wallet-dominated world and we all know who those wallets will come from unless we push back.
> "The security of your card details is only marginally improved"
Please don't be ridiculous, I understand you have to instill fear in the people reading this for them to use your service, but the security of what you described before to today has improved by orders of magnitude:
- I'm going to guess no HTTPS 20 years ago (it was formally specified 22 years ago).
- Merchant employee has access to the raw data of your credit card. Lowest paid one probably, since it's manual data entry.
- Send this data using email, which is not secure neither at the sending point, receiving point or transportation.
- To the ordering service, again a lowly paid employee with access to the raw credit card data.
- In none of these points, except the first, the payment amount was confirmed/verified by the client.
- At none of these points the author of the order is verified to be the legit owner of the card.
Today, sure it's still complex, but we basically have 2FA, card tokenization, client verification of payments, forced HTTPS, etc. which remove all of the insecure points mentioned above.
Disclaimer: I recently joined Stripe, opinions my own though ofc
I think you miss the point that card payments should never have evolved to still require us to type sensitive data into a web form at all.
Also, don't forget that 2FA etc are not ubiquitous, especially not in the US.
As I implied, PCI DSS is lipstick on a pig. We could have done much better in the last 20 years. Now Apple and Google are doing it for us and we won't have any choice but to get further locked into their walled gardens.
Took a quick look and SSL was 1994, so going on 30 years. Formal specification may have taken a bit longer, but I definitely remembered using SSL in the 90's.
Cards should've been deprecated as a payment method long ago.
Brazil's Pix, Netherlands's iDEAL, Poland's BLIK, etc, are all better payment methods that follow a push model (i.e., the customer actively confirms the purchase on their phone) instead of pull model (i.e., I send my card details to the store and it forwards it to the card network).
I really hope the EU gets its shit together and moves forward with TIPS[0]. I would love for this to become a requirement for all banks in the Eurozone.
That's all great till you don't have network, or you're abroad and need to shell out a $15 roaming day pass to pay for a freaking croissant. No thanks.
At least the credit card networks achieved some degree of industry standardization. I can pay with my freaking phone and it requires my fingerprint to validate the payment. I'm not clear what lack of convenience you're referring to
The government can always make it worse. The EU removed my prepaid card simply because I refused to get a phone for it which was expected to receive some sort of permission for each transaction.
Unpredictability of international online card payment is painful. Up until March, most if not all the transaction to Japan were working. Two out of three cards I regularly stopped working on March, and one card still works, except it get flagged at EVERY SINGLE instance of these purchase that I actually have to call the issuer to get it unblocked for transaction. (Doesn't matter where it is, doesn't matter how many times I've made purchase from the same vendor.)
It seems like this is something to do with changes in 3DSecure; what's frustrating so much is that noone can provide me information what's going on, it's simply doesn't work.
I’m still not sure what the author thinks sucks about wallets like ApplePay or GooglePay. They are the most convenient options both online and in-person.
Unless I missed a paragraph, the author never describes and ideal alternative.
On the contrary I think both products are excellent.
The issue I have is that we've taken 20 years to find a better alternative than raw card data in Web forms and as a result we're gonna be stuck with a choice of only those 2 wallets when we could have a had wallets as diverse as websites if we'd been able to work together on a solution that was appropriate to the Web platform.
If only there was an instantaneous, nearly free (cost per transaction), opensource, anyone-can-access, infinitely scalable, infinitely interoperable, payment rail that we could start building solutions on top of...
Of course they do, but then again, I may not know, since I have not done ONE in about 6 years, when Paypal lied to me, and they suck worst of all. No more. Thanks.
For a comparison, spend $5 or $10 that was gonna go to a lotto ticket or starbucks coffee and instead, buy an NFT. Just experience the UX of the web wallet system. It's weird, for sure, and unfortunately it's wrapped up in crypto (because of the emotional baggage people have with crypto), but the UX is interesting. Some lessons from there could be applied to online card payments and traditional banking to make them suck less.
If card networks, issuers, acquirers, processors and gateways used bitcoin as their settlement layer, most of the current issues would be automatically solved. They could focus engineering resources on creating better user experiences, anti-fraud, etc.
Consumers can keep using their tokenized credit cards, debit cards, etc, but their money would be moved using the bitcoin time chain, instead of hundred of CSV files.
Why haven't the W3C participants even mentioned bitcoin for standardizing web payments? I believe it's because of politics and business. Bitcoin can't be controlled and manipulated and it's not an easy truth to swallow. I hope this changes.
xml via ftp is used across many industries because these systems are decades old: there are many suitable replacements — the problem is not that there isn’t solutions, it’s that changing old systems is very hard. Bitcoin doesn’t solve that.
Brajeshwar|3 years ago
1. https://en.wikipedia.org/wiki/Unified_Payments_Interface
2. ₹10 is roughly $0.12 (as of today).
smeeth|3 years ago
[0] https://www.frbservices.org/financial-services/fednow/about....
searchableguy|3 years ago
Cred recently added support for adding alias instead of real name. Many UPI apps also associate your phone number automatically to your UPI ID so you are handing out your phone number whenever you pay.
piva00|3 years ago
Sweden has Swish [2] since 2012 which is more limited in scope than UPI and very similar to Pix.
It makes life very easy, I do have some reservations on privacy with this kind of centralisation of financial transaction though.
[1] https://en.wikipedia.org/wiki/Pix_(payment_system)
[2] https://en.wikipedia.org/wiki/Swish_(payment)
rwmj|3 years ago
mcv|3 years ago
Everything is wrong with that system, and yet credit card companies don't seem to have sufficient incentive to fix it. And yet they have too much power outside Netherland for anyone to introduce a better alternative.
[0] Lego! Why do you not support iDeal? If Steam can do it, so can you.
lotsofpulp|3 years ago
I am sure tons of doctors' offices, hotels, online businesses, daycares, etc have my hand written card number and CVC code or whatever laying around, but even if someone did use it fraudulently, I would just click the dispute button on the transaction and I assume I would not hear about it again.
dr_dshiv|3 years ago
soco|3 years ago
Ayesh|3 years ago
I believe you need to sign up with a Dutch acquirer/CPSP to get iDEAL payments sorted out, so there is an entry barrier for many international shops to accept iDEAL payments. This is pretty much the same for other payment providers such as CB, UPI, LankaQR, even AliPay too, so that effort is probably worth it.
WirelessGigabit|3 years ago
I’ll pay the credit card transaction fees. Peace of mind.
nottorp|3 years ago
Apparently because the commission is sky high. In other parts of the EU that's been regulated and I can buy as low as two apples with a credit card.
If you're a tourist in NL, bring cash.
daniel-cussen|3 years ago
[deleted]
wwilim|3 years ago
whizzter|3 years ago
Quite quickly this system was adopted by small companies before it was made official and they quickly introduced a user to company variation, a tad costly but the ease of just scanning a QR-code to pay has made it a hit (The QR code always has a recipient, optionally with a sum and infotext also I think).
bluedino|3 years ago
boring_twenties|3 years ago
silvestrov|3 years ago
Many countries in Europe and Asia have much better payment solutions than the states.
ahopebailie|3 years ago
Sadly you are correct that the mentality of the browser vendors is VERY card (and US) centric so accommodations for other payment methods get very little attention.
This is not a fault of the working group participants who have tried to push for everything from iDEAL to crypto but in the end it's pretty clear we're heading for a wallet-dominated world and we all know who those wallets will come from unless we push back.
jonkoops|3 years ago
[1] https://en.wikipedia.org/wiki/IDEAL
franciscop|3 years ago
Please don't be ridiculous, I understand you have to instill fear in the people reading this for them to use your service, but the security of what you described before to today has improved by orders of magnitude:
- I'm going to guess no HTTPS 20 years ago (it was formally specified 22 years ago).
- Merchant employee has access to the raw data of your credit card. Lowest paid one probably, since it's manual data entry.
- Send this data using email, which is not secure neither at the sending point, receiving point or transportation.
- To the ordering service, again a lowly paid employee with access to the raw credit card data.
- In none of these points, except the first, the payment amount was confirmed/verified by the client.
- At none of these points the author of the order is verified to be the legit owner of the card.
Today, sure it's still complex, but we basically have 2FA, card tokenization, client verification of payments, forced HTTPS, etc. which remove all of the insecure points mentioned above.
Disclaimer: I recently joined Stripe, opinions my own though ofc
ahopebailie|3 years ago
Also, don't forget that 2FA etc are not ubiquitous, especially not in the US.
As I implied, PCI DSS is lipstick on a pig. We could have done much better in the last 20 years. Now Apple and Google are doing it for us and we won't have any choice but to get further locked into their walled gardens.
Retric|3 years ago
So while it became a formal specification in 2000, browsers where already supporting it at the time.
hotpotamus|3 years ago
_trackno5|3 years ago
Cards should've been deprecated as a payment method long ago.
Brazil's Pix, Netherlands's iDEAL, Poland's BLIK, etc, are all better payment methods that follow a push model (i.e., the customer actively confirms the purchase on their phone) instead of pull model (i.e., I send my card details to the store and it forwards it to the card network).
I really hope the EU gets its shit together and moves forward with TIPS[0]. I would love for this to become a requirement for all banks in the Eurozone.
[0] https://www.ecb.europa.eu/paym/target/tips/html/index.en.htm...
charles_f|3 years ago
At least the credit card networks achieved some degree of industry standardization. I can pay with my freaking phone and it requires my fingerprint to validate the payment. I'm not clear what lack of convenience you're referring to
quickthrower2|3 years ago
Am4TIfIsER0ppos|3 years ago
hocuspocus|3 years ago
Some card issuers don't require it done via a phone if that's important for you.
unsignedint|3 years ago
It seems like this is something to do with changes in 3DSecure; what's frustrating so much is that noone can provide me information what's going on, it's simply doesn't work.
clintonb|3 years ago
Unless I missed a paragraph, the author never describes and ideal alternative.
ahopebailie|3 years ago
The issue I have is that we've taken 20 years to find a better alternative than raw card data in Web forms and as a result we're gonna be stuck with a choice of only those 2 wallets when we could have a had wallets as diverse as websites if we'd been able to work together on a solution that was appropriate to the Web platform.
Kukumber|3 years ago
Stripe would have been good in the first years of internet commerce, now it is outdated, worse, it's dangerous
djschnei|3 years ago
tombert|3 years ago
edmcnulty101|3 years ago
I like where your head's at but the fact that it's possible to do an overthrow of the system if you have 51% of the miners worries me.
ForOldHack|3 years ago
fragmede|3 years ago
prezjordan|3 years ago
eraad|3 years ago
Consumers can keep using their tokenized credit cards, debit cards, etc, but their money would be moved using the bitcoin time chain, instead of hundred of CSV files.
Why haven't the W3C participants even mentioned bitcoin for standardizing web payments? I believe it's because of politics and business. Bitcoin can't be controlled and manipulated and it's not an easy truth to swallow. I hope this changes.
phphphphp|3 years ago
rwmj|3 years ago
colesantiago|3 years ago
All people have used for it is gambling, speculation and ruining the planet.
Nobody, not even merchants are using Bitcoin for payments.
andy_ppp|3 years ago