Yeah. It’s really a UI issue at this point. Just a simple frontend to facilitate SEPA transactions to contacts (which could just be a simple Name -> IBAN map stored locally)
I could imagine something like an IBAN protocol - open an IBAN link as in iban://AB26374838388 directly with your banking app and auto fill the bank transfer menu. Only add the amount of money you want to transfer.
No idea what other implications that would have e.g. for security though
I thought about that, but I think it’s actually more error prone, because people might just be setting ?amount=32 and leaving out currency which might lead to unexpected behaviour. Implementors tend to interpret this differently and one app might take the default currency and the other might fail to accept it, and that kind of different behaviour is a common source of security issues. Having a single unified parameter that must always contain the value and currency “solves” that issue.
Makes it a bit more annoying to parse, though I definitely see your point.
However, you’re still proposing a standard: “has to include both the currency and the amount in the parameter”, so why not split them up at that point?
Main problem I see is that as it stands it’s insanely easy to forge a SEPA mandate. Ever had to fill one out? It’s literally just a piece of paper saying “I, John Doe, allow XXX to take money for services rendered from my acount AB1234. [signature]”. The wonder of legacy processes built for companies with fax-based workflows…
I believe only some “trusted” commercial customers are authorized to turn in SEPA mandates (I know my ISP went into some bankruptcy proceedings and lost their ability to use their SEPA mandates for instance), but still, that makes me somewhat wary about who I give my IBAN to. I’d certainly not put it up online for anyone to see.
Yeah. It’s really a UI issue at this point. Just a simple frontend to facilitate SEPA transactions to contacts (which could just be a simple Name -> IBAN map stored locally)
I could imagine something like an IBAN protocol - open an IBAN link as in iban://AB26374838388 directly with your banking app and auto fill the bank transfer menu. Only add the amount of money you want to transfer.
No idea what other implications that would have e.g. for security though
Oh, add an
?amount=32€as well as atext=Pizzaparameter and you’re almost there …Idont’t think that’s a good idea, too many peoplr quickly pressing pay and then they tealizef only afyer paying thay there’s an extra 0
You know, it’s good to put failsafes and all, but at some point it’s just PEBKAC.
Ah yes, PEBKAC, the most common error after ID-10T.
Separate
?amount=32andcurrency=Euroto add currency support.I thought about that, but I think it’s actually more error prone, because people might just be setting
?amount=32and leaving outcurrencywhich might lead to unexpected behaviour. Implementors tend to interpret this differently and one app might take the default currency and the other might fail to accept it, and that kind of different behaviour is a common source of security issues. Having a single unified parameter that must always contain the value and currency “solves” that issue.Makes it a bit more annoying to parse, though I definitely see your point.
However, you’re still proposing a standard: “has to include both the currency and the amount in the parameter”, so why not split them up at that point?
There’s a standard that does this in form of a QR code: https://en.wikipedia.org/wiki/EPC_QR_code
Main problem I see is that as it stands it’s insanely easy to forge a SEPA mandate. Ever had to fill one out? It’s literally just a piece of paper saying “I, John Doe, allow XXX to take money for services rendered from my acount AB1234. [signature]”. The wonder of legacy processes built for companies with fax-based workflows…
I believe only some “trusted” commercial customers are authorized to turn in SEPA mandates (I know my ISP went into some bankruptcy proceedings and lost their ability to use their SEPA mandates for instance), but still, that makes me somewhat wary about who I give my IBAN to. I’d certainly not put it up online for anyone to see.
Didn’t know it was this simple, that’s stupid.
I believe though that in today’s day and and of banking apps this should be very easily solvable with inapp confirmations
Let’s hope the old way dies