Re: [dev] Suckless e-comerce script proposal

From: Jochen Sprickerhof <>
Date: Thu, 22 Sep 2016 16:21:31 +0200

* Bobby Powers <> [2016-09-22 09:57]:
> Are you saying that doing wire transfers in Europe is common, or doing
> wire transfers to pay for online goods?

It's common for both.

> I'm glad to hear it is less
> of a horrendous experience, but it still feels like a suck idea to
> make customers jump through an additional hoop on their own, and
> expect them to correctly (and without error) copy/paste the correct
> amount from the order confirmation into a bank transfer form. If you
> suggest writing a script to automate this: it is suck to suggest
> customers write software to uniquely interact with your web site.

I think it's a security feature and I wouldn't want to write software
for that. As long as I initiate the transmission, I'm in control of my
account. Otherwise I have to check every transmission for validity.

* Kamil CholewiƄski <> [2016-09-22 16:09]:
> In Poland, on most online shopping services, you click "pay with bank
> transfer" at the checkout. Click the logo of your bank, get a redirect
> to the bank's online transaction service, type in your user&pass, review
> the transaction, get an SMS with one-time code to confirm it, and click
> OK. It's marginally more complicated than typing the CC number and
> infinitely more secure (MFA, one-time codes are all standard). Transfers
> are instant, you usually get the goods the next day.

I would never do that. Having lot's of JS fiddling around in my bank
account sounds scary. Also, any TAN system (be it SMS or whatever) is
broken by design (and there are reports for people exploiting it for all
of them).

Cheers Jochen

Received on Thu Sep 22 2016 - 16:21:31 CEST

This archive was generated by hypermail 2.3.0 : Thu Sep 22 2016 - 16:24:12 CEST