On Thu, 22 Sep 2016 16:09:00 +0200
Kamil Cholewiński <harry666t_AT_gmail.com> wrote:
> In Poland, on most online shopping services, you click "pay with bank
> transfer" at the checkout. Click the logo of your bank, get a redirect
> to the bank's online transaction service, type in your user&pass,
> review the transaction, get an SMS with one-time code to confirm it,
> and click OK. It's marginally more complicated than typing the CC
> number and infinitely more secure (MFA, one-time codes are all
> standard). Transfers are instant, you usually get the goods the next
> day.
>
> However it's very JS-heavy, which is the only part that really sucks.
No, this is pure madness, it's not more secure than the other way
around.
Banks should provide their own APIs + SSO using a common/standard naming
conventions and functionality. That doesn't sucks, the other way it
does.
It's enough a MitM attack or similar exploits to obtain
user, password and other personal details and/or to forge payments that
look like the original one. I know by experience.
This doesn't mean that Poland e-commerce solutions aren't safe, it
just means that you are using the "suck more" solution.
BTW, having a "suck less" e-commerce it's good, but I'm also strongly
convinced that it doesn't belong to suckless.
My 2¢
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT !d s: !a C++ UL++++ P+++ L+++ E--- W+++ N+++ o-- K- w---
O+ M-- V-- PS+++ PE Y+ PGP t+++ 5++ X R++ tv- b+ DI D++
G e+ h---- r+++ y++++
------END GEEK CODE BLOCK------
Received on Thu Sep 22 2016 - 16:50:08 CEST