Sofort banking
-
So apparently this payment method is pretty popular online:
https://www.sofort.com/How it works is: the shop redirects you to a sofort.com page. They ask you for your bank username and authentication details (including any 2FA authentication you might have). They connect to your bank, log in with your account and password, and issue a bank transfer in your name.
right? But on the other hand, PayPal and credit cards can also take money from your bank account if they want, so I guess it's not that different? I'll let you judge.
Anyway I couldn't resist the temptation and actually decided to give it a try. Got this
Gee, thanks for nothing .
-
They ask you for your bank username and authentication details
That can't possibly be real. Can it? It can't, right? Nobody would do that, right?
-
The technical reasons were, "this bank, like all banks, canned our ass the instant they learned we were trying to pull this bullshit".
-
I do hope they're using some kind of API to talk to the bank... and not... web scraping *shudders*
-
I'm entirely convinced that it's a joke. I mean, there's no way they have an arrangement with every bank between Slovakia and Spain. Also, if they only supported specific banks I'd expect them to list those banks somewhere on the site, but they don't - they only list shops that they support.
-
I this . Getting used to handing over your banking credentials to a third party is bound to make everybody happy. By everybody I mean the crooks that are fishing for those.
The funny thing is how you can just cancel the transaction 5 minutes later. But then that's the merchant's problem I guess
-
between Slovakia and Spain
That's not that many banks... But this phrase frightened me:âNorton securedâ powered by Symantec
-
They only support certain banks, but for some reason they don't list them (that reason being they're assholes). If you want to know you have to go to any of those shops, make a fake purchase and pay with Sofort, then you'll get the list.
-
That's not that many banks
I googled a random Czech comparison test of personal bank accounts and it listed 17 separate banks, just for one small country. And I can recall at least one more that doesn't appear there.
âNorton securedâ powered by Symantec
*snort* Yeah, definitely a joke. Please...
-
But on the other hand, PayPal and credit cards can also take money from your bank account if they want, so I guess it's not that different?
Credit cards have chargeback, and as far as I know PayPal can't get money from you other than by charging your card (if you want to do it by transfer, you have to do it yourself). If you share your account credentials and something goes wrong you might have hard time trying to get the money back from the bank.
IOW don't use this.
I'm entirely convinced that it's a joke.
It's been around for quite some time. People are bad at security.
-
Yet I'd say it's the 3rd most supported payment system in Europe, after PayPal and credit cards. Ain't things fun?
-
3rd most supported payment system in Europe
<citation needed>
I never heard of anyone using it.
-
Anyway I couldn't resist the temptation and actually decided to give it a try.
...huh, so did I.
I had a glimmer of hope that it actually uses the bank's mechanism for this stuff - at least in my bank, it's possible for the shop to redirect you to a payment site with all the transaction details pre-filled, so you log in to the bank's website and click "confirm".
But nope, it just gives you a bunch of textboxes and asks you for your account number and password from its own site. At least it does accept the randomly masked password, so I guess there's that?
-
The website even claims that 50% of all Germans who buy stuff on the internet have used it. Based on some poll (apparently) from 2010. I've never heard of it either.
It also doesn't even have a page on EN Wikipedia, only on the German version. As far as I can tell with my nonexistent command of that language, anyway. If it's not actually a joke, it seems to only be popular in Germany.
-
If it's not actually a joke, it seems to only be popular in Germany.
Well, with that name no wonder it isn't popular in Poland.
Filed under: raus, raus
-
Well have you heard of any others? Because I haven't.
I've heard of iDeal which is popular in Belgium and Netherlands but doesn't work anywhere else. SEPA transfers which take days so they kinda suck. Bitcoin which doesn't count. And many other "local" payment systems which are even smaller (and therefore useless).
-
ĂBERWEISUNG!
-
Uh? Only Netherlands not around here.
-
Right, sorry, I read it somewhere and couldn't be arsed to double check :P
-
I know them, they're real. My friend actually used them once. The fun thing is, they not only log into your bank to make the transfer, they also scan your history to determine if your credibility is good enough.
-
"Thank you, your transaction has been successfully sent. We also noticed you could get a new loan at a lower interest rate to pay your previous one, so we did that too, and we canceled the gym subscription you weren't even using you lazy fuck. You're welcome
Be sure to try our new SofortSocial⢠service! Just give us your Facebook login and we'll take care of getting new friends for you."
-
Just give us your Facebook login and we'll take care of getting new friends for you."
But, that will require a client download, to ensure your privacy of course.
-
I do hope they're using some kind of API to talk to the bank... and not... web scraping shudders
Keep shuddering... I have used it two times and the second time it broke when the bank had just updated their interface. Granted, this was a couple of years ago; but API's aren't supposed to break overnight though.
-
How something like this would get a PA DSS certification? Or they just don't need it because there aren't credit cards involved, just your banking credentials?
-
AFAICT, it's mostly popular because the merchant avoids payment charges and gets a near-instant confirmation they'll get the money (a bank transfer is binding to the customer), and they usually pass that on to the customer by reducing their shipping fees.
But yes, lots of people have said from day 0 that using that violates your bank's T&C. But of course, banks have no interest in losing customers that can't cause fraud complaints anymore due to proven negligence with credentials.
-
at least in my bank, it's possible for the shop to redirect you to a payment site with all the transaction details pre-filled, so you log in to the bank's website and click "confirm".
mBank?
-
Well, with that name no wonder it isn't popular in Poland.
Pyszne.pl uses this shit. But in addition to PayU (uses banks' API), PayPal and credit/debit card purchases.
-
The website even claims that 50% of all Germans who buy stuff on the internet have used it.
Have used it once and then realized how scary it is, maybe.Also, the actual market share of SofortĂźberweisung in 2014 seems to be around 3% - wire transfers, direct debit, paypal and credit card have a combined market share of over 80%, according to a study by a German institute: http://www.channelpartner.de/a/rechnung-bevorzugt,3045312
-
It is, for example, one of the payment options on the Germain Railways website and app. Actually, for a while it was their only(!) payment method without additional payment fees, until that arrangement was deemed unlawful: https://www.lawblog.de/index.php/archives/2015/07/13/sofortueberweisung-ist-unzumutbar/
But the German branch of my bank has already said that their guarantee of reimbursing losses due to fraud will not apply if you used this SofortĂźberweisung: https://www.ing-diba.de/ueber-uns/wissenswert/sicher-online-einkaufen/ (in the comments).
Actually, I have used it a couple of times in the past but I feel really stupid now.
-
As far as I can tell with my nonexistent command of that language, anyway.
The second paragraph of the Wikipedia article already specifically highlights a major problem with it:Fßr den Datenschutz des Kunden problematisch erweist sich der Kern jeder Transaktion: Der Käufer ßbermittelt dabei nämlich die PIN seines Bankkontos, die er normalerweise streng vor dem Zugriff durch fremde Personen schßtzt, sowie eine ebenso persÜnliche, nur sein Konto betreffende einzelne TAN an die Sofort GmbH
That is, âProblematic for protection of the customerâs data is the core principle of each transaction: the buyer sends the PIN of his bank account, which he normally keeps strictly secret from strangers, as well as an equally personal single TAN [a code to allow the specific transaction] to Sofort GmbHâ
-
I have never understood how that bullshit got any traction at all. They basically force their customers to violate the use of service agreements they signed when their bank enabled online banking for them. Specifically "DO NOT give your fucking login credentials to somebody else".
I personally don't know anybody who uses it. I probably trained them well enough
-
I never heard of anyone using it.
I'd never even heard of it until this topic.
as far as I know PayPal can't get money from you other than by charging your card
Paypal UK can take it straight from a linked bank account via direct debit. I assume this option exists for Paypal elsewhere.
-
Paypal UK can take it straight from a linked bank account via direct debit. I assume this option exists for Paypal elsewhere.
It can in the US too, I have my bank account linked to my paypal for this purpose.
-
I'd never even heard of it until this topic.
I'd seen it once or twice, but didn't know anything about it and so didn't try using it.
Sounds like I dodged a bullet there.