Sofort banking



  • So apparently this payment method is pretty popular online:

    How it works is: the shop redirects you to a sofort.com page. They ask you for your bank username and authentication details (including any 2FA authentication you might have). They connect to your bank, log in with your account and password, and issue a bank transfer in your name.

    :wtf: right? But on the other hand, PayPal and credit cards can also take money from your bank account if they want, so I guess it's not that different? I'll let you judge.

    Anyway I couldn't resist the temptation and actually decided to give it a try. Got this

    Gee, thanks for nothing :middle_finger:.


  • Grade A Premium Asshole

    @anonymous234 said:

    They ask you for your bank username and authentication details

    That can't possibly be real. Can it? It can't, right? Nobody would do that, right?



  • The technical reasons were, "this bank, like all banks, canned our ass the instant they learned we were trying to pull this bullshit".



  • I do hope they're using some kind of API to talk to the bank... and not... web scraping *shudders*


  • Grade A Premium Asshole

    I'm entirely convinced that it's a joke. I mean, there's no way they have an arrangement with every bank between Slovakia and Spain. Also, if they only supported specific banks I'd expect them to list those banks somewhere on the site, but they don't - they only list shops that they support.



  • I :heart: this :wtf:. Getting used to handing over your banking credentials to a third party is bound to make everybody happy. By everybody I mean the crooks that are fishing for those.

    The funny thing is how you can just cancel the transaction 5 minutes later. But then that's the merchant's problem I guess :smile:



  • @blek said:

    between Slovakia and Spain

    That's not that many banks... But this phrase frightened me:

    “Norton secured” powered by Symantec



  • They only support certain banks, but for some reason they don't list them (that reason being they're assholes). If you want to know you have to go to any of those shops, make a fake purchase and pay with Sofort, then you'll get the list.


  • Grade A Premium Asshole

    @Hanzo said:

    That's not that many banks

    I googled a random Czech comparison test of personal bank accounts and it listed 17 separate banks, just for one small country. And I can recall at least one more that doesn't appear there.

    @Hanzo said:

    “Norton secured” powered by Symantec

    *snort* Yeah, definitely a joke. Please...



  • @anonymous234 said:

    But on the other hand, PayPal and credit cards can also take money from your bank account if they want, so I guess it's not that different?

    Credit cards have chargeback, and as far as I know PayPal can't get money from you other than by charging your card (if you want to do it by transfer, you have to do it yourself). If you share your account credentials and something goes wrong you might have hard time trying to get the money back from the bank.

    IOW don't use this.

    @blek said:

    I'm entirely convinced that it's a joke.

    It's been around for quite some time. People are bad at security.



  • Yet I'd say it's the 3rd most supported payment system in Europe, after PayPal and credit cards. Ain't things fun?


  • area_deu

    @anonymous234 said:

    3rd most supported payment system in Europe

    <citation needed>

    I never heard of anyone using it.



  • @anonymous234 said:

    Anyway I couldn't resist the temptation and actually decided to give it a try.

    ...huh, so did I.

    I had a glimmer of hope that it actually uses the bank's mechanism for this stuff - at least in my bank, it's possible for the shop to redirect you to a payment site with all the transaction details pre-filled, so you log in to the bank's website and click "confirm".

    But nope, it just gives you a bunch of textboxes and asks you for your account number and password from its own site. At least it does accept the randomly masked password, so I guess there's that?


  • Grade A Premium Asshole

    The website even claims that 50% of all Germans who buy stuff on the internet have used it. Based on some poll (apparently) from 2010. I've never heard of it either.

    It also doesn't even have a page on EN Wikipedia, only on the German version. As far as I can tell with my nonexistent command of that language, anyway. If it's not actually a joke, it seems to only be popular in Germany.



  • @blek said:

    If it's not actually a joke, it seems to only be popular in Germany.

    Well, with that name no wonder it isn't popular in Poland.


    Filed under: raus, raus



  • Well have you heard of any others? Because I haven't.

    I've heard of iDeal which is popular in Belgium and Netherlands but doesn't work anywhere else. SEPA transfers which take days so they kinda suck. Bitcoin which doesn't count. And many other "local" payment systems which are even smaller (and therefore useless).


  • Grade A Premium Asshole

    ÜBERWEISUNG!



  • Uh? Only Netherlands not around here.



  • Right, sorry, I read it somewhere and couldn't be arsed to double check :P



  • I know them, they're real. My friend actually used them once. The fun thing is, they not only log into your bank to make the transfer, they also scan your history to determine if your credibility is good enough.



  • "Thank you, your transaction has been successfully sent. We also noticed you could get a new loan at a lower interest rate to pay your previous one, so we did that too, and we canceled the gym subscription you weren't even using you lazy fuck. You're welcome

    Be sure to try our new SofortSocial™ service! Just give us your Facebook login and we'll take care of getting new friends for you."


  • Impossible Mission Players - A

    @anonymous234 said:

    Just give us your Facebook login and we'll take care of getting new friends for you."

    But, that will require a client download, to ensure your privacy of course.


  • Fake News

    @anonymous234 said:

    I do hope they're using some kind of API to talk to the bank... and not... web scraping shudders

    Keep shuddering... I have used it two times and the second time it broke when the bank had just updated their interface. Granted, this was a couple of years ago; but API's aren't supposed to break overnight though.



  • How something like this would get a PA DSS certification? Or they just don't need it because there aren't credit cards involved, just your banking credentials? :wtf:



  • AFAICT, it's mostly popular because the merchant avoids payment charges and gets a near-instant confirmation they'll get the money (a bank transfer is binding to the customer), and they usually pass that on to the customer by reducing their shipping fees.

    But yes, lots of people have said from day 0 that using that violates your bank's T&C. But of course, banks have no interest in losing customers that can't cause fraud complaints anymore due to proven negligence with credentials.


  • Dupa

    @Maciejasjmj said:

    at least in my bank, it's possible for the shop to redirect you to a payment site with all the transaction details pre-filled, so you log in to the bank's website and click "confirm".

    mBank?


  • Dupa

    @Maciejasjmj said:

    Well, with that name no wonder it isn't popular in Poland.

    Pyszne.pl uses this shit. But in addition to PayU (uses banks' API), PayPal and credit/debit card purchases.


  • area_deu

    @blek said:

    The website even claims that 50% of all Germans who buy stuff on the internet have used it.

    Have used it once and then realized how scary it is, maybe.

    Also, the actual market share of Sofortüberweisung in 2014 seems to be around 3% - wire transfers, direct debit, paypal and credit card have a combined market share of over 80%, according to a study by a German institute: http://www.channelpartner.de/a/rechnung-bevorzugt,3045312



  • It is, for example, one of the payment options on the Germain Railways website and app. Actually, for a while it was their only(!) payment method without additional payment fees, until that arrangement was deemed unlawful: https://www.lawblog.de/index.php/archives/2015/07/13/sofortueberweisung-ist-unzumutbar/

    But the German branch of my bank has already said that their guarantee of reimbursing losses due to fraud will not apply if you used this Sofortüberweisung: https://www.ing-diba.de/ueber-uns/wissenswert/sicher-online-einkaufen/ (in the comments).

    Actually, I have used it a couple of times in the past but I feel really stupid now.



  • @blek said:

    As far as I can tell with my nonexistent command of that language, anyway.

    The second paragraph of the Wikipedia article already specifically highlights a major problem with it:

    Für den Datenschutz des Kunden problematisch erweist sich der Kern jeder Transaktion: Der Käufer übermittelt dabei nämlich die PIN seines Bankkontos, die er normalerweise streng vor dem Zugriff durch fremde Personen schützt, sowie eine ebenso persönliche, nur sein Konto betreffende einzelne TAN an die Sofort GmbH
    That is, “Problematic for protection of the customer’s data is the core principle of each transaction: the buyer sends the PIN of his bank account, which he normally keeps strictly secret from strangers, as well as an equally personal single TAN [a code to allow the specific transaction] to Sofort GmbH”

  • area_deu

    I have never understood how that bullshit got any traction at all. They basically force their customers to violate the use of service agreements they signed when their bank enabled online banking for them. Specifically "DO NOT give your fucking login credentials to somebody else".
    I personally don't know anybody who uses it. I probably trained them well enough :grinning:



  • @aliceif said:

    I never heard of anyone using it.

    I'd never even heard of it until this topic.

    @CatPlusPlus said:

    as far as I know PayPal can't get money from you other than by charging your card

    Paypal UK can take it straight from a linked bank account via direct debit. I assume this option exists for Paypal elsewhere.



  • @loopback0 said:

    Paypal UK can take it straight from a linked bank account via direct debit. I assume this option exists for Paypal elsewhere.

    It can in the US too, I have my bank account linked to my paypal for this purpose.


  • Discourse touched me in a no-no place

    @loopback0 said:

    I'd never even heard of it until this topic.

    I'd seen it once or twice, but didn't know anything about it and so didn't try using it.

    Sounds like I dodged a bullet there. :smile:


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.