I had to do some market research, but here in Germany there are banks that rely on a physically separate code generator device.
Here we have two types of alternatives (for now) for 2FA at banks: and index number is sent via SMS so the auth code can be looked at from a physical code list (much more secure than sending code in the clear via SMS), and the separate code genrator (some are one code only, some need pin and give separate codes for singing/verification and login).
That is used also for some banks but in addition you get a verification code (or some other second step verification). I have a code list (on paper) and I pay the bill but after that I must verify it using the second step code. Some banks also have these code generators (instead of paper list codes).
There are many different systems for verification within EU. I think a list of codes to be used only once is safer than verification over the net. And it works very well with Linux and any other platform. Verification apps are usually platform dependent and there is a risk they are hacked. Software is nice but paper is often safer.
we have plastic “paper” money (if that makes sense). also a few very low value metallic coins.
precious metal coins (like gold and silver) should be the standard and generally accepted form of payment.
some of the more private crypto currencies are also nice (the ones that don’t require a GPU/ASIC to mine effectively). i’m holding off on that until there are some 100% libre hw CPUs that can do the job effectively … that might take a while …
A list of codes when done properly is mathematically perfect: as strong as the weakest link it’s sent over. https://en.wikipedia.org/wiki/One-time_pad
1 Like
Does the Swish app deduct money directly from your account? Why not use a credit card, since it may have better fraud protection?
Another question that comes to mind is ‘How do tourists pay when they visit?’
Crypto currencies are assets that people are trying to use as a medium of exchange. It is an important distinction to keep in mind long term as crypto-currencies are no more money-like than, say, google stock.
Credit cards are a kind of luxury in the parts of Europe I’m familiar with. You actually have to pay for them, unlike other forms of non-credit payment cards.
1 Like
You have to pay for bank accounts in some countries of Europe (Italy, where I spend a fair amount of time when not in quarantine). I ask the question because credit cards in the U.S. at least (and Canada, if I recall, correctly) have implicit fraud protection because the credit card company is responsible for fraud whereas that is not true of debit cards or direct transfers.
This means that one should take the point of view that the credit card fee is not a convenience fee but the cost of insurance against fraud. One can then decide to self-insure.
this link should explain a bit better.
(this is what I meant previously when I talked about NETs/Worldpay etc having huge networks/infrastructure to facilitate payments…)
https://www.dibspayment.com/highlight-row-entry/direct-payments-sweden
the NETS payment app is used by both users and sellers.
You could think of it like a digital wallet app (for example people in California and other states bordering Mexico might know the company Unipagos (https://unipagos.com.mx/index_en.html) which is a closed eco system - you can pay for goods in stores using the app, where the stores accept the currency, but, you’d need to use the app to transfer credit between wallets.
Worldpay are a slightly different beast as they have a longer history of operating a payment network traditionally built on magswipe, then chip and pin, and now NFC… but again, you’re giving your data to a company. - or at least your data traverses their network.
world pay know what you’re spending and when.
Nets (and NEXI - the Italian version) know how much you’re spending and where.
(and when I say WorldPay/NETS and NEXI what I actually mean is Bain Capital.
Because Bain Capital own majority stake in ICBPI (now Nexi) Bain Capital own Worldpay. (and Experian)
And… when I say Bain Capital, yes, it is the Bain Capital that Mitt Romney founded.
Who bears the liability of fraud on these payment systems?
(in the UK) Generally the banks.
If I report my card lost/stolen and it is used in a shop (with a world pay terminal) it is the bank that is at fault and covered the cost of the fraud, (not the shop, and not the payment facilitator)
(there may be some differences if the pin is used in a fraudulent payment (as there is a how did they know the pin" question.)
Is there a difference between a stolen credit card and a stolen debit card. At least in the US, there is: the onus is on the banks for credit cards (one has only to report the loss or the fraud to be protected) whereas with debit cards the onus is on the client to provide documentation, etc. For this reason, I do not use debit cards, but only credit cards and ATM’s (which have yet a different set of liability coverage).
Yes, it works by connecting your account to your telephone. I can transfer money to another phone number (connected to another account) in one second. It is very good for small enterprises because they do not need to involve expensive banking systems. And people have no cash any more. But you need a BankId app and a Swish app in your phone. That has been a concern for me relating to Librem 5 - can I get such apps on L5 ? On the other hand as we have discussed I can buy a dirt cheap Android phone that I use only for these apps.
Tourists have a problem. So did I until I got my Swedish account connected to BankId and Swish. Those are necessary if you want to live in Sweden (I have a farm in Finland and a house in Sweden so I am a EU citizen). There have been discussions about establishing a EU payment system and Swish (founded by the big Swedish banks) is involved in that discussion. But it takes time as usual to get all 27 countries aboard …
1 Like
(in the UK) the liability for fraud (fraudulent use) of the card lies with the card provider (usually bank)
for example I have 2 bank accounts, (2 debit cards) and 3 credit cards I can use any of these at any time (holding these accounts open is free, utilizing the service is free (though interest is charged on any debt in the account.)
if the cards are used fraudulently the provider (master card, AMEX, MBNA etc) will be liable because ultimately it is them who authorize the fraud.
there is an onus on the customer, - I need to report fraud when I first see it (so, if I get a bank statement with £1000 of fraudulent transactions, and then wait a month until there is a thousand more, the bank will say that I’ve failed in my duty to report fraud (to limit their loss) and not refund all my losses (as they would have to by law in the event that I had promptly reported fraud.)
There is a difference between debit and credit protections in the UK, (and Credit protections are stronger) For this reason I would generally purchase items on my credit card…
It is for this reason that I purchased the Librum5 using a credit card.
Returning to the general question: Can the big tech companies make software disappear ? I see it from inside EU and it is a bit different here compared with the US. We have a very active EU commission which is tough on those companies. Both Google and Facebook have felt the wrath of EU in some cases. That could be the case in US too if I have understood the bipartisan discussion right. There are some EU directives that protect the citizens from the big techs but a lot more should be done. GDPR is one example (The General Data Protection Regulation ). Personally I would like to see a directive against gathering information without the active consent of a person. That would make a lot of questionable apps illegal. And no “By using this app you let us do whatever we like” clauses …
At some point there must be a system for verification of apps (not all are free software) so that you will know it has been checked and no superfluous data gathering is attached. That would make it more difficult to make a verified software disappear.
One problem with credit card is that I do not want to give away my card number because then it can be used inappropriately. I use Paypal (although I do not really love it) mainly because I do not have to put my card number on the web (even if it happens in a encrypted link). Paypal can of course sell all my payment information. But until we have a reliable distributed payment system based om blockchains it will have to do (or some other system like that).
So you want not only for Google/Apple to be able to pull apps from stores for companies that they don’t agree with, but also want governments to have control over what you can/cannot choose to install on your device also?
Governments will not force apps to not disappear/stay hosted. - for example on this forum there is no law that can compel Purism to spend their disk space hosting my speech, they choose to. - that’s a privilege, not a right. (AND, in the case of Parler - where I hear they were asking for forms of ID to verify accounts) infact may shut them down faster with the privacy laws you are suggesting.
Parler being hosted in the play store/apple store was a privilege, not a right, and it is a privilege they lost because they allowed content that apple/google didn’t want to associate with.
Moving to Purisms software store isn’t going to compel Purism to host any particular app, in that store app.
(which as discussed is the exact situation as currently with android, - there were other ways to get the application others stores still carrying the application, but 90% of people won’t configure that.)
I do not quite understand what you mean. My point is that gathering information without consent should be illegal. Verification that an app is not gathering unnecessary information is of course not mandatory. Neither is hosting an app.