On Thu, 22 Sep 2016 16:09:00 +0200 Kamil Cholewiński <harry6...@gmail.com> wrote:
> In Poland, on most online shopping services, you click "pay with bank > transfer" at the checkout. Click the logo of your bank, get a redirect > to the bank's online transaction service, type in your user&pass, > review the transaction, get an SMS with one-time code to confirm it, > and click OK. It's marginally more complicated than typing the CC > number and infinitely more secure (MFA, one-time codes are all > standard). Transfers are instant, you usually get the goods the next > day. > > However it's very JS-heavy, which is the only part that really sucks. No, this is pure madness, it's not more secure than the other way around. Banks should provide their own APIs + SSO using a common/standard naming conventions and functionality. That doesn't sucks, the other way it does. It's enough a MitM attack or similar exploits to obtain user, password and other personal details and/or to forge payments that look like the original one. I know by experience. This doesn't mean that Poland e-commerce solutions aren't safe, it just means that you are using the "suck more" solution. BTW, having a "suck less" e-commerce it's good, but I'm also strongly convinced that it doesn't belong to suckless. My 2¢ -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT !d s: !a C++ UL++++ P+++ L+++ E--- W+++ N+++ o-- K- w--- O+ M-- V-- PS+++ PE Y+ PGP t+++ 5++ X R++ tv- b+ DI D++ G e+ h---- r+++ y++++ ------END GEEK CODE BLOCK------
