PIX is also better because it gives control back to the central bank (as it was with cash) and not private industry although they are providing the service. The central bank controls what payments are permitted by what laws exist, not some risk management system that has decided that your legal purchase is too risky or some foreign state has applied sanctions against you.

PIX should be the gold standard for this - it’s works perfectly for all use cases that I can think of.

Hell even the homeless people around here take donations in PIX, but you can also buy a house with it. Zero fees involved

This is a brilliant response. I love personal anecdotes like this that meaningfully contribute to a better conversation on HN.

First: PIX sounds insanely good! I wish I had it where I live.

My follow-up question: Can anyone with experience with India's Unified Payments Interface (UPI) comment about capabilities compared to PIX? It is frequently lauded as one of the best e/mobile payment services in the (developing) world.

iDeal can also be used for recurring payment. I set one up yesterday.

If you like Tikkie, you may like bunq as well.

This is kind of a problem with Wero though [1]:

> The Wero app can be installed on any mobile device or tablet running iOS 16 or later, or Android version 9 or later. We recommend updating your device to the latest version of its operating system for maximum performance, convenience and security.

> It is not possible to use Wero via a web browser or on a computer.

Why the ** am I constricted to using an app on Android or iOS. Ever heard of laptops? Windows? ChromeOS? macOS? Linux in general?

[1] https://support.wero-wallet.eu/hc/en-us/articles/25599074240...

> you can use it for recurrent payment, split payments, financing, cashout and almost all things a CC can do nowadays

But can credit cards really do all those things? You just entrust your credit card number to a party that does it for you, but the credit card system itself isn't taking care of those things like recurring payments.

> PIX from Brazil is even better, to be honest.

You lack the inherent fraud, bankruptcy and other malicious actor protection that Visa/Mastercard provides.

Bought something online and didn't receive your product? With PIX you're SOL, with Visa/Mastercard you get a chargeback.

Nah, BLIK from Poland was there earlier and is in many ways better, Wero was unfairly lobbied for by the old European guard, so most of Eastern Europe walked away.

They are now hesitantly joining Wero, supporting it only to downplay and to lobby ECB for an API platform and not for a product.

Wero does have recurring payments planned too (apparently for end of 2026), seems like they're well aware of PIX and racing hard to get into exactly the same space.

Since last year, Colombia has implemented Bre-B, our copy of Brazil’s Pix, and it’s been fantastic. I can’t wait to see it mature to the same level as Pix, and I really hope both systems are eventually linked together.

Tikkie has a different usecase. It's meant for smaller payments between individuals

In fact, you can pay a Tikkie using iDEAL/Wero

I think Colombian's Bre-B system took heavy inspiration on PIX. It is amazing and so easy to use.

(I haven't tried PIX so not sure) but UPI is really great too and I think that Pix is similar to UPI and UPI was launched by India nearly 4 years ago than brazil.

Anyways, one of the things that I am interested about in payment systems is say creating cross-payments between Pix,UPI and Wero.

UPI is already there for a few countries and there are more trials which are happening and my brother was a bit involved in trying to add UPI to london. (I think it was some efforts by his college perhaps, I am not sure completely.)

For India, the largest points are remittances and for other nations, it gives a really well built payment system and integrates it to more economies.

UPI is accepted in seven countries: Bhutan, France, Mauritius, Nepal, Singapore, Sri Lanka, and the United Arab Emirates (UAE).

> It hands over the customer's IBAN, which isn't really that much safer than a credit card number, since any merchant can trigger a SEPA Direct Debit using it.

Yes. And they would quickly lose their ability to process any payments. This is the exact same idea as how credit cards work. I don't see my IBAN as a secret, all my friends have it, as thats how they can send me money right to my account.

> that requires you to actively monitor for fraudulent transactions, which a decent system wouldn't allow in the first place.

So that rules out credit cards too, exact same system.

I'm not familiar with pix mentioned in the other threads, but I am not familiar with any other system that is better

No. The bank gives you a prominent notification when someone new gets a direct debit authorization for your account. And a merchant gets banned quickly when they misuse their debit authorization.

> pre-authorization

If you need pre-authorization use credit, iDeal is a debit system.

> It hands over the customer's IBAN

SEPA Direct Debit requires my consent one time on my banking app.

Giving out your IBAN number is generally safer then giving out your Credit card number, date of expiration and cvv code.

Additionally it allows for things like name to account checking, therefore making it less likely you will be scammed.

I was under the impression that direct debit requires an initial authorization from the account owner? Otherwise anyone with your bank account number can pull your account funds and bank account numbers are hardly a private information (unlike a cc where you need the card number/expiry/cvv code and generally a correct address)

What you see is a glued or patchwork to make the things work somehow with the existing state of things. Strictly speaking, a lot of banks do not offer API support and yet these third party tools are able to orchestrate a flow with is nothing less than man-in-the-middle-attack.

The change if it happens at all, across the board to streamline can only from from government mandate. The industry is always going to go for finding some low cost option to achieve the target. The private players are always going to optimize for short term gains.

When using a government website, you were intimidated by the security posture of... Plaid? (Genuine question, maybe this was some other provider but Plaid's aggregator tool is the most common place I see this pop up in real life for ACH)

That's still a man in the middle coordinating the payments (mpesa, etc...) and essentially holding both sides of the transaction. When you send money to somebody with mobile money you're sending it to the mobile network operator who then let's the other person know so they can move the money to somebody else (or cashout or leave it there).

It's not really a federated system because you can't for instance send money from mpesa in kenya to a different provider in uganda.

Are you referring to m-pesa?

the mobile money while convenient r not exactly secure due to MITM.

I can only speak for my countries, but almost all payment terminals now have the option to scan a QR code with your mobile banking app to pay using Wero.

> At any rate, I don't see EuroPA or Wero break the 'hegemony' of Visa/MC the way this article claims.

You're right, it does not. But it's a significant step towards that goal. In-store payments are next on the agenda.

As usual if there is reasonable competition this limits what the established actors can and will do.

Certainly better and easier to say than Chipknip!

If they haven't been redirected to their bank, verifying with their mobile banking app using a QR code will not work.

> After typing your card numbers

Yes, but the whole point of Wero is that you don't have to type in a bunch of info that can be easily stolen. With Wero (and many other international solutions), you just scan a code with your phone, and your banking app handles the transactions. The existing legacy solutions are just duct tape on an existing system.

The problem with 3D Secure is that the merchant can unilaterally decide not to use it, which defeats the whole purpose of 3D Secure.

The problem is that these are all US systems.

This is pretty much every payment I do in Finland works. Always have to go and verify it using my online banking credentials after I've entered the numbers. Does make me wonder why I need to bother with the whole number, expiry and CVV bullshit anyway.

iDEAL is a killer name

I want many payments to be pull-based (at least I'd go crazy having to positively sign off every utility bill and subscription), but the ideal user interface for pull payments shows who exactly is pulling what, with a few days notice, and a one-click way to cancel any standing authorization.

You could still have this 1-click experience with another system.

Like you could set some rule like “this vendor is approved for charges below $50”. We don’t need the legacy system for that.

(I don’t know if any payment systems can do that atm, just that if we wanted we could make them do that)

Visa seemed not to care too much about fraud though so at some level they do prefer ease of use over security

You'll need to fake much more than just that. Usually the bank website will ask you to confirm the transaction by opening the banking app on your mobile phone.

Not really, since in modern 3DS implementations, the redirect pretty much only shows a modal saying "check your phone for a notification and confirm this payment there".

Worst case, you'll be entering a one-time code received out of band, e.g. via SMS, and that message will mention what you are consenting to by entering it anywhere, so even MITM attacks are very hard.

The days of entering a static password in 3DS are long gone.

not really, the redirect itself is happening at EMV DS level, not by the merchant himself. Merchant has no idea what bank your card belongs to, so he does not know which bank to redirect you to.

The physical barcode reader is long gone in Belgium. Instead, you scan the QR code with your banking app (or on mobile, click a link to open the banking app), and either verify directly for amounts under €250 (?), or verify big amounts with ItsMe, another app, using Face ID.

> I remember living in Belgium this was the case, and I always had to go and find that stupid physical barcode reader that I then had to hold against the screen, sign in with my debit card, PIN, enter the Euro amount, and then sign the transaction.

I can't talk about Belgium but from what I've read, the dutch iDeal system requires nothing of the sort. It seems to act as a broker between your bank and the business, and a user's input is limited to pick the bank you use and approve the payment through your bank's app.

But most people here don't want credit cards; risk of spending what you don't have just works differently over there outside mortgages. And then this new stuff is just objectively better: debit cards, even though you will get the money back mostly, makes it a hassle as you basically pay the lowest fees possible and never credit so fraud really sucks. And makes no sense; away with those cards; we do not need them anymore.

Individual experience is rarely an accurate representation of the broader system.

try getting a refund for fraudulent card charge in other countries except the US.... most other banks in LATAM/EU will not simply "refund" you the money.

with a mastercard from a swedish bank that is the experience that i get. all online transactions pop up a page from my back with qr code, this is authenticated through an app that shows me the transaction details and requires pin confirmation.

That has nothing to do with Wero, that's just your bank (ING) being stupid.

I don't think I've ever heard anyone complain about the actual PayPal payments flow. Most complaints are around seizing large balances due to suspected fraud...

paypal goes to great lengths to not be regulated as a bank, right?

This is exactly what India's UPI (Unified Payments Interface) works. No PII, just a UPI ID is given and the user gets a push notification in Android/iOS app for approval (with PIN or security enclave like fingerprint).

In fact, there is EPC code, but it is rarely used and bank support is abysmal, at least in our country. But that can also be because we have some homegrown local standard for payment QR codes (and a new one in the works, lol).

[0] https://en.wikipedia.org/wiki/EPC_QR_code

If I am understanding you correct, isn't this what UPI does already?

I caution PayPal would only work if you trusted the original shopping site, and perhaps your "credentials" got breached and used illicitly elsewhere. I got banned from PayPal after I tried to buy an electrical switch, was on an (apparently scam) website, never received the item, and opened a PayPal dispute. The scammer somehow convinced PayPal the item I tried to buy was illegal/against PayPal ToS, which resulted in them banning *me* instead of the scammer.

On the other hand, I see an unknown charge on my credit-card, dispute with my bank, and it's handled.

No way on PayPal,venmo, or any company associated with Paypal... I got screwed over with an unauthorized transaction on my credit card that was attached to a PayPal account... They refused to acknowledge the transaction as unauthorized... My Credit Card that was charged (Amex) on the otherhand, reversed the transaction within 24hours

A dropdown is offered and the choice is remembered.

If you don't set a default browser, you'll be prompted what browser to open redirects and such in every time.

Unfortunately you still can't easily distinguish between normal browsing and private browsing that way (though browsers could implement that in theory), but I ran that setup for a while back when Firefox couldn't integrate with the App Tabs or whatever it's called where Android apps have their own minimal UI around a full screen web view (which used to always be Chrome).

Card numbers don't work because the business receiving the payment doesn't automatically get a signal from the bank when payments come in without an annoyingly complicated banking integration, which is exactly what these new services intend to solve. They do work for the consumer in some cases, and I have been paying for some online services with regular old bank transfers in cases where I didn't need a payment to go through the same day. That doesn't mean it's an equivalent system in most cases.

If your banking app doesn't run on your device because of something as silly as root detection, you should find a better bank.

Perfect opportunity for browser or OS API to provide the feature, where we could make it more streamlined, secure, and consistent.

Indeed, it's terrible for fraud, as fraudsters are more likely to land behind bars.

In reply to .3: bancontact is nearly free per operation, but credit card were percentage heavy fee per transaction... That's why. And don't forget that the Netherlands, Belgium and Luxembourg will prefer debit over credit for payment.

Don't forget that the banking world is still under a lot of pressure from the various government (systemic risk assessment for example) and the stakeholders. It's a mess!

3. Yeah, the previous system we used was just too cheap and efficient. Credit cards are still not common.

4. We're indeed a bit later than elsewhere, but there are many now.

/rant? :-)

1. sounds nice though! But how do they verify that it's actually you? Just matching the photo manually? People are terrible at that. Or do they scan a fingerprint?