Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
abdullahkhalids 3 hours ago

That still works. There are three entities: customer, bank and merchant.

The merchant should never be able to pull from your bank account. However, the merchant can send an invoice for a payment. Either the customer manually pushes the payment, or delegates to the bank that each invoice from merchant X should immediately result in a payment push [1].

The difference from the pull system is that the customer can at any point end this automatic push payment, but in the pull system the customer can only beg the merchant (eg. the gym) to stop charging their account.

[1] Or even better in an ideal world, delegate this pushing to their local finance app. So the bank can't put roadblocks for a customer cancelling a subscription.

lxgr 2 hours ago | parent [-]

> [...] the merchant can send an invoice for a payment. Either the customer manually pushes the payment, or delegates to the bank that each invoice from merchant X should immediately result in a payment push [1].

This already very close to how SEPA direct debits currently operate. I can instruct my bank with one click to stop honoring a given direct debit mandate (they'll then block all further payments under the same mandate reference), request any payment to be reversed for any reason (that I don't have to provide) etc.

The only difference to your suggested model is that the default is to honor all new mandates. I believe nothing – operationally or from a scheme perspective – prevents banks from requiring positive confirmation for every new mandate or even every single direct debit, though, and some banks (but not mine) even support this.

> in the pull system the customer can only beg the merchant (eg. the gym) to stop charging their account.

Not for SEPA direct debits, in any case.

abdullahkhalids an hour ago | parent [-]

My central problem is that in current pull based systems (both CC and direct debit), the merchant has access to the information to take money from my account. But that information can leak and someone else can take money from my account.

It's insane that digital systems are less secure than cash based system. If a merchant hands me a paper invoice, they can't just take cash out of my wallet.

The merchant should communicate to me where I need to deposit money, and I should put that into my system. The merchant should have little to no information about me.