Comment by severino

> What are the odds they're using this on-shore tech grab to implement their own domestic version of China's social credit score system, to easily get data on their own citizens who commit "wrong-think", without having to through the effort to twist the arm of US entities every time they want to do that?

What are the odds that once shut down "chat control" will come up under a new name?

The odds are very low. It all depents on the people. So far, the European citizens are very privacy senstive. The European institutions are characterized by a huge devision of power. There is no chance that European instutitions can impose their will against a considerable majority of people. If people turn away from liberal democracy, that's another matter. But then everything is lost anyway.

> What about being required to carry a your-own-government-controlled tracking device?

What part of the cellphone manufacturer being based overseas makes you think the government can't track you via it?

Even leaving asides 5-eyes style data-sharing agreements, your US/Chinese smartphone still connects through a domestic cellphone carrier, using a domestic number. That's enough to have at a minimum fine-grained location tracking, call logs, and data usage.

Tracking device might be the wrong thing to focus on. The US has other ways of messing with foreigners who depend on services provided by US companies, like suddenly cutting off those services in the case of ICC judges.

> Because the US or Chine government can't harm me in Europe via the data they collect from me

That's an amusingly naïve perspective. The US government absolutely can harm you, via a multitude of ways.

Every government is an attacker.

I don't disagree but that wasn't the point here. The point is they are handing even more control to a different US entity. Putting my tinfoil hat on, I assume the authoritarians are intending to simply buy the data from the American companies to circumvent legal restrictions, as in the Five Eyes arrangement.

Most people have mobile phones that need to roughly know your position as a technical necessity, why are you speaking like its 1990's?

> important security measure

It's a security measure against the owner of the device, in other words, an attack. Would you be okay with me using a remote control to forcibly slow down your car so I can merge? Using attestation this way is fundamentally incompatible with ownership. If the bank wants some assurance about a device, they need to sell or issue one to me, like credit cards or point of sale machines, which are explicitly not your property.

The fact that the assurance is provided by a third party you have little recourse against just adds insult to injury.

An important security measure for who, though? The servers at the bank should "never trust the client" in case the attestation is bypassed or compromised, which is always a risk at scale.

If it's an important safety measure _for me_, shouldn't I get to decide whether I need it based on context?

I think it's fair for banks to apply different risk scores based on the signals they have available (including attestation state), but I also don't want the financial system, government & big tech platforms to have a hard veto on what devices I compute with.

Maybe you missed it, but the US is threatening to attack an EU country for close to an year now.

Really makes you think when petty criminals use privacy tech while billionaire pedophiles run their dealings through gmail.

> But isn't the promise of Apple Pay that you never expose your real credit card # to the merchant? So they can't track you? I know Walmart in Canada really resisted Apple Pay for a few years because it would mean no more ability to track people by their payment methods.

Yes, this is exactly what Walmart does in the US since they still don't accept Apple Pay/Google Pay. When I go in and make a purchase using my credit or debit card, they'll associate it with my Walmart account and it'll show up as a "recent order" in the Walmart app because I have the same card saved there for ordering groceries online. They use those in-store purchases to recommend things to add to my grocery orders all the time.

We used to have a "cash card" in Sweden in the 90's[0]. It flopped because nobody wants to keep manually re-filling it with value all the time. It's much more convenient to have a card that pulls from your bank account (either instantly via debit or monthly via credit). In the mass market, convenience always trumps privacy.

The places where a "cash card" have gained popularity have all been using the "backdoor" of public transit payments that are so ubiquitous they also get accepted by retail (e.g. Suica in Japan, Octopus in HK, EasyCard in Taiwan, etc)

[0] https://sv.wikipedia.org/wiki/Cash_(betalsystem) based on the Belgian Proton https://en.wikipedia.org/wiki/Proton_(debit_card)

Governments frown upon KYC-less digital purse cards. Gotta force everyone to share their national ID number to just open a bank account to keep out drug dealers, terrorists, or NSFW game peddlers.

Banks generally don't like disposable digital purse cards. They make money off fees and interest. If a product doesn't rope you into a customer "relationship" where you link your pay deposits or later might get a mortgage or car loan they can only make money off fees. Enjoy paying $5 to activate a $100 prepaid debit card!

Credit cards provide convenience and cash back benefits. Some might prefer to pay cash for everything for ultimate privacy, and that's fine. But credit cards are the compromise I make. I can still pay cash when I think it's appropriate for a given transaction.

Using Google or Apple Pay so I can tap my phone instead of my card gives me no extra benefit that I care about and complicates my ecosystem with another party.

The fact you have the visa or mastercard logo doesn't mean you can't avoit to use their tech for your daily payments.

Example, in France most debit and credit cards are called "carte bleue" (literally blue card) but all of them either have a visa/mastercard logo. However when you pay with them you can decide with the merchant to use the CB system or the visa/mastercard. Sadly very few people know that and do the selection.

The problem isn't just getting something that works across all European countries. It's getting something that works globally.

The Dutch iDEAL, on which Wero is based, already works for a lot of global payments. E.g. Stripe and Shopify support iDEAL:

https://stripe.com/en-nl/payment-method/ideal?__=

https://help.shopify.com/en/manual/payments/shopify-payments...

I regularly get offered iDEAL as a payment option when ordering outside of Europe.

You can buy things from your local Amazon or national equivalent that come from outside using this systems, so, you are not so restricted to EU sellers.

I suppose the most problematic would be traveling. I recently when outside the EU and was surprise how smooth the process was using my Visa card, to the point I didn't use any local currency.

On the other hand, I recently buy books from the UK and it get stuck for two weeks in customs, and it had nothing to do with the payment platform. I had not realized how difficult is to import something from outside the EU, even for personal use.

Many (most? all?) of the payment systems I’ve used over the years can interop with Visa or Maestro. Case in point: my Bancontact cards can pay in any Belgian business even if they can’t afford the better machines that do VISA, but my card also has the VISA logo. Same in Portugal and Germany.

Also European merchants who need to accept payments from non-Europeans need to accept Visa and Mastercard.

If you can give merchants something that costs them only 0.1% in interchange fees, you can be pretty certain they’d jump on it.

If you build it on IBAN it already works everywhere.

It's a standalone network. Most Portuguese cards are also VISA/Mastercard, but payment terminals may only have a contract with Multibanco, meaning only Portuguese cards are accepted. It's quite common for foreign cards not to be accepted.

Nope, it has nothing to do with credit cards, although it also accepts them.

It is majorly used for debit cards, and similar in use to the famous Minitel in France.

You can use it to load pre-pay phones, or other kinds of rechargeable services, buy tickets for public transport and various kinds of shows, pay water, electricity, taxes, among other services.

There is now an app used to pay on shops via QR codes.

You can also pay online with one time cards, that are generated for a single transaction.

Outside Portugal it is a regular debit card.

When you access Multibanco with foreign cards, you can only withdraw money usually.

Yes. In some eastern EU countries instant SEPA payments with QR are already super popular because you don't pay fees and you don't need special terminal/gateway.

It is your bank, I don't pay for transfers.

Instant SEPA is free - see Instant Payments Regulation (IPR) — Regulation (EU) 2024/886.

I never paid for SEPA transfers. Some countries are weird. I am not sure if it is still the case, but Germans had to pay a transfer fee when they used an ATM from another bank. In The Netherlands, you can use ATMs from any Dutch bank without extra cost. In fact, you can also use ATMs of German banks without additional cost. So, a having a Dutch debit card in Germany was/is(?) cheaper than a German debit card in Germany.

Huh, I thought the EU had mandated for instant SEPA transfers to be free. Maybe it’s just national. What country are you in?

I consider some flights already expensive enough, and have had no issues, unless I got lucky.

I just bought Kampot peppers from https://www.unclespepper.com/ which is in Germany, the name notwithstanding. And yes, I paid with my Danish Visa card. No problems except that I had to adjust my ad blocker once.

You must frequent a very interesting subset of German web shops then. Yes, some do offer bank transfer (many don't because latency is just so terrible), but I've never seen credit card not on the list. Perhaps with the exception of credit card available only through some intermediary like PayPal (which I tend to prefer over direct credit card, I don't really like spreading my CC details to servers of questionable maintenance state than strictly necessary)

Which payment method is missing from Zalando? https://en.zalando.de/ It’s a German company

I order all over Europe (including Germany) and I cannot remember the last time I did a manual bank transfer.

Yes, why did I mentioned SEPA?

It works for the purpose to pay something online.

If you want an example, Eurowings.

On the other hand, I have already seen Germans complaining about the lack of possibility to buy train tickets by bank transfer.

I have never paid anything via bank transfer, where are you buying?

There's so much trust / dependency on NPCI at this point but I recently learned that it's not a public entity and thus excluded from the transparency acts such as RTI. I hope the EU does better!

My friend says even the poorest Indians use it.

You can buy vegetables at a farmer's market, and just scan a QR code.

I guess I was misunderstanding. I thought that Starlink was deliberately ignoring the sanctions because they were able to shut it off real quick once Musk got that tweet https://x.com/sikorskiradek/status/2016221397396168995

Actually European integration the last 30 years has been pretty remarkable. In the past, not even electric plugs were compatible. But the EU is not a country. A lot of the inefficiencies are actually features sought by key members to protect their own local incumbents.

It isn't bureaucracy that has prevented any alternatives emerging; it's network effects. Mastercard and Visa have a solid duopoly.

I think you misunderstood, I do not pity them at all. I am just pointing out it is bad strategy to be dependent on foreign potentially-hostile technology.

In particular, I heard this through Mallen Baker at https://www.youtube.com/watch?v=7ACzkuSFzT4

Misinformation on HN? Well, I never!

You need to research better before forming and sharing wrong opinions about world's most popular payments system: UPI.

UPI will work even without a smartphone, it will work on even with a basic feature phone, using USSD codes! That's called UPI 123PAY.

https://www.msn.com/en-in/money/news/upi-without-smartphone-...

This feature allows rural populations, poor people, small merchants, etc., to send and receive UPI payments, even without a smartphone.

So UPI has no dependency on Google or Apple, it can work on any basic phone that supports USSD codes feature!

What's being discussed isn't Google or Apple Pay.

It's an app that uses NFC or, if needed, reads a QR code and does a web request (i.e. needs internet).

Neither Google nor Apple will block that, or take a cut; and it's already available in multiple markets.

This is about taking stuff that already works in one or two countries, design a similar system that works across countries, and mandate that all banks under ECB supervision implement it.

Digital Markets Act, also Apple nearly lost their payment monopoly in Germany as powerful banks lobbied for a law forcing them to open up. It was passed, but then they didn't want to use it. If I would guess, Apple offered them preferential conditions to not have a precedent.

https://financefwd.com/de/sparkassen-apple-nfc/

Lack of negotiation power. Less control over Android than Apple has over iOS.

Google keeps self-sabotaging Android Pay. They lacked market power so cellular carriers blocked it hoping to advance their own payment ecosystem (ISIS). Google changes the payment brand every few years, and fragments it into two separate apps or combines them. It's rather like their messaging strategy.

The selling of sovereign infrastructure to foreign actors is a failure of regulation. I’m baffled as to why that was approved.

Nice... /s

I thought Carte Bleue no longer existed?

Not to mention that we are essentially forced to give up accsss to all of our private data stored on our phones to either google or apple because you have their rootkit (Google Play Services in the Android case) installed

It is called a metonymy where you substitute a name that is associated to some other thing instead of mentionning that thing.

Some examples: Wall Street = NY Stock Exchange the White House = US president and his cabinet the Pentagon = US Dept of Defense Downing Street = UK prime minister

https://en.wikipedia.org/wiki/Metonymy Scotland Yard = Greater London Metropolitan Police Tehran = Government/officials of the islamic republic of Iran

Brussels = location of EU headquarters, and in common lingo Brussels thus means "People running the EU and deciding things on everyone's behalf."

"Brussels" is often used to mean the entire blob of EU and related institutions.

This literary device is so common it has a name: synecdoche. e.g. "The pentagon" to refer to the US military.

Now we just need a word for performative dense-ness.