[cyberpunk]

This is a regulatory thing, devices used for instant payments should be somehow attested and be authenticated (or be a physical device the bank issued e.g your card).

It’s a difficult thing, we don’t want to have to force smartphone choices but the number of users without one these devices is so vanishingly small it’s very difficult to change the legislation in order to support them too.

I think the happy middle ground is making this system also work with bank issued cards.

[microtonal]

This is not true. Many European bank apps allow instant payments and work without Google's remote attestation. They typically require a locked bootloader. I am in The Netherlands, use GrapheneOS and do instant payments all the time.

(GrapheneOS does support remote attestation, but the app needs to add their verified boot key fingerprints.)

[cyberpunk]

Which bank? I work in this space for a large european bank and we wouldn’t be able to do this.

[amaccuish]

My Volksbank app here in Germany just wants a locked boatloads and no root. Works fine with microg. It's the reason I will never move!

Though the Sparkasse is the same actually, unsure about the other german banks

[cyberpunk]

This is great news if it’s true, these regulations are so hazy it’s maddening. Even tho I’m being downvoted I am actually on the side of removing these barriers I was just sharing what I was made to understand by my bank. shrug

[microtonal]

All Dutch banks for example? I do instant online payments and P2P payments all the time with a degoogled phone. My VISA credit card app (ICS) also works fine.

[cyberpunk]

You mean via your banks web interface? Or via some tap to pay interface?

What i mean is can you use this to pick up a slab of beer in albert hein, or just to transfer some cash to a friend or such?

[microtonal]

I can't pick up a slab of beer at Albert Heijn because it requires Google Pay. But some banks (I think Rabobank) have their own NFC app and then it works fine.

But instant online iDEAL payments etc. work fine. Person to person payments using Tikkie/betaalverzoek as wel.

Put differently, I never use my bank's web interface, only the phone app.

[wolvoleo]

Not anymore, all Dutch banks have moved to Google/Apple pay unfortunately.

[linohh]

I don't see, why a smartphone plus NFC enabled token device wouldn't work within the regulation, we should go that way, (or any way decoupling Google & Co. from it) because we should be prepared for US companies to be forced to act unreasonably by an unreasonable leader.

[hocuspocus]

There's technical possibility and then real world practicality.

For the same reason, a pure WebAuthn flow in a compliant browser could technically implement secure payment confirmation mandated by the DSP, but afaik no bank does that, and the W3C is still working on the spec.

Our governments can't even manage not to depend on Microsoft/Google/AWS (and Palantir, the US military industrial complex, Israel, ...), our banks are regularly under the fire of extraterritorial bullshit due to the USD dependence.

Being worried about consumer devices and their OS is cute, but it's missing the forest for the trees.

[cyberpunk]

I agree, I’m not saying it’s totally correct or there aren’t answers, but those are the current rules at least in my bank.

Instant payments bypass typical surveillance and fraud systems and so need some kind of authentication, if you don’t want to 2fa every time you’re at the checkout then the application has to have been previously authenticated (e.g setup with some kinda TAN from your bank) and execute on an attested device. We can def extend attestation to other devices (e.g is the kernel modified, does the app have reasonable version and checksums etc) but again, who is gonna fund that for 10 users?

edit: We have a long road to go before this stuff gets better, I think we should be happy at each step instead of really wishing we were already at the finish.

[mzajc]

Then I'll unfortunately have to continue paying the PayPal tax - apparently they have no issues running in any browser of my choice.

> I think the happy middle ground is making this system also work with bank issued cards.

That wouldn't let me pay online.

[cyberpunk]

That’s authenticated and 2fa’d, so it doesn’t have the same use case as a tap to pay system, though. I’m not defending these choices, but there is a reality here.

[drnick1]

> we don’t want to have to force smartphone choices but the number of users without one these devices is so vanishingly small

You are missing the point. The issue is that once the "vanishingly small" number of alternatives disappears, users will be completely trapped, and Google and Apple will then free to abuse that position of power (they already do). Worse, since power is centralized, it is very easy for government interference to take place, and we already see that with things such as identity and age verification requirements. It is the possibility of competition that matters more than actual competition.

[cyberpunk]

Aren’t your problems solved by carrying a bit of plastic issues by your bank? Why isn’t that enough?

[drnick1]

This "digital wallet" is precisely touted as an alternative to carrying plastic.

[lyu07282]

We really should try to understand your mentality, if only to understand why after 27 years the EU still doesn't have a PayPal alternative.

[joris]

Because we don’t need it. The US banking system for example is fairly archaic. Where I live, paper checks went extinct about 30 years ago. Now with SEPA, bank transfers are cheap (cents), fast (seconds) and easy (IBAN). If our banking system would not be as convenient, I’m pretty sure something like PayPal would have been very popular.

[lyu07282]

So is it really just that simple? A lack of understanding what Paypal even is?

[hulitu]

> A lack of understanding what Paypal even is?

Your account is from 2021. There were a lot of "Paypal locked my account and all my money is in there" stories at least 10 years before that year.

So YMMV.

[hulitu]

Oh, you will underestand. When, besides your bank, half of the planet will know about your shopping habits.

The device called "Smartphone" is only used to collect every possible detail about your life. The smart thing on a "Smartphone" is that, besides your bank, a lot of other "vendors" have access (not only) to your financial information.