Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.
Can't we have cards for this? In Spain, for example, to use Bizum, you need either an Android/iOS smartphone (and for the Android case, as you use it from your bank's app, it would typically require some Google security assurances - so no Huawei phones allowed, for example) or logging into your bank's website and use Bizum from there, only if your bank allows you to use Bizum via web. And it's not very practical or convenient to do that when you're in a store and want to pay, in contrast to swiping your credit card.
So while I see very convenient gaining some sovereignty from American companies for these payments, I think we're losing it when we will need devices controlled by other American companies in order to use the new system.
This is really a human right issue. No one should be required to carry an attacker-controlled tracking device, especially not for interacting with the government. It's funny that the EU uses all this mobile attestation BS more than the US does. So much for sovereignty and consumer protection. No monopoly Google can build is as good as the government forcing you to accept their terms.
>No one should be required to carry an attacker-controlled tracking device
What about being required to carry a your-own-government-controlled tracking device?
Because the US or Chine government can't harm me in Europe via the data they collect from me, But the EU authorities can if they want to, so naturally I fear them more if they were the ones hoovering my data.
What are the odds they're using this on-shore tech grab to implement their own domestic version of China's social credit score system, to easily get data on their own citizens who commit "wrong-think", without having to through the effort to twist the arm of US entities every time they want to do that?
Food for thought, but I do think we're living the last years of online anonymity, it's inevitable.
Every government is an attacker.
The odds are very low. It all depents on the people. So far, the European citizens are very privacy senstive. The European institutions are characterized by a huge devision of power. There is no chance that European instutitions can impose their will against a considerable majority of people. If people turn away from liberal democracy, that's another matter. But then everything is lost anyway.
> There is no chance that European instutitions can impose their will against a considerable majority of people
The EU commission just passed chat control to have government mandated software in every phone
It's substantially neutered from the original proposal, with most of the scary parts taken out. I'd count that as a win as far as how antidemocratic the EU commission is.
https://www.eff.org/deeplinks/2025/12/after-years-controvers...
Given how many world leaders form the west had absolutely the most vile chats with Epstein about doing despicable things to people, I'd totally want chat control but only for our leaders. They certainly proved that's who needs it the most to keep us safe.
Do you have a citation for this? I can't find anything showing that 2022/0155(COD) has passed the EU Council or Parliament (nor can I find any scheduled votes). [1]
The most recent related information I could find was some movement to extend the temporary derogation of the ePrivacy Directive, which expires on 2026/04/03, to 2028/04/03 but even that did not seem to have passed yet. [2]
The very fact they're trying to extend the temporary derogation hints to me that they think it'll take some time yet to pass Chat Control (if at all).
[1] https://oeil.europarl.europa.eu/oeil/en/procedure-file?refer...
[2] https://oeil.europarl.europa.eu/oeil/en/procedure-file?refer...
If you want to over simplify at least do it right.
35 years ago, a good chunk of the current EU was under a Soviet-imposed totalitarian rule. Spain was a dictatorship until 1975. And it's been just 80 years since WWII.
It always boggles my mind that most Europeans are absolutely convinced that nothing like that could ever happen again. Meanwhile, many people in the US are convinced that the government will be coming for them any minute now.
They literally get arrested for posting memes.
They who and what?
> So far, the European citizens are very privacy senstive.
In some areas, sure - like GDPR.
In other areas, absolutely not - like chat control.
As another commenter pointed out, it seems as if government mandated privacy intrusion is OK, while violations by corporations are quickly shutdown. It’s like the opposite of how it works here in the US.
> chat control
The Danish proposal for indiscriminate chat control did not receive enough support and was retracted last autumn. Similar proposals have been put forward regularly over the past 30 years and have so far come to nothing just as regularly.
For the conservative (and sometimes not so conservative) non-experts things like this sound like an easy win. So every new generation of politicians has to be educated about it again.
> chat control
The Danish proposal for indiscriminate chat control did not receive enough support and was retracted last autumn. Similar proposals have been put forward regularly over the past 30 years and have so far come to nothing just as regularly.
>it seems as if government mandated privacy intrusion is OK
Once you give people an outside boogieman(Putin, Trump, Covids, etc) or a self inflicted false flag crisis(surge in violent crime rates for example) to shake them up to their core and put the fear in them, you can then easily sell your intrusion of privacy in their lives and extension of the police state, as the necessary solution that protects them.
When you start lose control of your people because their standard of living has been going downhill for 2 decades and they realize the future prospects aren't any better so they hate you even more, you can regain control of them by rallying them up on your side in a us-versus-them type of game against external or internal aggressors that you paint as "the enemy". The media is your friend here. /s
This isn't an EU or US exclusive issue, it's everywhere with a government issue. The difference as to why the EU people seem to be more OK with government intrusion compared to the US, is that EU always has external aggressors the government can point to as justification for invasiveness and control, while the US has been and still is the unchallenged global superpower so it has no real external threats ATM, meaning division must be manufactured internally (left vs right, red vs blue, woke vs maga, skin color vs skin color, gender vs gender, etc) so that the ruling class can assert control in peace.
Either way, we all seem to be heading towards the same destination.
Amen to that.
I agree 100%. Europe is just ahead of us for the time being, but our turn is soon approaching...
> So far, the European citizens are very privacy senstive.
Only from corporations, but not from their own governments. A lot of Europeans put a lot of blind faith into their governments and the EU, and criticism of these institutions is usually met with accusations of being a bot, MAGA or russian troll.
>The European institutions are characterized by a huge devision of power.
Didn't really stop them passing whatever rules they wanted during Covid, did it? Or today with Russia and Ukraine situation. Sure is convenient that we keep having more and more crisis and boogiemen that governments can leverage to deflect accountability and bypass the wishes of the population, for our own good of course.
>There is no chance that European instutitions can impose their will against a considerable majority of people.
Famous last words. People always can be, and routinely are, manipulated to vote against their own best interests, even if everyone claims manipulation doesn't work on them. The propaganda industry is HUGE. Why do you think Germans supported to tie themselves to Russia's gas and destroy their nuclear power. Was it all their original thoughts or was it a massive campaign of dis-/mis-information designed to get everyone on board the same train? And mass manipulation like this is every other Tuesday these days. See Cambridge Analytica.
A individual person can be smart, but people together as a collective voting block, are stupid, and the elites treat us like cattle, as seen in the recent files.
> Sure is convenient that we keep having more and more crisis and boogiemen that governments can leverage...
The problem with this phrasing is it makes it sound hyperbolic, but it is important to remember the world is large and there are always, in a literal and normal sense, multiple major crises going on at any moment.
People who don't pay much attention to politics sometimes get confused about why crises elevated by the corporate media get ignored. A big answer is becuase they are elevated for political reasons, usually the crisis is fairly routine in absolute terms.
>there are always, in a literal and normal sense, multiple major crises going on at any moment
True, but my point I wanted to draw attention to, is HOW these crisis are handled now, not that there's many of them.
Every crisis now seems to be exclusively used as a vehicle to justify taking away just a little bit more of your freedom and anonymity, or implement more fiscal policies that will leave you footing the bill but just so happens it will be enriching the wealthy as a side effect.
Because such policies shoved out the door in times of crisis, don't pass through the lengthy public debates and scrutiny regular policies have to go through, so it's the perfect opportunity to sneak and fast-track some nefarious stuff in.
I'm not that old yet, but I don't feel like this backdoor was misused to this extent in the past, like pre-2008 I mean (except 9/11 of course). It definitely feels like politicians have gooten of taste and are abusing this exploit now more with every little opportunity.
Tracking device might be the wrong thing to focus on. The US has other ways of messing with foreigners who depend on services provided by US companies, like suddenly cutting off those services in the case of ICC judges.
IIRC, ICC judges lost access to their O365 work email accounts. Worst the US can do to me is turn off my Steam, and Gmail but I can easily live without those.
Now imagine being debanked by your own government because they don't like what you're saying and becoming unemployed, homeless and dead. I don't think they're remotely comparable.
For example, a few years ago, a power tripping gov bureaucrat turned off my unemployment payments over a technicality. Luckily, I had enough money to pay a lawyer to sue them and won, but it was tight. What if I hadn't had the money to hire a lawyer? Since I was in a foreign country, with no family or close friends to fall back on. I was exclusively relying on the welfare state I paid into for years, that then turn its back on me for shits and giggles.
So I don't think you understand just how bad it can be for you if your government decides to turn on you and fuck with you, if you're comparing this to losing access to your work email account.
See the famous case of UK postal workers that got fucked by their government trying to hide their mistakes.
According to AP News (https://apnews.com/article/international-court-sanctions-tru...) at least one judge had his bank accounts closed. So it's not just your own government who can debank you in Europe.
Of course in this judge's case there might still be some banks who are willing to work with him even at the risk of getting sanctioned as there weren't language in the news that he was completely debanked which I assume they would highlight if it was the case.
You most likely use a Windows PC and an Android phone. If Uncle Sam viewed you as a threat actor, he could ask both companies to send you a signed and verified update to either your OS or apps they control, running whatever he wants.
> IIRC, ICC judges lost access to their O365 work email accounts. Worst the US can do to me is turn off my Steam, and Gmail but I can easily live without those.
They lost access to everything american, including Visa and Mastercard. It's in french and maybe not the best source but it's not paywalled :
https://www.tf1info.fr/international/nous-sommes-attaques-le...
> "Payments are mostly cancelled," he continued, "as almost all cards issued by banking institutions in Europe are either Visa or Mastercard, which are American companies."
They are not completely debanked since they can go to the bank and withdraw cash, but it's a crippling situation to be in.
It's all the same. How is suing Google any different, if you instead get debanked by Google for violating their "terms"? The only solution is untraceable, permissionless money, like Monero. Why do you think governments try so hard to ban it?
Being de-Googled is a hardship, though there are replacements for virtually all its services. I acknowledge you are well informed on this topic.
It is not unreasonable for governments to pursue avenues for laundering money. I recognize that you likely don't believe governments should prosecute money laundering, but that view is not aligned with the majority of citizens in your country.
Ah money laundering, the government's 2nd favorite excuse to bypass due process, remove freedom, and impose arbitrary punishments, after "emergency" and before "think of the children".
The government can prosecute money laundering and all the other crimes, but it's not an excuse to impose extrajudicial punishment. Until they stop, having some cash and crypto is your only means of defense.
I understand your threat model is centered around the risk of a government persecuting you. This will naturally conflict with incentives of people whose threat model centers around a lower severity but higher frequency event of systematic violence performed by criminal enterprises, with a necessary condition being ease of moving money. Both representative and totalitarian governments seek to aid investigation of criminal activity by following the movement of money.
I'm unsure about your reference to extrajudicial punishment, is it referring to de-banking associated with AML and KYC regimes in the US? If so, I agree that unjust things are unjust. I believe we should seek to fix those injustices directly through lobbying lawmakers, rather than rejecting an entire system that has significant security benefits.
I am sympathetic to people who have a fatalistic attitude when it comes to political reforms. Having other financial instruments as a backup is a good practice.
I'm not necessarily opposed to KYC or even government being able to audit transactions in general. But there is too few legal protections both from the bank and the from the government itself for this to be acceptable in a free society.
It's not entirely hopeless I guess. For what it's worth, the US government recently issued an EO that purportedly stops banks from debanking you for political reasons. Hopefully a future administration would take care of the other part.
After a fair trial and appeals process, right?
Because financial sanctions are one of our main tools to pressure enemy countries into calming the fuck down in hopes of avoiding an actual kinetic conflict.
In 2025, North Korea managed to steal from the world over 10% of its GDP worth in cryptocurrency.
> if you instead get debanked by Google for violating their "terms"
Since when is google a bank?
>The only solution is untraceable, permissionless money, like Monero. Why do you think governments try so hard to ban it?
Because untraceable currency is mostly used by criminals for crime.
Your bank (like most European ones) requires you to pass attestation to use their services. If you don't accept Google/Apple's terms, you can't access it without extreme difficulty.
I can always access my bank via a web browser or even in person at the teller at a branch somewhere, or as a last resort via snail mail from attorney, but most importantly even if I get locked out somehow by google, the account still runs and I won't be homeless as my salary and rent auto-payments keep going regardless if you can access it or not.
How is this comparable to your government debanking you meaning that no bank, landlord, layer or job will touch you?
It's less severe for sure, but I'd rather live without undue interference based on someone else's whims, unless I broke a law.
I... don't think you understand debanked. There is no movement OUT of your account. Deposits will be processed all day long. The intent is to tie up access to as many of your assets as possible. If you think anything of yours will just keep on going if you end up debanked, you're sadly mistaken. In addition, based on the U.S. Bank Secrecy Act as amended by the PATRIOT act, covered entities are forbidden from disclosing to you anything about why your account is frozen.
It's as close as you get to a complete shunning from modern society. You're reset to the cash you hold on you and keep custody of. And yes. In the U.S., the list that manages who can and cannot transact is centralized under OFAC. So it is at the whims of Executive whether or not any financial activity can be done with you.
The premise here is that you lose access to a European bank's mobile app because the US government compels Apple or Google to disable your app store accounts. Not that your relationship with the bank is frozen.
> Now imagine being debanked by your own government because they don't like what you're saying and becoming unemployed, homeless and dead. I don't think they're remotely comparable.
You don't have to imagine it.
Alina Lipp, Thomas Röper, Xavier Moreau, Col Jacques Baud, Nathalie Yamb. The last two are Swiss nationals. The Baud case is interesting because he's a Belgian resident who now can not even buy food or pay his bills while living in his own home.
Carrying this device is the key here. Eventually we all need to carry it around, track us everywhere.
Yeah it seems that some politicians have noticed that they can enact a lot of self serving authoritarian legislation that wouldn't fly otherwise if they push it as populist independence-from-US thing. Can't let a good crisis go to waste, of course.
One only needs a few looks at what the EU Commission has been doing lately to see that if left unchecked their plan is a UK-like total surveillance state.
I don't disagree but that wasn't the point here. The point is they are handing even more control to a different US entity. Putting my tinfoil hat on, I assume the authoritarians are intending to simply buy the data from the American companies to circumvent legal restrictions, as in the Five Eyes arrangement.
> It's funny that the EU uses all this mobile attestation BS more than the US does
Attestation in on itself isn't unwarranted which (to me) is an important security measure. Attestation as commonly implemented on Android via Play Integrity (the way banking apps are known to do) is restrictive, sure: https://grapheneos.org/articles/attestation-compatibility-gu... / https://archive.is/snGEu
> important security measure
It's a security measure against the owner of the device, in other words, an attack. Would you be okay with me using a remote control to forcibly slow down your car so I can merge? Using attestation this way is fundamentally incompatible with ownership. If the bank wants some assurance about a device, they need to sell or issue one to me, like credit cards or point of sale machines, which are explicitly not your property.
The fact that the assurance is provided by a third party you have little recourse against just adds insult to injury.
>against the owner of the device
Would you consider MFA to be a measure against you, the owner of the device, because it makes it harder for you to login?
>If the bank wants some assurance about a device, they need to sell or issue one to me
They are offering you free software and are operating under a security model tied to these specific devices. You're still free to walk into their branches, or use their physical cards, if you prefer not use their limited selection of devices.
>Would you be okay with me using a remote control to forcibly slow down your car
Car manufacturers do this as well though. Some of this is for the benefit of their customers (preventing theft from easily cloned keys). Some of this is not for customer benefit, like locking down infotainment systems.
Banks however are only interested in preventing fraud.
> MFA to be a measure against you
Not really, unless the MFA involves the same type of attestation involved in the process. TOTP is fine, and you can put it in your password manager to avoid phones, and can be done without consenting to any spying. And I don't really own the account anyway.
> use their physical cards
The premise of this discussion is these will get replaced by the hostile phone app, since the Europeans are too lazy to make a proper replacement.
> locking down infotainment systems
I don't agree with that either, but you can presumably buy a car without one, and you'd still be allowed to drive. What if the government says, you can't drive anymore UNLESS you use the locked down infotainment system and consent to all the ads/spying that comes with it?
> Would you consider MFA to be a measure against you, the owner of the device, because it makes it harder for you to login?
In theory - of course, it shouldn't make it any harder for _me_ to login, it's just that in practice the friction is inevitable since it can't distinguish between me and someone else without it.
> You're still free to walk into their branches, or use their physical cards, if you prefer not use their limited selection of devices.
The point is that this freedom is going away. I'd absolutely want to use their physical cards (there are smartcards with e-ink displays which would be a great thing for confirming payments), but no, they're slowly taking this away, starting by limiting transfers done without their mobile app.
And _their_ mobile app needs to invade __my__ property by locking down the system. I understand this might be neccessary to ensure the UI can be trusted, but this shouldn't happen on my device as it restricts my ability to do completely unrelated things.
> If the bank wants some assurance about a device, they need to sell or issue one to me, like credit cards or point of sale machines, which are explicitly not your property.
In this example, a banking app is not making the entire Android device non functional when it refuses to work when remote attestation like Play Integrity fails.
It is colluding with a third party to increase their power. What devices pass Play Integrity? Yeah, the same ones with all the telemetry and spying that you can't remove. I thought the government is supposed to protect consumer rights, not to tilt the playing field even further.
Like I said, I'd be fine if they offer a viable alternative, like a card or a physical authentication dongle (which doesn't require spyware to use).
An important security measure for who, though? The servers at the bank should "never trust the client" in case the attestation is bypassed or compromised, which is always a risk at scale.
If it's an important safety measure _for me_, shouldn't I get to decide whether I need it based on context?
I think it's fair for banks to apply different risk scores based on the signals they have available (including attestation state), but I also don't want the financial system, government & big tech platforms to have a hard veto on what devices I compute with.
It's an anti-brute-force mechanism. It's not for you, it's for all the other accounts that an unattested phone (or a bot posing as an unattested phone that just stole somebody's credentials via some 0-day data exfiltration exploit) may be trying to access.
Sure, banks could probably build a mechanism that lets some users opt out of this, just as they could add a Klingon localization to their apps. There just isn't enough demand.
If you work on mobile apps you will notice that full attestation is too slow to put in the login path. [This might be better than it used to be, now in 2026].
I don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare. But yeah you might incorporate it into the flow. Just like captchas, rate limiting, fingerprints etc and all the other controls you need for web, anyway.
I know I'm quibbling. My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms, and I know banks and government don't really care, but I do.
> total big tech capture of computing platforms
Correct. And the end of ownership, privacy, and truth too. If something can betray you on someone else's orders, it's not yours in the first place. You'll own nothing and if you aren't happy, good luck living in the woods.
> you work on mobile apps you will notice that full attestation is too slow to put in the login path
Hm, Play Integrity isn't that slow on Android, from my experience.
> don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare
I'm not privy to device-wide bypasses of Play Integrity that ship with Trusted Execution Environment (which is pretty much all ARM based Androids), Secure Element, and/or Hardware Root of Trust, but I'd appreciate if you have some significant exploit writeups (on Pixels, preferably) for me to look at?
> My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms
A valid concern. In the case of smart & personal devices like Androids though, the security is warranted due to the nature of the workloads it tends to support (think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc) and the ubiquity & proliferation of the OS (more than half of all humanity) itself.
> Insulin monitoring apps
A monitoring app doesn't even interact with systems you don't own. Just put a liability disclaimer for running modified versions.
> warranted
Decided by whom? And why is Google trusted, not me? At minimum, I shouldn't face undue hardship with the government due to refusing to deal with a third party, unless we first remove most of Google's rights to set the terms.
> A monitoring app doesn't even interact with systems you don't own. Just put a liability disclaimer for running modified versions.
This is unserious when Insulin overdose can be fatal.
> And why is Google trusted, not me?
(Hardware-assisted) Attestation on Android doesn't require apps to "trust Google".
> I'm not privy to device-wide bypasses of Play Integrity that ship with Trusted Execution Environment (which is pretty much all ARM based Androids), Secure Element, and/or Hardware Root of Trust, but I'd appreciate if you have some significant exploit writeups (on Pixels, preferably) for me to look at?
Hi, you don't have the break the control on the strongest device. You only have to break it on the weakest device that's not blacklisted.
The situation is getting better as you note, but in the past the problem was that a lot of customers have potatos and you get a lot of support calls when you lock them out.
> think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc
I agree with you on the need for trustworthy computing. I mainly disagree on who should ultimately control the trust roots.
We can only hope they continue to be found so there would at least be a small cost for this kind of indignity.
I hope they go with Taler, personally. Privacy of cash but the required traceability for merchants.
> for the Android case, as you use it from your bank's app, it would typically require some Google security assurances - so no Huawei phones allowed, for example
I don't know about Huawei, but actually most (all?) of the banking apps in Spain should work on a non-Google-certified Android builds. There's an community list tracking GrapheneOS compatibility at https://privsec.dev/posts/android/banking-applications-compa... and all of them currently appear supported just fine.
GrapheneOS in Spain?
https://www.androidauthority.com/why-i-use-grapheneos-on-pix...
> Police in Spain have reportedly started profiling people based on their phones; specifically, and surprisingly, those carrying Google Pixel devices. Law enforcement officials in Catalonia say they associate Pixels with crime because drug traffickers are increasingly turning to these phones. But it’s not Google’s secure Titan M2 chip that has criminals favoring the Pixel — instead, it’s GrapheneOS, a privacy-focused alternative to the default Pixel OS.
EDIT: Previously on HN: https://news.ycombinator.com/item?id=44473694
Really makes you think when petty criminals use privacy tech while billionaire pedophiles run their dealings through gmail.
> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.
The article starts with Wero right off the bat, which a pan-European rebrand and continuation of the Dutch Ideal. The Dutch have been using Ideal everywhere, and you usually use that to pay online. It redirects you to your bank to acknowledge the transaction, and most bank have auth methods where a smartphone is optional. Most often used for sure, but optional, and you can complete the transaction with a hardware reader and your debit card as well.
The only exception are the neobanks like Bunq, which actually are smartphone-only. That one in particular is great if you appreciate the CEO and staff keeping a personal eye on your transactions (no kidding).
> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.
I would also hope so, that is the entire point. The reason they are scrambling right now is because Starlink just shut off all of Russia. Because Starlink was so cheap and easy (and stable for the last 4 years of the war), a lot of people in Russia stopped using any other form of internet access. And while all of Europe is happy to see Russia go away, they are concerned that the same can be done to them at a whim by any number of American companies. So they are trying to quickly create alternatives to anything American including software providers like Microsoft 360.
As for credit cards, it is not as if there is something intrinsically American in credit card processing. They can just as easily create a new system that uses the same protocols as Visa and Mastercard.
Having your entire economy dependent on a company you don't control in a country you don't control was considered acceptable for as long as a concept of "allies" existed. That is not the world we are living in right now.
What are you talking about, 92% of Russian population has access to internet via landlines, the government subsidised building all the infustructre. The internet access is one of the cheapest in the world($5-10 per month for 100-500mbit/s), starlink with its $50-120 price tag is not affordable at all, ignoring the fact it doesn't even work here
Starlink was never available in Russia due to the sanctions regime. It's only use by Russians was via grey import terminals on the frontline in Ukraine (made possible due to complications of geofencing).
I guess I was misunderstanding. I thought that Starlink was deliberately ignoring the sanctions because they were able to shut it off real quick once Musk got that tweet https://x.com/sikorskiradek/status/2016221397396168995
> they are trying to quickly create alternatives to anything American
They're the same bright minds that ensured no alternatives could naturally come out of the European market trough relentless bureaucratic central planning. I have zero hopes of a good outcome
Actually European integration the last 30 years has been pretty remarkable. In the past, not even electric plugs were compatible. But the EU is not a country. A lot of the inefficiencies are actually features sought by key members to protect their own local incumbents.
Your best example of European integration is electric plugs?
USB-C!
How about tap water has to be drinkable in every EU country
Many non-eu countries have drinkable tap water, not sure how representative of "integration" this rule is.
> a lot of people in Russia stopped using any other form of internet access
What you're saying is just plain false. No one has ever used Starlink in Russia. It doesn't even work here. It never did. Russian troops were using Starlink on Ukrainian territory, that's what was shut off.
Never mind russians putting starlinks on flying bombs to blow up Ukrainians. But those poor Russian Internet users you invented. While it’s jailable offense in russia to own starlink.
I think you misunderstood, I do not pity them at all. I am just pointing out it is bad strategy to be dependent on foreign potentially-hostile technology.
In particular, I heard this through Mallen Baker at https://www.youtube.com/watch?v=7ACzkuSFzT4
> Starlink just shut off all of Russia
What are you talking about? Starlink never worked in russia. It worked in Ukraine, and it was shutdown in Ukraine by using a white list for which any Ukrainian can easily apply.
The goal was to shutdown Starlink usage by russian drones in Ukraine and by anyone on the occupied Ukrainian territories.
> Because Starlink was so cheap and easy (and stable for the last 4 years of the war), a lot of people in Russia stopped using any other form of internet access.
What are you smoking ..err.. any source to your claim ? (Which is between bizarre and just plain wrong).
On Portugal we have the Multibanco network, which already provided Internet like services for buying stuff on the terminals and eventually graduated to have online payments as well, however only in Portugal.
Likewise, in Germany we can have SEPA for most stuff.
And in Greece there is Viva.
Problem is getting something that actually works across all European countries.
The problem isn't just getting something that works across all European countries. It's getting something that works globally.
While we may make most of our payments within EU, basically everyone still occasionally pays for something outside of EU, either online or when they travel. This means if the new thing only works in EU, every European will still need and have a MasterCard/Visa even if they use it less often than before.
This is still a massive amount of leverage - MC/Visa still have the ability to block payments made from EU citizens/companies to outside.
You can buy things from your local Amazon or national equivalent that come from outside using this systems, so, you are not so restricted to EU sellers.
I suppose the most problematic would be traveling. I recently when outside the EU and was surprise how smooth the process was using my Visa card, to the point I didn't use any local currency.
On the other hand, I recently buy books from the UK and it get stuck for two weeks in customs, and it had nothing to do with the payment platform. I had not realized how difficult is to import something from outside the EU, even for personal use.
Many (most? all?) of the payment systems I’ve used over the years can interop with Visa or Maestro. Case in point: my Bancontact cards can pay in any Belgian business even if they can’t afford the better machines that do VISA, but my card also has the VISA logo. Same in Portugal and Germany.
If you can give merchants something that costs them only 0.1% in interchange fees, you can be pretty certain they’d jump on it.
If you build it on IBAN it already works everywhere.
Also European merchants who need to accept payments from non-Europeans need to accept Visa and Mastercard.
Of course but they can support an EU standard as well. It's not mutually exclusive.
The big benefit is that all internal EU card transactions are no longer routed via US companies which is quite ridiculous.
Internal transactions all over the world are routed through US companies. I have paid using Visa or Mastercard at some point in Australia, Indonesia, India, Frnce, Sri Lanka, Singapore, Dubai.....
its not exclusive, but there is a problem with network effects. From the point of view of a business why should they add support for a new payment system no one users, from the point of view of consumers why should they sign up to a new system that no one accepts?
As I said in another comment the most likely alternative is a more decentralised system that all countries/currency blocks that want sovereign payments can get behind.
It's a problem for two reasons. First of all it means American companies get access to a lot of privileged information. Secondly, them pushing foreign morals eg sexual content or services being blocked.
If there were an EU card system id certainly sign up for it and demand from vendors that they support it. I don't want my data ending up in America especially these days.
The network effect will work out fine because we have reasons to want it.
Its a problem but a global one, not merely a European one.
Network effects are very powerful.
You might care enough about privacy but most people have given up.
I've been in Portugal sometimes, and to me MB was synonymous with "we accept credit cards", and in fact it is in the sense that you can pay using Visa or Mastercard in those shops. But, is it a standalone system that doesn't require anything outside Portugal in order to work? With their own non-Visa credit cards? And can you use them when abroad in the EU, for example?
It's a standalone network. Most Portuguese cards are also VISA/Mastercard, but payment terminals may only have a contract with Multibanco, meaning only Portuguese cards are accepted. It's quite common for foreign cards not to be accepted.
Nope, it has nothing to do with credit cards, although it also accepts them.
It is majorly used for debit cards, and similar in use to the famous Minitel in France.
You can use it to load pre-pay phones, or other kinds of rechargeable services, buy tickets for public transport and various kinds of shows, pay water, electricity, taxes, among other services.
There is now an app used to pay on shops via QR codes.
You can also pay online with one time cards, that are generated for a single transaction.
Outside Portugal it is a regular debit card.
When you access Multibanco with foreign cards, you can only withdraw money usually.
I'm French and living in Portugal and I do not get the Minitel comparison. Minitel was basically a Telnet device to various services' servers.
That said, I love MB and MB Way. What an upgrade it's been over paying for stuff in the US (where I lived before moving to Portugal).
From what I know from Minitel, the same Internet before the Internet applies.
I was buying tickets on MB, before it became common place in the Internet.
Could you search for tickets and such on MB?
All the stuff I'm familiar with is only payments (with entity and reference).
Now that I think about it, you could search for things on Minitel but I don't remember if payments were made as phone charges or if they could also be done with transfers.
Minitel was so prohibitively expensive to use (just about every service cost multiple francs per minute), I didn't do much with it.
Yes, for concerts, matches, CP (including the seat on IC/Alfa).
https://immolusitania.ch/the-real-deal-with-atm-machines-in-...
SEPA gets blocked immediately when you try to buy something expensive, like a top-end graphics card (8k+).
I consider some flights already expensive enough, and have had no issues, unless I got lucky.
Show me a german webshop that supports modern payment methods. It usually old school bank transfers still.
Which payment method is missing from Zalando? https://en.zalando.de/ It’s a German company
I just bought Kampot peppers from https://www.unclespepper.com/ which is in Germany, the name notwithstanding. And yes, I paid with my Danish Visa card. No problems except that I had to adjust my ad blocker once.
Yes, why did I mentioned SEPA?
It works for the purpose to pay something online.
If you want an example, Eurowings.
I have never paid anything via bank transfer, where are you buying?
SEPA would be a decent solution with instant QR code generation and app payments, but the transfer fees are ludicrous for daily use (~1-2€ per wire). Or maybe it's just my bank being greedy fucks as usual.
Huh, I thought the EU had mandated for instant SEPA transfers to be free. Maybe it’s just national. What country are you in?
Yes. In some eastern EU countries instant SEPA payments with QR are already super popular because you don't pay fees and you don't need special terminal/gateway.
It is your bank, I don't pay for transfers.
Wero is expanding around Belgium, France and Germany while Bizum has "joined" the European Payments Alliance with Bancomat and SIBS from Italy and Portugal respectively, not sure how these work exactly as I'm also located in Spain.
My point being, if these payment systems start becoming more interconnected and join within a standard, I wouldn't be surprised if we eventually saw Bizum cards around here, Wero cards in other places, and many more.
At least that's my take on it. Of course there's still a long way to go, such as developing the system, banks adopting it, businesses adopting it, then customers (which would probably take years, many people wouldn't bother switching at least until their current card expires)
I use my credit and debit cards the same way today as I did before smartphones existed. I never invited the extra surveillance middleman of Google/Apple into my transactions. And the convenience of tapping or swiping a plastic card is simpler than using my phone anyway. Is this not possible in Spain?
> I never invited the extra surveillance middleman
What's an extra layer of surveillance? Why accept the "credit and debit" surveillance middlemen but not the google/apple middlenmen?
What the world needs are "cash cards". Something equivalent to cash not tied to your identity that you can use in the real and virtual world.
I simply do not understand why governments or the private sector do not provide such options.
We used to have a "cash card" in Sweden in the 90's[0]. It flopped because nobody wants to keep manually re-filling it with value all the time. It's much more convenient to have a card that pulls from your bank account (either instantly via debit or monthly via credit). In the mass market, convenience always trumps privacy.
The places where a "cash card" have gained popularity have all been using the "backdoor" of public transit payments that are so ubiquitous they also get accepted by retail (e.g. Suica in Japan, Octopus in HK, EasyCard in Taiwan, etc)
[0] https://sv.wikipedia.org/wiki/Cash_(betalsystem) based on the Belgian Proton https://en.wikipedia.org/wiki/Proton_(debit_card)
Governments frown upon KYC-less digital purse cards. Gotta force everyone to share their national ID number to just open a bank account to keep out drug dealers, terrorists, or NSFW game peddlers.
Banks generally don't like disposable digital purse cards. They make money off fees and interest. If a product doesn't rope you into a customer "relationship" where you link your pay deposits or later might get a mortgage or car loan they can only make money off fees. Enjoy paying $5 to activate a $100 prepaid debit card!
Credit cards provide convenience and cash back benefits. Some might prefer to pay cash for everything for ultimate privacy, and that's fine. But credit cards are the compromise I make. I can still pay cash when I think it's appropriate for a given transaction.
Using Google or Apple Pay so I can tap my phone instead of my card gives me no extra benefit that I care about and complicates my ecosystem with another party.
> cash back benefits
Only in the U.S. In many other countries the processing fees are regulated by the government so the banks can't afford to give you your "cash back".
I'm with you. Low-tech works just fine. I hate the idea of having to depend on a working phone just to pay for things.
But isn't the promise of Apple Pay that you never expose your real credit card # to the merchant? So they can't track you? I know Walmart in Canada really resisted Apple Pay for a few years because it would mean no more ability to track people by their payment methods.
> But isn't the promise of Apple Pay that you never expose your real credit card # to the merchant? So they can't track you? I know Walmart in Canada really resisted Apple Pay for a few years because it would mean no more ability to track people by their payment methods.
Yes, this is exactly what Walmart does in the US since they still don't accept Apple Pay/Google Pay. When I go in and make a purchase using my credit or debit card, they'll associate it with my Walmart account and it'll show up as a "recent order" in the Walmart app because I have the same card saved there for ordering groceries online. They use those in-store purchases to recommend things to add to my grocery orders all the time.
Yes, but in Spain all of our cards are Visa or Mastercard, afaik, so you can't really avoid using American tech in your daily payments (unless you use cash, which remains a very convenient method, by the way).
The fact you have the visa or mastercard logo doesn't mean you can't avoit to use their tech for your daily payments.
Example, in France most debit and credit cards are called "carte bleue" (literally blue card) but all of them either have a visa/mastercard logo. However when you pay with them you can decide with the merchant to use the CB system or the visa/mastercard. Sadly very few people know that and do the selection.
Interesting. I don't think there's anything similar here in Spain, though. On the other hand, in this same thread, somebody said Visa acquired that "Carte Bleue" system, and Wikipedia states it was discontinued in 2010. So maybe it's not possible to use anything other than visa/mc in France anymore
I put my debit card in my smartphone case. Best of both worlds.
Thanks! ANOTHER SANE voice of reason! Nothing tops the simplicity of using plastic, either via chip or NFC. Leave the friggen' phone at home!
FWIW, I'm using Bizum on a daily basis in Spain, on a de-googled android phone running e/os/, via my bank app (revolut)
> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.
Even if it does, Google won't be taking a cut from it.
Also, it's then much easier to provide a mobile web version, or something else.
My country's internal system also sells a bracelet for contactless payments, and there are obviously payment cards.
Once there's a mandatory standard, it's much more likely competition will show up. EU wide SWIFT, direct debits, instant transfers, all show this.
What would Google prevent from taking a similar cut as Apple is taking?
Digital Markets Act, also Apple nearly lost their payment monopoly in Germany as powerful banks lobbied for a law forcing them to open up. It was passed, but then they didn't want to use it. If I would guess, Apple offered them preferential conditions to not have a precedent.
https://financefwd.com/de/sparkassen-apple-nfc/
What's being discussed isn't Google or Apple Pay.
It's an app that uses NFC or, if needed, reads a QR code and does a web request (i.e. needs internet).
Neither Google nor Apple will block that, or take a cut; and it's already available in multiple markets.
This is about taking stuff that already works in one or two countries, design a similar system that works across countries, and mandate that all banks under ECB supervision implement it.
Lack of negotiation power. Less control over Android than Apple has over iOS.
Google keeps self-sabotaging Android Pay. They lacked market power so cellular carriers blocked it hoping to advance their own payment ecosystem (ISIS). Google changes the payment brand every few years, and fragments it into two separate apps or combines them. It's rather like their messaging strategy.
I don’t see why they can’t just piggyback on existing, proven solutions such as Bancontact, Carte Bleu, etc., which are all based on a card running on its own network. If it’s app-based, we’re excluding quite some citizens from it.
Visa bought Carte Bleue in 2011. Yep.
An Indian friend of mine, constantly raves about their UPI system:
https://en.wikipedia.org/wiki/Unified_Payments_Interface
It sounds a lot like what they're discussing.
Canada has the interac system and it works pretty wonderfully, it's integrated into other systems for overseas compatibility but it can operate entirely independent of VISA/Mastercard if the POS supports it.
What about a implant that can be placed into your palm? It can carry everything about you and be tied to your pulse so that if you have a panic attack or something as you are being robbed it wipes everything but your name and basic information.
Logical next steps: 1. European app store that has to run on Android/iPhone 2. European phone (platform) -- maybe as a joint venture of different European players / not a single company.
It's true that it's a problem, but it can be easily fixed in the future. For example they could just change the app to work on any old android fork. You still get the benefit of no longer having transaction data run through the US.
But right now many of us are concerned with not being able to run e.g. GrapheneOS without locking ourselves out of all basic digital infrastructure. We shouldn't wait until it gets untenable for the EU to lock us into Google and Apple, we want independence from the start.
Not to mention that we are essentially forced to give up accsss to all of our private data stored on our phones to either google or apple because you have their rootkit (Google Play Services in the Android case) installed
This "Play Integrity" garbage is the first thing europe should break with. Instead we have Italian government app refusing to run on devices not serving Google's interest.. shame.
Also often a requirement on govt digital identity apps...
With my bank (bankinter) you can bizum from a browser (just checked).
Sorry: This is Spain (to clarify).
I’m sure Brussels will do the right thing.
What does Belgium's capital has to do with this? Do you imply Brussels = European Union?
Brussels = location of EU headquarters, and in common lingo Brussels thus means "People running the EU and deciding things on everyone's behalf."
"Brussels" is often used to mean the entire blob of EU and related institutions.
Exactly, it's just like people saying Washington to refer to the US government, or Beijing to refer to Chinese government.
This literary device is so common it has a name: synecdoche. e.g. "The pentagon" to refer to the US military.
Now we just need a word for performative dense-ness.
It is called a metonymy where you substitute a name that is associated to some other thing instead of mentionning that thing.
Some examples: Wall Street = NY Stock Exchange the White House = US president and his cabinet the Pentagon = US Dept of Defense Downing Street = UK prime minister
https://en.wikipedia.org/wiki/Metonymy Scotland Yard = Greater London Metropolitan Police Tehran = Government/officials of the islamic republic of Iran
As a person who lived for a long time in a political capital I was so frustrated with news articles titled like this.
"[City] decides [XYZ stupid thing]!!!"
No! We in the city didn't decide it - our responsibility is limited to our political representative. Everyone else voted in idiots and sent them here to decide idiot things!
This is a common literary device in wide use everywhere. No one is saying that YOU PERSONALLY did something just because you live in a place. Chill out.
>It is called a metonymy
or called synecdoche (square/rectangle)
This. A sane voice of reason in an insane, software-tech dork driven world.
Physical cards ftw!
Btw i love simply using cash in South America when getting a taxi, no stupid "apps", no tech nonsense. Just wait at a proper spot and hail.
I think absolutely Europe needs it's own mobile OS. And thankfully they can "just" fork Android - or better still, adopt one of the existing forks.
I suspect simply stating that it must be a supported standard will do most of the work, much like standardising phone chargers.