Funding a donation with a manual bank transfer

[Changaco]

This issue is about documenting why Liberapay no longer supports bank transfers initiated by the donor from their bank's website or application.

~~1. The process of having the donor go to their bank's website and manually input the transfer details (amount, destination, identification code) is too error prone, and we can't guide them through it because every bank's website is different.

2. International bank transfers are unpredictable. For example the amount that is received isn't always the amount that was sent, because any intermediary bank can take a fee.
3. Regulations prevent Liberapay from receiving the funds directly. We can instruct the donor to send the funds directly to the recipient's normal bank account, but then it's difficult for us to confirm that the transfer has been received, and exposing someone's bank account number can be problematic.~~

This issue is now about re-adding support for bank transfers. Basic implementation checklist:

• [ ] Add support for bank transfers in www/%username/giving/stripe/%payin_id.spt.
  • [ ] Include a SEPA QR code and a payto: URI (#1062) in the page asking the donor to send the money.
• [ ] Add bank transfer as a choice in www/%username/giving/%payment_id.spt.
• [ ] Implement manual reconciliation in www/callbacks/stripe.spt.
• [ ] Add tests in tests/py/test_payins.py.

Remaining question to investigate: can we add support for the UK, Mexico and Japan when the recipient is in one of those countries? No.

[Changaco]

This information should probably go in a new /about/payment-methods page which https://liberapay.com/about/faq#payment-methods would link to.

[Changaco]

Stripe has added support for manual bank transfers in a way that should allow Liberapay to support them once again: https://stripe.com/blog/reimagining-bank-transfers

According to https://stripe.com/fr/pricing/local-payment-methods the fee is 0.5% up to €5.00, and €0.50 per successful refund.

[VincentSC]

Important: SEPA is used by criminals to steal from accounts. It's much easier to be stolen via SEPA than via creditcards, as creditcards have all kinds of additional checks in place.

This means that it should be treated as an unsafe payment method.

[fadeldanovan]

u guys hv acc swift.com ?

[Changaco]

Stripe's solution isn't fully viable due to the very limited number of virtual European bank account numbers (1k free, then €2 per number up to 50k). I've sent them an email asking if instead of allocating a VBAN to each donor, we're allowed to use the same one for all and distinguish incoming transfers by reference codes like in the old days.

[Changaco]

I've finally received an answer from Stripe. They say sharing VBANs is allowed, but they strongly advise against it, mentioning “substantial delays during the refund process” as one source of friction. (Donations are rarely refunded, so that's not a big deterrent.) They want to know how many VBANs we expect to use in the first year in order to negotiate custom pricing.

[VincentSC]

Did you also work on the abuse-part? We had €5000 stolen from our account via your platform.

I saw you marked my previous remark as off-topic, but that decreases my trust in the platform.

[Changaco]

@VincentSC Your comments are off-topic. This issue isn't about direct debits, it's about bank transfers that the payer initiates from their bank's website or mobile application.

The large-scale direct debit fraud was solved more than a year ago (https://github.com/liberapay/salon/issues/541#issuecomment-1368797510), and I assume you got your money back.