- From: Laurent Castillo <notifications@github.com>
- Date: Mon, 23 Nov 2015 08:50:04 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
Received on Monday, 23 November 2015 16:50:33 UTC
Since 3DS is meant to authenticate the cardholder, I'd expect in the mid-term that the schemes (sorry - methods) would define a way to transport in the payment response a proof-of-ownership (and consent) that would be recognized as a valid replacement for 3DS. This would typically be some kind of signature generated by the payment app. In the mean time, for the "legacy" payment method, we can add an optional "UCAF" field in the payment response (UCAF stands for Universal Cardholder Authentication Field, and is the value that is generated by the issuer of the card at the end of the 3DS authentication, and attached by the merchant's PSP to the authorization request). That way, if the payment app is able to generate that value (typically if it's acting on the issuer behalf or if it's running 3DS itself), the merchant can skip the whole 3DS redirect phase and send the authorization request directly. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/10#issuecomment-158993174
Received on Monday, 23 November 2015 16:50:33 UTC