- From: Erik Anderson <eanders@pobox.com>
- Date: Fri, 08 Jul 2016 11:16:58 -0400
- To: public-payments-wg@w3.org
> I've started documenting potential security and privacy attacks against > the Web Payments API here: > > https://github.com/w3c/webpayments/wiki/Security-and-Privacy-Considerations One of my favorite topics. Largely ignored. Seems to be one of those anti-patterns Manu like to talks about. I published https://www.w3.org/Payments/IG/wiki/Security_Issues Take a look at the "Regulatory and liability concerns" section. I think this section is clear where liability will fall. If known and documented architectural/standards issues are exploited, I expect legal actions. I have lots and lots of opinions, legal case law, and materials about this topic. As I have said before, standardizing a payments API with known vulnerabilities is the same as standardizing fraud. One API to exploit them all. Erik Anderson Bloomberg
Received on Friday, 8 July 2016 15:19:31 UTC