Re: Encrypting basic card data from Erik Anderson on 2016-07-11 (public-payments-wg@w3.org from July 2016)

From: Erik Anderson <eanders@pobox.com>
Date: Mon, 11 Jul 2016 11:24:53 -0400
Cc: Payments WG <public-payments-wg@w3.org>
Message-Id: <1468250693.210932.662920377.04CF952F@webmail.messagingengine.com>

>  How is the current Basic Card mechanism any less secure than what is
>  done today using web forms to capture card details?

Adrian, time.... Time changes everything, Chip-n-pin is causing fraud to
move away from the Merchant terminal to online. Laws are changing
quickly to adjust.

Paypal was successful because they wrote a secure application in an
unsecure environment. They worked around all of the issues.

Paypal follows the best practices, assumes liability for fraud
transactions, and required financial standards.

If all you want to achieve with v1 is social payments (not financial
payments) or optimize checkout then do whatever.
 
However, credit cards, checks, and consumer data is closely regulated
and consumers have legal protection.

I am not sure why payment security topics are such an anti-pattern
topic at W3C.
 
Erik Anderson Bloomberg

Received on Monday, 11 July 2016 15:49:14 UTC