- From: Zach Koch <notifications@github.com>
- Date: Fri, 19 Aug 2016 14:48:58 -0700
- To: w3c/webpayments-methods-card <webpayments-methods-card@noreply.github.com>
Received on Friday, 19 August 2016 21:49:29 UTC
I don't think we should take any stance on if/how/when credit cards are stored. That's a business decision. It's also by itself insufficient, as PCI governs the transmission of cards as well on the server, even if they're not stored. I do support saying something to the effect of: "The use of PaymentRequest and the Basic Card specification does not necessarily absolve a site owner of PCI compliance." Or similar (and better worded). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-card/issues/2#issuecomment-241144144
Received on Friday, 19 August 2016 21:49:29 UTC