Re: [w3c/webpayments-payment-apps-api] Should origin information (about the payment request) be shared with the payment app? (#27) from ianbjacobs on 2016-08-22 (public-webpayments-specs@w3.org from August 2016)

From: ianbjacobs <notifications@github.com>
Date: Mon, 22 Aug 2016 10:00:46 -0700
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/27/241479008@github.com>

Reading a bit in the Consultation Paper from the EBA [1]:

   "In any case, the authentication procedure should ensure that the payer is always made aware of the amount and payee of the transaction he is authorising and should be tamper-resistant to prevent any manipulation of the amount and of the payee during the initiation of the payment transaction so that any change to the amount or payee shall result in a change of the authentication code."

This made me think that if I open a payment app to make a payment, it is likely the payment app will want (or perhaps even need to) display information about the payee (origin) as part of an authorizaiton step.

Ian 

[1] https://www.eba.europa.eu/documents/10180/1548183/Consultation+Paper+on+draft+RTS+on+SCA+and+CSC+(EBA-CP-2016-11).pdf

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/27#issuecomment-241479008

Received on Monday, 22 August 2016 17:01:16 UTC