- From: Manu Sporny <notifications@github.com>
- Date: Wed, 12 Oct 2016 10:21:55 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Message-ID: <w3c/browser-payment-api/issues/291/253279203@github.com>
> I also recall that we said that payees could verify data upon receipt of the payment response. For what use cases does that not suffice? It does not suffice for at least the 3 scenarios listed at the top of this issue: > High value transactions (Payment Request for $10,000+ in US). In this scenario, the payment app would like to make sure that the amount is correct before executing the payment. This is even more important for any sort of push-based payment. > Publishing Payment Requests in HTML via schema.org-like mechanisms (digital offers). How can a payment app ensure that a payment request published on a merchant website, indexed by a search crawler, and executed by a customer to a has not been tampered with before the payment request got to the payment app? > Business requirements that require the payer to store information demonstrating that the payee has asked for a specific monetary amount (invoice before payment, audit-ability, etc). The business requirement here is on the payment app to collect something equivalent to a "proof of invoice", not the merchant. So, in each one of these cases, the payee checking the result doesn't achieve the desired results of the use case. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/291#issuecomment-253279203
Received on Wednesday, 12 October 2016 17:22:31 UTC