[w3c/payment-handler] What should payees validate? (#310) from Rouslan Solomakhin on 2018-07-30 (public-webpayments-specs@w3.org from July 2018)

From: Rouslan Solomakhin <notifications@github.com>
Date: Mon, 30 Jul 2018 12:33:38 -0700
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/310@github.com>

>From [TAG review](https://github.com/w3ctag/design-reviews/issues/231#issuecomment-377645336):

> [8.6 Data Validation](https://w3c.github.io/payment-handler/#data-validation) should probably be expanded a good bit; shouldn't payees also validate against data from a connection they have to the payment processor in many cases?

We should expand the [Data Validation](https://w3c.github.io/payment-handler/#data-validation) section to give more examples of what should be validated. Is it the format of the messages? Is it the transaction details? Should information be cross-referenced with the payee's PSP? etc. (I believe it's all of the above, at the very least.)

cc @dbaron

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/310

Received on Monday, 30 July 2018 19:34:00 UTC