- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 30 Nov 2022 07:37:38 +0100
- To: W3C Credentials Community Group <public-credentials@w3.org>
Identity is a pretty difficult field so I keep a low profile there. However, user authorizations of account based payments are not anywhere near in complexity, or is it? That we after 30 years with the Web still do not have Secure AND Convenient online payments, must thus rather depend on business related issues, right? This is a bit of a simplification, because for many technical people a payment authorization is just a variant of an authentication. Some people even claim that identity is a fundamental part of payments. Although this is correct, it is not aligned with how payment authorizations currently work, where you rather prove ownership to an account. There are also misunderstandings regarding the need for Merchants knowing that a card number is valid. This is a relic from the offline era when Merchants had paper books with revoked card numbers. In fact, Merchants do not need card numbers at all; they need trustworthy confirmations that they are (or will be) paid, something only payment networks can provide. That is, a useful wallet for payment authorizations requires a pretty good understanding of the entire process, from enrollment to actual usage. That a C2B payment involves at least 4 actors (User/Client, Merchant, PSP, Issuer Bank), all having rather specific functions and trust relationships, not to mention business models, indicates that this is anything but simple. Conclusion: this space seems more or less reserved for giants who can push a specific technical solution, APIs, and business model. There is no known quest for an open wallet among payment providers either. It is rather the opposite; they are concerned that nothing "bad" happens that could threat their current business. Unsurprisingly, my proposal for making https://www.w3.org/TR/secure-payment-confirmation/ competitive with Apple Pay by including account numbers in the enrollment was met with extreme coldness and permanent mailing list blocking. Anders
Received on Wednesday, 30 November 2022 06:37:51 UTC