- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 20 May 2026 05:44:50 +0200
- To: Steffen Schwalm <Steffen.Schwalm@msg.group>, Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
Since this forum primarily is about credentials, maybe some of you could be interested in looking into this issue: https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/issues/574 The gist of it is quite simple: selective disclosure have certain use-cases including in purchase scenarios. However, mixing this with the actual authorization message is not a great idea. The same goes for loyalty or shipping information; such data must be acquired *before* the payment event. The root of the problem is that the EUDIW community (and more surprisingly even the OIDF...), believe that payment authorizations only represent variants of user authentications, ignoring the fact that Merchants want your money, not your identity (unless required by the purchased product/service). However, since the W3C managed creating a payment authorization standard (SPC) requiring users to hand-over their card-number to Merchants in clear(!), the EUDIW folks are in good company :) Anders On 2026-05-19 12:37, Steffen Schwalm wrote: > Hi all, > > payment is included in the LSP since 2023 - unfortunately Anders ignores this since 2023 > > see e.g. https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/blob/main/docs/technical-specifications/ts12-electronic-payments-SCA-implementation-with-wallet.md > > https://github.com/nobid-consortium/payment-reference-documentation > > In new LSP APTITUDE > 25 banks work on the subject within EUDI and the reference implementation already contains e.g. SCA. Recommend W3C to contact the LSP directly for further information. > > BTW: it does not matter if there are 27 or 50 EUDI since all of them follow same standards by law. > > Regarding support of EUDI: See Art. 5f eIDAS - and since Google already work on EUDI I guess it`s not a question of if they deal somehow with it but when. > > Best > Steffen > > -----Ursprüngliche Nachricht----- > Von: Anders Rundgren <anders.rundgren.net@gmail.com> > Gesendet: Freitag, 15. Mai 2026 05:49 > An: Manu Sporny <msporny@digitalbazaar.com> > Cc: W3C Credentials Community Group <public-credentials@w3.org> > Betreff: Re: EBA taking over EUDIW-4-Payments standardization > > Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders. > > Hi Manu, > The payment part of the EU Digital Identity Wallet (EUDIW) is very confusing. Unsurprisingly, none of the government-implementations appear to include payment support. > > Starting with objectives the only known such are Strong Customer Authentication (SCA) and eIDAS2 support. However, all European banks have SCA running since 2020. BTW, this is why W3C's SPC never got traction [*]. Regarding eIDAS2, it is about identity rather than payments, > > The most disturbing part of this project is that the proponents claim that the market including Google, Banks, and Governments will through legal means be FORCED to support 27+ wallets (one for each EU government plus a number of private providers). Although none of the involved parties dare to talk about this in open, my guess is that this will simply put not happen. It might actually have the opposite effect, making Apple and Google the only credible alternatives, > > Regarding EBA and the ARF (EUDIW specification), I must admit that I have no idea what they are planning. > > In the meantime, a number of major EU banks are investing BILLIONS in something they call the European Payments Initiative (now marketed as "Wero"). > > Fragmentation galore or a payment wallet death-match in the making? > > thanx, > Anders > > *] SPC does not include payment meta-data like card numbers making the UX subpar compared to Apple Pay, not to mention the lack of POS support. > > On 2026-05-14 15:37, Manu Sporny wrote: >> As a non-European, I don't understand why this is "unexpected"? If not >> the EBA, who else would it be? Why is this happening now? Some >> arm-chair analysis would be helpful as what has occurred with >> EUDIW/ARF in the EU is thoroughly confusing to many of us not involved >> in EU politics. >> >> -- manu >> >> On Thu, May 14, 2026 at 1:45 AM Anders Rundgren >> <anders.rundgren.net@gmail.com> wrote: >>> >>> In an unexpected move by the EU parliament, the European Banking Authority (EBA) have been tasked with the standardization of the EUDIW when used in a payment authorization context. >>> >>> Paragraph 111 >>> in:https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en >>> /pdfI >>> >>> "Pursuant to Art. 5f(2) of Regulation (EU) No 910/2014, payment service providers >>> will be under an obligation to accept the use of the EU Digital Identity Wallets for >>> supporting the fulfilment of SCA requirements for online identification for the >>> purposes of account login and of initiation of transactions in the field of payment >>> services. The EBA should be tasked with the drafting of regulatory technical standards >>> which should specifically take into account the use of EU Digital Identity Wallets >>> to support the fulfilment of SCA requirements for the purposes above" >>> >>> Anders >>> >>> >> >> > >
Received on Wednesday, 20 May 2026 03:44:57 UTC