- From: mattsaxon <notifications@github.com>
- Date: Fri, 20 Nov 2015 09:04:53 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Message-ID: <w3c/webpayments/issues/11/158461156@github.com>
> The only situation I see this happening is if the payer and payee are using the same PSP. e.g. The Payment App is from PayPal and the merchant is using PayPal as their PSP. Are there use cases I am not thinking of? There are 2 use cases commonly used today, both of these have regard to the protection of sensitive card information as it passes through the merchant to the acquirer. The two uses cases are encryption or tokenisation, Both of these need Merchant PSP specific processing prior to the card details being send to the merchant. The Payer is not aware that this is happening currently and it is principally a solution to reduce risk at the merchant. There is a case in my mind for making this added layer of security visible to the user however. It is my view that supporting this type of interaction is necessary for our specification to be adopted. Furthermore supporting it explicitly somehow in the flow would allow the User-Agent to flag to the user that their card details cannot be intercepted by the merchant. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/11#issuecomment-158461156
Received on Friday, 20 November 2015 17:05:57 UTC