Security of the solution. Re: CfC to publish documents as FPWD of the Web Payments WG

Non-member opinion: I don't believe that Web payments solutions that do not reach
a client-side security level comparable to EMV-cards in payment terminals, or Apple Pay,
are worth dealing with in a new standard.

That would for example exclude the Basic Card Payment (aka CNP - Card Not Present) profile:

However, the strategy behind the Web Payment API (more or less) mandates that
even deficient payment schemes like CNP indeed transcend into W3C standards.
This strategy has multiple downsides including the inability giving the market
a firm message regarding core system features.

Naturally alternative approaches also have their share of problems; the issue
is rather what the payment world in general is expecting.


Received on Thursday, 7 April 2016 16:13:00 UTC