Re: [webpayments] How do we protect certian data in the messages from certain parties in the flow as the use case requires? (#78)

In the interest of keeping the API simple, I prefer option 3 ("Leave entirely to the payment app publishers and payment methods to define field level encryption as they see fit"). Also, this works nicely with payment apps that talk directly to payment processors, although this is not part of the spec. For example, Android Pay talks directly to Stripe and sends a crypto-token to the merchant. This crypto-token is opaque the merchant.

Reply to this email directly or view it on GitHub:

Received on Wednesday, 3 February 2016 22:01:28 UTC