Re: Security and Privacy Considerations

> I've started documenting potential security and privacy attacks against
> the Web Payments API here:

One of my favorite topics. Largely ignored. Seems to be one of those
anti-patterns Manu like to talks about.

I published

Take a look at the "Regulatory and liability concerns" section. I think
this section is clear where liability will fall. If known and documented
architectural/standards issues are exploited, I expect legal actions.

I have lots and lots of opinions, legal case law, and materials about
this topic.

As I have said before, standardizing a payments API with known
vulnerabilities is the same as standardizing fraud. One API to exploit
them all.

Erik Anderson

Received on Friday, 8 July 2016 15:19:31 UTC