W3C home > Mailing lists > Public > public-payments-wg@w3.org > July 2016

Re: Security and Privacy Considerations

From: Erik Anderson <eanders@pobox.com>
Date: Fri, 08 Jul 2016 11:16:58 -0400
Message-Id: <1467991018.2199796.660593281.1B9A5D8C@webmail.messagingengine.com>
To: public-payments-wg@w3.org
> I've started documenting potential security and privacy attacks against
> the Web Payments API here:
> 
> https://github.com/w3c/webpayments/wiki/Security-and-Privacy-Considerations

One of my favorite topics. Largely ignored. Seems to be one of those
anti-patterns Manu like to talks about.

I published 
https://www.w3.org/Payments/IG/wiki/Security_Issues

Take a look at the "Regulatory and liability concerns" section. I think
this section is clear where liability will fall. If known and documented
architectural/standards issues are exploited, I expect legal actions.

I have lots and lots of opinions, legal case law, and materials about
this topic.

As I have said before, standardizing a payments API with known
vulnerabilities is the same as standardizing fraud. One API to exploit
them all.

Erik Anderson
Bloomberg
Received on Friday, 8 July 2016 15:19:31 UTC

This archive was generated by hypermail 2.3.1 : Friday, 8 July 2016 15:19:31 UTC