> I've started documenting potential security and privacy attacks against > the Web Payments API here: > > https://github.com/w3c/webpayments/wiki/Security-and-Privacy-Considerations One of my favorite topics. Largely ignored. Seems to be one of those anti-patterns Manu like to talks about. I published https://www.w3.org/Payments/IG/wiki/Security_Issues Take a look at the "Regulatory and liability concerns" section. I think this section is clear where liability will fall. If known and documented architectural/standards issues are exploited, I expect legal actions. I have lots and lots of opinions, legal case law, and materials about this topic. As I have said before, standardizing a payments API with known vulnerabilities is the same as standardizing fraud. One API to exploit them all. Erik Anderson BloombergReceived on Friday, 8 July 2016 15:19:31 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:18 UTC