W3C home > Mailing lists > Public > public-payments-wg@w3.org > July 2016

Re: Encrypting basic card data

From: Erik Anderson <eanders@pobox.com>
Date: Mon, 11 Jul 2016 11:24:53 -0400
Message-Id: <1468250693.210932.662920377.04CF952F@webmail.messagingengine.com>
Cc: Payments WG <public-payments-wg@w3.org>
>  How is the current Basic Card mechanism any less secure than what is
>  done today using web forms to capture card details?

Adrian, time.... Time changes everything, Chip-n-pin is causing fraud to
move away from the Merchant terminal to online. Laws are changing
quickly to adjust.

Paypal was successful because they wrote a secure application in an
unsecure environment. They worked around all of the issues.

Paypal follows the best practices, assumes liability for fraud
transactions, and required financial standards.

If all you want to achieve with v1 is social payments (not financial
payments) or optimize checkout then do whatever.
 
However, credit cards, checks, and consumer data is closely regulated
and consumers have legal protection.

I am not sure why payment security topics are such an anti-pattern
topic at W3C.
 
Erik Anderson Bloomberg
Received on Monday, 11 July 2016 15:49:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 11 July 2016 15:49:14 UTC