Re: Encrypting basic card data

> On Jul 11, 2016, at 4:43 AM, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
> 
> I'm hearing:
> 
> Let's not do this in v1, it may imply more security than is actually being provided and we haven't actually identified the threat properly to evaluate it's value.
> 
> Rather, let's work out a comprehensive solution for v2 that fully mitigates a MiM threat

Overall, that seems fine. I also had understood there might be some interest in collaborating on some additional payment method specs that
might foster more security without requiring changes to v1 of the API. Ideas included EMV and 3D Secure.

Ian

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Monday, 18 July 2016 22:01:47 UTC