W3C home > Mailing lists > Public > public-payments-wg@w3.org > July 2016

Re: Encrypting basic card data

From: Ian Jacobs <ij@w3.org>
Date: Mon, 18 Jul 2016 17:01:42 -0500
Cc: Adrian Bateman <adrianba@microsoft.com>, Payments WG <public-payments-wg@w3.org>
Message-Id: <9E0E5EFD-73B9-45B0-BAAE-AA8D35A434DF@w3.org>
To: Adrian Hope-Bailie <adrian@hopebailie.com>

> On Jul 11, 2016, at 4:43 AM, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
> 
> I'm hearing:
> 
> Let's not do this in v1, it may imply more security than is actually being provided and we haven't actually identified the threat properly to evaluate it's value.
> 
> Rather, let's work out a comprehensive solution for v2 that fully mitigates a MiM threat

Overall, that seems fine. I also had understood there might be some interest in collaborating on some additional payment method specs that
might foster more security without requiring changes to v1 of the API. Ideas included EMV and 3D Secure.

Ian

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447




Received on Monday, 18 July 2016 22:01:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 18 July 2016 22:01:47 UTC