- From: tugal <notifications@github.com>
- Date: Wed, 08 Feb 2017 00:46:12 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 8 February 2017 08:46:46 UTC
Hi,
I am working for an european PSP (Lyra Network, member of W3C).
We work hard to provide PCI DSS compliant solutions (E-commerce merchant doesn't want to handle PCI certification costs).
1- We have only two technical solutions to provide payments : payment page redirection & Iframe.
Currently, the specification does not allow any of these solutions, which raise our concerns about its adoption . We cannot ask our customer to migrate to a non PCI compliant solution.
Does the specification intend to support existing payment solutions that follow PCI DSS rules ?
2- Pay Apps are great piece of the specification, but they raise several issues
- Payee may have his favourite Pay Apps. Is the PSP supposed to deal with all these Payment Apps and handle their own payment message structure (Android Pay sends token, Basic Card sends clear data, Maybe some app will send encrypted data) ?
- Regarding PCI DSS, every system where critical data transits must be certified PCI DSS in order to be compliant. Will the browser (Mediator) be certified, knowing that critical data can be stolen from a browser in a corrupted computer?
Thanks for your work,
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/210
Received on Wednesday, 8 February 2017 08:46:46 UTC