- From: Steve Sommers <steve@shift4.com>
- Date: Tue, 5 Sep 2017 17:06:28 +0000
- To: 'Ian Jacobs' <ij@w3.org>, Payments WG <public-payments-wg@w3.org>
Sorry, I was not able to attend. One comment in reading the minutes: RE: "Sachin: I think it makes more sense to manage these two as separate specs ... I think we should address encrypted card and network tokens separately for now ... and later see if we want to merge" +1 The whole basis for tokenization is that tokens cannot be decrypted. Tokens should not be mathematically related to the data they are protecting. For specific scenarios, encryption is a must - including behind the scenes for tokenization (I.E. the referenced vault), but including encryption support within a tokenization spec defeats its biggest benefit - IMHO. To me, secure passing of card data like this should happen behind the scenes, outside the merchant environment, provider to provider with the payment API passing provider information. Maybe this could be a separate card/token exchange spec for providers to use. I intentionally used "provider" here as a provider could be a card network (brand), processor, gateway, or even a merchant hosted tokenization vault of some sort. Steve Sommers Senior Vice President, Applications Development Shift4 Corporation 1491 Center Crossing Road Las Vegas, NV 89144-7047 702.597.2480 ext. 40400 fax 702.597.2499 www.shift4.com steve@shift4.com facebook.com/shift4corp twitter.com/shift4corp linkedin.com/companies/shift4-corporation shift4.com/blog This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate,distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -----Original Message----- From: Ian Jacobs [mailto:ij@w3.org] Sent: Tuesday, September 05, 2017 9:39 AM To: Payments WG Subject: Minutes [Was: [Agenda] 5 September Tokenization Task Force call] Hi all, Minutes from today’s call: https://www.w3.org/2017/09/05-wpwg-minutes.html Next meeting: 19 September Ian > On Sep 4, 2017, at 8:23 AM, Ian Jacobs <ij@w3.org> wrote: > > Participants in the tokenization task force, > > Our next call takes place 5 September at 11:30am-12:30pm ET. > We will meet on irc.w3.org on #wpwg. > > Previous call: 22 August: > https://www.w3.org/2017/08/22-wpwg-minutes > > Ian > > ====== > Agenda > > * Review NEW draft “Encrypted Card Payment Method” (Olivier) > https://github.com/w3c/webpayments-methods-tokenization/wiki/encrypted_card > > * Next meeting. Proposed 19 September. > - Question: will we have updates to network tokenization spec by then? (or requires another week?) > > Thank you, > > Ian > -- > Ian Jacobs <ij@w3.org> > https://www.w3.org/People/Jacobs/ > Tel: +1 718 260 9447 > > > > -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Tuesday, 5 September 2017 17:06:59 UTC