W3C home > Mailing lists > Public > public-payments-wg@w3.org > November 2019

RE: [Agenda] 27 November Card Payment Security Task Force

From: Nick Telford-Reed (W3C) <w3@stormglass.consulting>
Date: Thu, 28 Nov 2019 11:06:13 +0000
Message-ID: <CAEN_Gjs-kd+GGQXGSCpxGoM9SgHNYLP1DCnXWiTU+0zYWsxV2A@mail.gmail.com>
To: Peter Saint-Andre <stpeter@mozilla.com>, Ian Jacobs <ij@w3.org>, Adrian Hope-Bailie <adrian@coil.com>, Web payments WG Public <public-payments-wg@w3.org>
 * From the PAN you can tell the corresponding SRC system.

It's my understanding that this is not a safe assumption. Cards can be
enrolled in multiple SRC systems as Peter points out. Moreover, there will
be an regulatory storm if the card brands insist that a card can only be
SRC'd by the issuing brand. Similarly, today you can see multiple card
brands enrolled in the brand provided wallets.

This is why I made the point about a directory of SRC systems way back
when. Otherwise, how does a third party provider know where to look for
enrollment checks?

Nick Telford-Reed
Director, Stormglass Consulting Ltd
e: nick@stormglass.consulting

On Wed, 27 Nov 2019, 3:49 pm Peter Saint-Andre, <stpeter@mozilla.com> wrote:

> On 11/27/19 8:18 AM, Ian Jacobs wrote:
> >  * From the PAN you can tell the corresponding SRC system.
> As I understand it, this is not always true. Some cards, for instance,
> might participate in multiple systems (say, Visa and Carte Bancaire). We
> uncovered this issue during work on Basic Card last year.
> (BTW, I need to send regrets for today's call; sorry about that.)
> Peter
Received on Thursday, 28 November 2019 11:06:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:34 UTC