Re: Seeking input on agenda for 2 October Card Payment Security Task Force

You might be interested in looking into
since it:
- Uses PaymentRequest (native mode payment handlers) for the Web and other solutions for non-Web channels, while protocol and security remain identical
- Uses the same cryptography as WebAuthn but integrated in the actual payment process
- Supports risk-based/step-up authentication by carrying client related data to the authorizing point
- Uses TEEs (Trusted Execution Environments) for storing authorization keys
- Also supports non-direct payment scenarios, including Gas Stations, Bookings and Recurring payments
- Also supports A2A (Account to Account) payments and refunds

Obvious limitations which I hope to remedy include:
1. Crucial: Reusing the client architecture for supporting P2P (Person to Person) payments
2. Important: Loyalty cards
3. Nice and currently generally missing feature: Receipts

#2 and #3 is is currently outside of my competence, while #1 may be able to exploit EPC's SPL (SEPA Proxy Lookup) scheme.

Since does not appear to support a "wallet" concept or P2P payments, I didn't consider that part of the W3C specifications.


On 2019-10-01 23:19, Ian Jacobs wrote:
> Dear Card Payment Security Task Force participants,
> I don’t have a concrete agenda for our 2 October task force call. I am happy to meet, but I have not been able to make
> time to review the TPAC discussions and build an agenda for the meeting. Off the top of my head, I think our next steps are:
>   - Review what’s missing from the data model description based on the Mastercard demo
>   - Review the identity management flows [1]
>   - Enumerate the flows that raise “multiple authentication” possibilities and determine what actions are needed to address those
>   - Any other topics on people’s mind.
> [1]
> Please let me know whether you’d like to meet, or wait until 9 October, or 16 October (our next scheduled call after tomorrow).
> Thank you,
> Ian
> --
> Ian Jacobs <>
> Tel: +1 718 260 9447

Received on Wednesday, 2 October 2019 06:24:17 UTC