Although not yet adopted, the Berlin Group's NextGenPSD2 API folks are currently toying with a new way performing payments.  I found the description kind of fuzzy so I distilled it into a single page:

The most striking element is that this scheme doesn't build on OAuth.  IMO, this is quite logical since OAuth was orginally designed for three parties (TTP, User, and SP/AS), while payments introduces a fourth party, the (secuity-wise) semi-trusted Merchant.


Received on Thursday, 30 July 2020 04:46:17 UTC