Re: Integration between PaymentRequest and Receipts

On 2020-10-04 19:07, Tom Jones wrote:
> Let me express my concern that I presented earlier to the UKOBIE. Creating a common UX between my bank and some random request for funds is likely to lead to fraud by attackers trying to confuse the user into making payments that are not intended. I strongly believe that the user MUST understand when they are securely communicating with their bank and when they are being solicited for payments. Integrating these two is not going to end well for consumers.

Dear Tom, does this has anything to do with the integration of receipts?

Anyway, if we stick to on-line/Web payments, I believe you are trying to solve a problem that you haven't fully analyzed.  In short: you cannot get any money out of the system unless you are a legitimate merchant.  If a legitimate merchant tries to fool users there's nothing your bank can do about it up-front.  In fact, it probably cannot (on its own) even know if the merchant is legitimate!  Isn't that a problem?  No, the legitimacy of a merchant is provided by other parts of the payment infrastructure.

Saturn is in this respect no different than for example Apple Pay.  BTW, these systems do not talk (directly) to the bank; they build on user authorizations that are (indirectly) "routed" to the bank.

However, fraud have indeed been reported for P2P payments systems like Zelle and Swish, where the identity of the recipient remains a thorny problem.  If you have a silver bullet to offer here, I'm sure we are all ears!

If you want, we could have a video-call on how Saturn deals with authorization.

Anders

> Peace ..tom
> 
> 
> On Sun, Oct 4, 2020 at 6:16 AM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     Hi WG,
> 
>     This is not yet ready for public testing, but here is the core documentation:
>     https://1drv.ms/b/s!AmhUDQ0Od0GTigDejoaMj3TZ0sKs
> 
>     Enjoy!
>     Anders
>

Received on Sunday, 4 October 2020 18:51:21 UTC