Re: [w3ctag/design-reviews] Secure Payment Confirmation - Part 2 (#675)

@hadleybeeman 
> And finally, for our notes: we are reassured to see how much you're focused on privacy, based on the issues in your repo and the thorough Security and Privacy questionnaire responses. That's important in this area and we're pleased to see how much emphasis you are giving to it.

It is worth noting that the most obvious privacy object related to payments (card numbers), haven't been dealt with:
https://github.com/w3ctag/design-reviews/issues/675#issuecomment-964273692
@wseltzer 

Apple Pay and other state-of-the-art solutions which effectively are _competing_ with SPC, do not have this problem since they build on another concept, that also brings many other improvements to the table including _greatly reduced complexity_.  There are no _technical_ hurdles adopting this _time-proven_ concept by SPC. 

Another side effect of not handling payment instrument data, is that _SPC  users must usually still carry their physical payment cards_.   For A2A payments which is what the [banks in the EU target](https://www.epicompany.eu/), this becomes a veritable showstopper since these systems doesn't come with cards. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/675#issuecomment-997650234
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/675/997650234@github.com>

Received on Monday, 20 December 2021 07:03:58 UTC