Re: [w3ctag/design-reviews] Secure Payment Confirmation (#544)

@slightlyoff @marcoscaceres @mikewest @domenic @kenchris Since native mobile apps (as I predicted https://lists.w3.org/Archives/Public/www-tag/2017Aug/0003.html) have taken over the payment space while Web (browser) payment technology haven't progressed a single millimeter, this issue is more fundamental than just another API.  Maybe the answer is that nobody really cares?

If somebody do care, _the combination of FIDO and pre-built payment support in browsers is effectively a_ **new platform**.  IMO a new platform motivates some kind of research to figure out its **true potential**, particularly in the light of previous attempts.

Google rather applied this brand new platform to _legacy payment architectures that were explicitly designed to not require security HW and/or built-in browser support_.  It also means that SPC will be compared to existing systems that (once again!) typically are relying on mobile native applications.  I recently donated $10 to Wikipedia and they used 3DS (outsourced, of course).  My bank's mobile banking app received a notification and I finished the payment with a fingerprint.  That is, neither Wikipedia nor my bank have any reasons to be interested in SPC since it doesn't offer anything but additional costs and customer hassles.

<table><tr><td>
Don't forget where you read this first in case you (in 5 years or so) find that Web (only) payments didn't make it this time either.
</td></tr></table>

Anyway, whatever Web payment solution W3C comes up with, there are no guarantees for success and the need for marketing must not be underestimated.  For SPC which is a "framework", this becomes unusually tricky:  _Who_ is going to market _What_ and to _Whom_?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/544#issuecomment-915822393

Received on Thursday, 9 September 2021 07:08:34 UTC