Re: [w3ctag/design-reviews] Secure Payment Confirmation - Part 2 (#675)

It is worth pointing out that the model (apparently) used in the Stripe and Adyen pilots effectively make them _issuers of cloned payment credentials_.  It would be interesting to know how this cloning is performed in order to maintain the necessary binding between the payer and his/her bank.

As a (European) user of 3D Secure since more 10 years back, I have yet to encounter an e-commerce site where the bank has been taken out of the equation.  My current banks (one in France and one Sweden), use their respectively mobile banking app for the authentication/authorization step.  According to the European banking regulator, over 90% of the banks have deployed SCA (Strong Customer Authentication).

In addition, there is that a bunch of systems out there including Apple Pay, which build on concepts that have virtually nothing in common with 3D Secure and SPC.  The differences affect core issues including UX, privacy, and last but not least, backend integration.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/675#issuecomment-1035905455
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/675/1035905455@github.com>

Received on Friday, 11 February 2022 05:59:33 UTC