W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396)

From: mattimac via GitHub <sysbot+gh@w3.org>
Date: Sat, 06 Jun 2020 19:05:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-640104732-1591470338-sysbot+gh@w3.org>
Guys, please note most important things for transaction authorization from the perspective of financial institutions like banks, paymenet organisations etc.

In order to make authorization of financial transaction attractive for those instutions and provide better security than SMS/authenticator or bank apps where you approve transactions out-of-band the main channel you initiate it you need:
- present the user details of that transaction
- ensure that attacker (assume man-in-the-browser or malware with admin rights on users side) is not able to change the details, overwrite it, hide it (to present own information) etc.

Are any of those taken into consideration and we have means to ensure that is at least much harder than attacking end customers for example with malware on their mobile devices listening to SMS codes to bypass second factor used to authorize transactions?

-- 
GitHub Notification of comment by mattimac
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-640104732 using your GitHub account
Received on Saturday, 6 June 2020 19:05:42 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 June 2020 19:05:43 UTC