Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396)

Guys, please note most important things for transaction authorization from the perspective of financial institutions like banks, paymenet organisations etc.

In order to make authorization of financial transaction attractive for those instutions and provide better security than SMS/authenticator or bank apps where you approve transactions out-of-band the main channel you initiate it you need:
- present the user details of that transaction
- ensure that attacker (assume man-in-the-browser or malware with admin rights on users side) is not able to change the details, overwrite it, hide it (to present own information) etc.

Are any of those taken into consideration and we have means to ensure that is at least much harder than attacking end customers for example with malware on their mobile devices listening to SMS codes to bypass second factor used to authorize transactions?

GitHub Notification of comment by mattimac
Please view or discuss this issue at using your GitHub account

Received on Saturday, 6 June 2020 19:05:42 UTC