Re: VISA drops the password and replaces it with - NOTHING from Anders Rundgren on 2012-08-02 (public-webcrypto-comments@w3.org from August 2012)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Thu, 02 Aug 2012 17:05:45 +0200
To: Mountie Lee <mountie.lee@gmail.com>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <501A9749.6060802@telia.com>

Hi Mountie,

I was merely pointing to the fact that the *traditional payment networks* have spent 15Y+ accomplishing zilch.  It doesn't get any better when you realize that the PKI enrollment scheme in the latest Android version ("JellyBean") is a direct copy of a system Netscape introduced back in 1996.

IMHO, on-line banking using "soft keys" requires much more functionality than provided by the current Web Crypto API specification, while "hard key" solutions tend to be rather local.  There are maybe 500 million EMV-cards out there and they do not work on the Internet.  Consumer computers do not even have card readers.

PayPal doesn't appear to me as a particularly secure payment system but you are right; it is a breeze to use compared to VbV.

Related:
http://googlecommerce.blogspot.co.uk/2012/08/use-any-credit-or-debit-card-with.html

Cheers,
Anders
in "whining" mode :-)

On 2012-08-02 10:29, Mountie Lee wrote:
> many alternatives are exist.
> [PayPal]
> authenticate user identity with 4digit auth code printed on customer bill.
> 
> [Alipay]
> authenticate user identity by wiring small amount twice to user's bankaccount (0.78CNY, 0.23CNY)
> user have to enter "7823" as authentication code by checking user's bankaccount.
> 
> [traditional ways]
> by statistics.
> by patterns.
> by server operation (does not interrupt user experience)
> 
> -------------
> 
> webcrypto api is good for securing and enhance user experience.
> 
> regards
> mountie.
> 
> On Thu, Aug 2, 2012 at 12:57 AM, Anders Rundgren <anders.rundgren@telia.com <mailto:anders.rundgren@telia.com>> wrote:
> 
>     http://www.finextra.com/news/announcement.aspx?pressreleaseid=45624
> 
>     Current platforms are useless for [secure] banking so what else could they do?
> 
>     Anders
> 
> 
> 
> 
> 
> -- 
> Mountie Lee
> 
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net <mailto:mountie@paygate.net>
> Twitter : mountielee
> 
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
> 
> 
> 
>

Received on Thursday, 2 August 2012 15:06:32 UTC