- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 24 Aug 2015 15:11:55 +0200
- To: Web Payments IG <public-webpayments-ig@w3.org>
Although engineering issues seem to have been delegated to the future WG (which IMHO is a risky idea), I wonder if anybody has any input on the following observations that have emerged from my experiments with payment protocols. Claim 1: Tokenization is primarily applicable to pull payments where there is no prior interaction with the account holder (one-time card-numbers have been i practical use since more than 10 years back but rely on a connection to the user's bank). Claim 2: Tokenization a la EMVCo is limted to Merchants; Payment processors are supposed to be "safe" for dealing with true PANs. Claim 3: Using a decentralized pull scheme, tokenization could be replaced by the account holder (bank) encrypting PANs for the specific Payment processor. Encrypting PANs is similar to what VISA's and MasterCard's SET (Secure Electronic Transaction) did in the 90'ties. One advantage with decentralized pull schemes is the elimination of Token service providers which is important since the Token provider concept doesn't scale; it (for practical reasons) depends on "Super-Providers". Anders performing his weekly update
Received on Monday, 24 August 2015 13:12:27 UTC