We

Dear Interest Group,

 

I've few comments to share about the Web Payments Charter FAQ.

 

1. It is stated there that moving from 2-factor authentification standard to
3 Factor in one of the challenges. But do we really need that challenge?
Probably we should replace it with something like "the lightest
authentication possible for the relevant level of security". There are cases
where we need to have the strongest authentication possible (e.g.
cross-border payment of large sums), but at the same time there are cases
when we use very light authentication - for example a small amount for a
service that was paid by same person many times in the recent past.

 

2. Second comment is about payment flow scheme (
<https://www.w3.org/Payments/IG/wiki/Web_Payments_WG_Charter_FAQ#What_paymen
t_flows_will_the_standards_support.3F>
https://www.w3.org/Payments/IG/wiki/Web_Payments_WG_Charter_FAQ#What_payment
_flows_will_the_standards_support.3F).

There is a "Prompt user to: ... Confirm terms" point before "Send payment
initiation response". However, not all terms can be known at this stage
since there are other steps which can influence terms (e.g. on the side of
Payee Web Application) after it. So "Confirm terms" should be moved to a
position just before "Payments processing" and after Payment Initiation
Response. Alternatively, another "Confirm contract details" step can be
added instead, but I think gets too detailed.

 

3. About credit push payment example. There it is stated "The payee (via the
Web application) sends a payment completion request to the browser." But it
not necessarily the payee who makes this request. In cases like ours the
payer is the one who sends a payment completion request for a wallet
services, with the next step being to notify a payee.

 

--

Evgeny Vinogradov

Yandex.Money