Re: Limitations of "Push" payment schemes

On 2016-08-26 21:26, Erik Anderson wrote:
> Only if there is multiple factors of Authentication, Authorization, and
> Identification.


Could there maybe be an hour or two for security related topics during TPAC?

Anders

>
>
> Practice: But in practice push is rarely used. low adoption, so of
> course there is less fraud.
>
>
> Good quote about this: "In theory, practice and theory are the same.  In
> practice, they are not."
>
> Erik Anderson
> Bloomberg
>
> On Fri, Aug 26, 2016, at 01:15 AM, Anders Rundgren wrote:
>> Dear All,
>>
>> When I first begin looking into payments I (without really thinking too
>> much about it), came up with a "Push" payment system. Push indeed has
>> certain undeniable qualities like not exposing customer data to merchants
>> as well as supporting bank-specific authentication methods.
>>
>> However, if the goal is supporting a wider range of payment scenarios,
>> "Push" doesn't seem to be the optimal approach.  So far I have identified
>> the following disadvantages:
>>
>> - Considerably more complex "Wallets" which have to deal with two
>> independent but cooperating channels and unspecified user-authentication
>> will most likely lead to each bank rolling their own
>>
>> - Incompatible with automated gas stations, subscriptions, bookings etc.
>> which all depend on some kind of "pull" method
>>
>> - Adds dependency on Internet connectivity also for local payments
>>
>> It is also worth keeping in mind that "pull" payments is the de-facto
>> standard for local card-payments so it obviously works.
>>
>> Anders Rundgren
>> Principal, WebPKI.org
>>
>>
>
>

Received on Friday, 26 August 2016 19:41:18 UTC