- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 26 Aug 2016 21:40:43 +0200
- To: Erik Anderson <eanders@pobox.com>, public-webpayments-ig@w3.org
On 2016-08-26 21:26, Erik Anderson wrote: > Only if there is multiple factors of Authentication, Authorization, and > Identification. Could there maybe be an hour or two for security related topics during TPAC? Anders > > > Practice: But in practice push is rarely used. low adoption, so of > course there is less fraud. > > > Good quote about this: "In theory, practice and theory are the same. In > practice, they are not." > > Erik Anderson > Bloomberg > > On Fri, Aug 26, 2016, at 01:15 AM, Anders Rundgren wrote: >> Dear All, >> >> When I first begin looking into payments I (without really thinking too >> much about it), came up with a "Push" payment system. Push indeed has >> certain undeniable qualities like not exposing customer data to merchants >> as well as supporting bank-specific authentication methods. >> >> However, if the goal is supporting a wider range of payment scenarios, >> "Push" doesn't seem to be the optimal approach. So far I have identified >> the following disadvantages: >> >> - Considerably more complex "Wallets" which have to deal with two >> independent but cooperating channels and unspecified user-authentication >> will most likely lead to each bank rolling their own >> >> - Incompatible with automated gas stations, subscriptions, bookings etc. >> which all depend on some kind of "pull" method >> >> - Adds dependency on Internet connectivity also for local payments >> >> It is also worth keeping in mind that "pull" payments is the de-facto >> standard for local card-payments so it obviously works. >> >> Anders Rundgren >> Principal, WebPKI.org >> >> > >
Received on Friday, 26 August 2016 19:41:18 UTC