- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 6 Oct 2016 10:06:55 +0200
- To: Jeffrey Burdges <jeffrey.burdges@inria.fr>, Web Payments IG <public-webpayments-ig@w3.org>
- Cc: Taler <taler@gnu.org>
On 2016-10-03 23:41, Jeffrey Burdges wrote: > > I noticed this NYT article that couched the Payment WG's spec as being > about "one click" : > http://www.nytimes.com/2016/09/26/business/dealbook/what-if-one-click-buying-were-internetwide.html?_r=0 > > It's not actually possible to do one click shopping on a merchant's site > securely. You need interactions with the payment mediator and payment > app. There are other noteworthy stuff in the article as well: "On the security side, rather than sending along all the credit card details, the browser will generate a one-time payment token that will avoid leaving your credit card number in countless databases around the world" The _browser_ performs tokenization? Anders > > Interestingly, there is actually a way to do one click shopping though > if you move the buy button off the merchant's site entirely and into the > browser itself. If a merchant sends a contract, then you display the > payment mediator, shipping address information, and payment app in an > overlay window separate from the merchant controlled window. This > contains a buy button, so the user can verify information like shipping > visually, and push buy without necessarily changing anything. > > Just though that was funny, > Jeff >
Received on Thursday, 6 October 2016 08:07:31 UTC