Re: [w3c/browser-payment-api] If a card payment fails, should we support exclusion of that card instrument from matching? (#237)

Unless the payment method has a unique identifier (NOT THE PAN) that the merchant can use to call it out to the mediator, I cannot imagine any way to support this.  So, question: do we have that?

If we do not have that, then a merchant can always 1) remote that type of card from their accepted forms of payment, or 2) just remember it and reject another attempt with the same card in the same session (flag it to their own JS running in the user agent).  

I personally wouldn't want the merchant passing my PAN around nor remembering it from session to session.  But that's why I want support for things other than basic card ;-)

Conversely, if a payment app knows that a payment method has failed (because they are processing the payment request and returning a token indicating success or failure of the payment) I am perfectly comfortable with the Payment App conveying this information to the user and omitting the payment method from the available collection.  That's the job of my smart wallet - don't let me overdraw my checking account (or whatever).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/237#issuecomment-239916016

Received on Monday, 15 August 2016 20:18:52 UTC