- From: ianbjacobs <notifications@github.com>
- Date: Mon, 28 Nov 2016 11:48:45 -0800
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Message-ID: <w3c/browser-payment-api/issues/331/263374396@github.com>
Hi @marcoscaceres, I believe that previously we have wanted to avoid listing payment method -specific security considerations such as "don't store CVV." That is how we ended up with this text in the Basic Card specification: "Note: Implementers may be subject to PCI DSS or other regulations, but discussion of those considerations lies outside the scope of this document." See also discussion about user consent text: https://github.com/w3c/browser-payment-api/issues/229 Of the things you listed above, I support (in addition to our consent discussion of issue 229): - Adding to payment app good practice documentation sensitivity to displaying account information (but without specific guidance for credit card PANs) I don't understand: - the Unicode strings / URLs bullet I do not support the addition of general user interface considerations such as: - General security topics like how apps protect data - How to deal with too many items on a screen - Consideration for the time required for a user to take action Thanks! Ian -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/331#issuecomment-263374396
Received on Monday, 28 November 2016 19:49:47 UTC