[w3c/webpayments-methods-card] security and privacy considerations section seems insufficient (#31)

The current [Security and Privacy considerations section](https://w3c.github.io/webpayments-methods-card/#security) seems a bit short for the material being covered.

Some examples of things that I'd have expected to be mentioned might be:
* security risks of transferring card numbers relative to tokenized payment
* security (and perhaps also privacy) implications on the browser side
* privacy implications of sites identifying users based on their credit card
* security of card data in transit, and how [SecureContext] helps

On the flip side, security and privacy implications sections should also mention the positives, such as:
* a bunch of the material in https://github.com/w3c/webpayments-methods-card/issues/2#issue-157615118
* ways having card payment UI in trusted browser UI can reduce phishing risk

(I got here from https://github.com/w3ctag/spec-reviews/issues/152.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-methods-card/issues/31

Received on Tuesday, 11 April 2017 08:05:39 UTC