Hi, > Pass tokens generated through payment apps (e.g., by vault services) and authorized by users to the merchant (or PSP) to eliminate PCI-DSS compliance issues (by eliminating merchant exposure to PANs). >From my point of view, it only move PCI-DSS compliance from merchant's web site to payment apps. To avoid complicated security work on payment apps, we should embed the payment form (to collect card info) in an iframe. > Harmonize how tokens are communicated to the merchant (through the Payment Request API) so that it is easier for PSPs integrated with the merchant to use the token to process a payment. +1 Maybe have an tokenized basic card (generic payment app like basic card) which accept some endpoints & data could be a good idea to connect User with merchant's PSP without the need to create a payment app/PSP, > 3DS in Payment Apps Big +1 to priorize this subject Thanks, -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-tokenization/issues/7
Received on Tuesday, 23 May 2017 07:48:09 UTC