This may sound as a good idea but it is not because all real world payment methods including Android Pay and Apple Pay already come with their own specific security solutions. Adding another layer on top of that will most certainly have a detrimental effect on interoperability.
The problem mentioned with encryption (a bad Merchant could swap key), is fully addressed in more developed payment solutions such as Saturn where the encryption key is provided as a part of the payment credential.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-methods-tokenization/issues/22#issuecomment-345931299