- From: Adrian Hope-Bailie <notifications@github.com>
- Date: Wed, 15 Aug 2018 05:59:11 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/issues/753/413189678@github.com>
> The core of the problem is that BIN databases are quite unreliable (~10% error rate). Our user research is telling us users can't reliably differentiate between their debit and credit cards, so this puts us in a bad position (where both users and BIN data still result in unacceptable error rates). @marcoscaceres I agree that the core problem is unreliable BIN data. > So, the only sensible solution seems to be to pass a card's BIN number back to the merchant, and for them to figure out what kind of card it is. Unfortunately I don't think merchants will be any better at determining a card type than anyone else. They don't have access to any better data. The reality is that for many years this data has been treated as semi-private by the card networks and there are country-specific lists maintained by payment associations in each country with further granularity so unless you have special privileges and a global footprint you likely won't have anything better than what is in the public domain. > While it protects privacy, it's kinda useless because we can't guarantee that the total shown to the user is the total they will be charged. That seems like a deal breaker to me. I think this is specific to the difficulty of determining card types and the `basic-card` payment method. If we design the payment handler spec correctly the data required to make an accurate price calculation should be provided by payment handlers at registration so there is no ambiguity. By offering a "built-in" payment handler for `basic-card`, browsers have taken on the burden of needing to determine the characteristics of the cards they store (and offer as payment instruments). In my opinion this is an implementor challenge. If the card networks want browsers to offer `basic-card` in a way that is reliable they need to find a way to provide them with the data to do that. That seems like an easier challenge than trying to provide that data to every merchant. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/753#issuecomment-413189678
Received on Wednesday, 15 August 2018 12:59:32 UTC