Re: [w3c/3ds] Some high-level issues to discuss (#2)

@stpeter said:

> I very much like the idea of an issuer's payment handler including a whitelist of origins from which it will accept fingerprinting requests (after all, the cardholder presumably trusts the issuer but not necessarily the merchant).

I'm not sure how this would work. Part of the way card networks work is that there aren't bilateral relationships between every issuer and merchant. Instead, they have contractual relationships and use the card network as a central way to interact with other actors. In practice, the list of merchant websites that an issuer accepts from is the list of every company that is allowed to issue charges in the Visa/AmEx/MasterCard network. The issuer doesn't have any control over this, except training their fraud models to issue challenges more frequently on certain origins or business types.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/3ds/issues/2#issuecomment-364156760

Received on Thursday, 8 February 2018 15:58:13 UTC