[w3c/payment-handler] What should payees validate? (#310)

>From [TAG review](https://github.com/w3ctag/design-reviews/issues/231#issuecomment-377645336):

> [8.6 Data Validation](https://w3c.github.io/payment-handler/#data-validation) should probably be expanded a good bit; shouldn't payees also validate against data from a connection they have to the payment processor in many cases?

We should expand the [Data Validation](https://w3c.github.io/payment-handler/#data-validation) section to give more examples of what should be validated. Is it the format of the messages? Is it the transaction details? Should information be cross-referenced with the payee's PSP? etc. (I believe it's all of the above, at the very least.)

cc @dbaron

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/310

Received on Monday, 30 July 2018 19:34:00 UTC