Re: [w3c/payment-handler] How would iDeal work? (#251) from ianbjacobs on 2018-03-19 (public-webpayments-specs@w3.org from March 2018)

From: ianbjacobs <notifications@github.com>
Date: Mon, 19 Mar 2018 13:53:10 -0700
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/251/374371949@github.com>

@adrianhopebailie, thanks for the write-up!

Regarding option 1 and potentially being tricked by a malicious 3rd-party payment app to enter account information. First, my understanding from previous conversations about this is that, under PSD2, those credentials are NOT considered to be sensitive. I think there is, furthermore, an expectation that strong user authentication will be required, so that even if the credentials are phished, without strong authentication the payment will not be authorized.

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/251#issuecomment-374371949

Received on Monday, 19 March 2018 20:53:31 UTC