After some discussion with Adrian HB and Nick it would seem that the tokens returned in my demo are called token-pans, aka tpans, and are technically supported by the EMVco spec alongside network tokens. Tpans (like in my demo) can have a dynamic CVV rather than a cryptogram and while tpans can masquerade as basic cards, they offer additional benefits like scoping and being outside of PCI. However, our spec currently makes cryptogram a required field and thus makes tpans not 'tokenized-cards'. Is it our intent to preclude tpans from tokenized-card or should there be changes to support this use case as distinct from basic-card? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-tokenization/issues/53
Received on Tuesday, 23 October 2018 15:52:04 UTC