- From: ianbjacobs <notifications@github.com>
- Date: Mon, 04 Mar 2019 18:03:43 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/pull/843/c469504886@github.com>
Hi @snyderp, I'll start by saying that this topic has been a challenging one for the Working Group, and new ideas are welcome. We are relying on implementaitons to help mitigate abuse while at the same time responding to merchant requirements to be able to decide what checkout experience they can provide that will afford the least friction. The particular text that you are referring to no longer exists in my pull request. However, it may be that you have the same question over the new text. I invite @marcoscaceres, @rsolomakhin, @danyao, and @aestes to weigh in on their implementation experience. There have been other ideas on this topic that have not gained traction for other reasons; see #777 for example. Regarding data gathering for risk analysis, that seems to lie partly within the scope of several W3C groups. The Web Payments WG has had some discussions with EMVCo about 3-D Secure, which gathers some data. We've also chatted with the Web Authentication Working Group about whether WebAuthn (e.g., attestations) might be helpful in reducing reliance on JavaScript. And FIDO and EMVCo are also discussing that topic. To help facilitate some of these conversations we have been discussing the creation of a W3C Interest Group on Web payment security. A draft charter was reviewed by the W3C Membership, EMVCo Board, and FIDO Board; we are currently addressing feedback. In short: I would like to make it easier to discover and participate in Web payment security topics. I hope this proposed IG can help fulfill that goal. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/843#issuecomment-469504886
Received on Tuesday, 5 March 2019 02:04:05 UTC