Re: [w3c/payment-method-basic-card] fix: don't redact addressLine from billingAddress (#77)

Hi @marcoscaceres,

Here is some additional PSP input (paraphrasing):

1. Merchant almost always asks for phone number, especially when there are goods to be delivered.
2. Phone not required for authorization but useful for risk assessment.  Risk assessments are increasingly moving towards machine learning algorithms, so more data including phone would be useful.

I would like to propose that we address the privacy balance as follows:

 * If requestPayerPhone is true, then return the phone part of billingAddress. Note that this implies that the payment handler needs access to that boolean. This is the subject of a related pull request: 
  https://github.com/w3c/payment-handler/issues/337#issuecomment-486684580

* The user agent may (or should) support configuration so that the user's phone is not returned as part of billingAddress.

Please let me know if that works for you.

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/77#issuecomment-490485406

Received on Wednesday, 8 May 2019 13:28:25 UTC