W3C home > Mailing lists > Public > public-webpayments-specs@w3.org > May 2019

Re: [w3c/payment-method-basic-card] Don't redact phone number from billingAddress (#80)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 09 May 2019 20:12:52 -0700
To: w3c/payment-method-basic-card <payment-method-basic-card@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-method-basic-card/pull/80/c491140231@github.com>
So, my concern here is that we are enabling another Equifax situation here:
https://www.identityforce.com/business-blog/equifax-breach-impacts-143-million-steps-to-keep-your-identity-protected

I can understand that there are systems in certain countries that use limited amounts of address information for verification, but if these companies can live without the phone number, then they should make due without. 

From the discussions we've had so far, sharing the phone number doesn't appear to be critical, just another "nice to have" data point - so, in light of actual evidence (and in light of substantial data breaches) I remain quite opposed to sharing the phone number associated with a billing address. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/80#issuecomment-491140231
Received on Friday, 10 May 2019 03:13:13 UTC

This archive was generated by hypermail 2.3.1 : Friday, 10 May 2019 03:13:14 UTC