W3C home > Mailing lists > Public > public-webpayments-specs@w3.org > May 2019

Re: [w3c/payment-method-basic-card] Don't redact phone number from billingAddress (#80)

From: chaals <notifications@github.com>
Date: Fri, 10 May 2019 03:34:20 -0700
To: w3c/payment-method-basic-card <payment-method-basic-card@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-method-basic-card/pull/80/c491243071@github.com>
I'm not aware of a system where the merchant needs the user's phone number. There are common back-ends where it is used for verification via 2FA. So it would seem an active security breach to hand it over, since it is critical data for a MITM attack collecting the second factor.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/80#issuecomment-491243071
Received on Friday, 10 May 2019 10:34:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 10 May 2019 10:34:43 UTC