I'm not aware of a system where the merchant needs the user's phone number. There are common back-ends where it is used for verification via 2FA. So it would seem an active security breach to hand it over, since it is critical data for a MITM attack collecting the second factor. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-method-basic-card/pull/80#issuecomment-491243071
Received on Friday, 10 May 2019 10:34:42 UTC