- From: Stephen McGruer <notifications@github.com>
- Date: Thu, 16 Nov 2023 11:00:07 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 16 November 2023 19:00:13 UTC
Hi @mimi89999 . I'm afraid I don't really follow your described attack scenario. What does it mean in step 3 for `secure-legit-trusted-store.com` to "relay the request" from `buy-crypto-online.com` ? In general, it sounds like in your attack that `secure-legit-trusted-store.com` is committing payments fraud, by taking $1000 from the user (with the user's permission!) but not giving them their goods (the laptop) and instead keeping the money (or here, spending it on crypto). That is a form of payments fraud that exists in the world, and there are many mitigations across the payments ecosystem to stop it, mostly outside of the scope of Payment Request. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/1014#issuecomment-1815090700 You are receiving this because you are subscribed to this thread. Message ID: <w3c/payment-request/issues/1014/1815090700@github.com>
Received on Thursday, 16 November 2023 19:00:13 UTC