Re: [w3c/payment-request] Authentication of merchant domain and details (Issue #1014) from Michel Le Bihan on 2023-11-17 (public-webpayments-specs@w3.org from November 2023)

From: Michel Le Bihan <notifications@github.com>
Date: Fri, 17 Nov 2023 12:41:35 -0800
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/1014/1817078063@github.com>

> This makes relaying (or stealing) authorizations much less useful, here assuming that verifiers check this parameter as well as claimed receive account etc.

In that case it might vary greatly between payment processors. IIRC the spec doesn't say that the payment method provider should verify that.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/1014#issuecomment-1817078063
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/payment-request/issues/1014/1817078063@github.com>

Received on Friday, 17 November 2023 20:41:40 UTC