- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 16 Feb 2014 07:58:11 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>
- CC: Brian Smith <brian@briansmith.org>
When I said that the current platforms aren't "bank-ready" this was simply based on
observing how banks actually use the platforms, which is by supplying the security
client themselves, often in the form of a browser "plugin".
The latter is becoming a major problem for them since plugins are going to be "outlawed"
by the browser vendors. Several of the on-line banks that I encounter in my day-job have
therefore recently built an STAND-ALONE SECURITY CLIENT.
===================================================================================================
That is, banks are effectively (forced to) ABANDONING the web for security reasons!!!
===================================================================================================
There is as you realize an ocean-wide gap between the browser vendors and the EU financial community.
Now let's say that you wanted to correct this, how would you do that?
Asking Microsoft how they look at this? You won't get an answer because if you are
working for a major US tech vendor this has to be checked with the legal department
and then it gets very messy.
Ask a leading bank? They are not allowed to talk about security solutions in public forums.
So what CAN you do then? My solution (FWIW) to this problem is rather :
- "Compiling" existing solutions
- Interviewing some key bank folks asking questions like "Could this work for you?".
(Getting a list of requirement is IMPOSSIBLE).
- Applying your own knowledge and user-experience of the actual topic
Anyway, returning to the subject line...if banks which are slowly moving object are
to even consider a new payment system it MUST (among many things), IMO provide a better
authentication solution than they currently have. This is technically doable.
Anders
Received on Sunday, 16 February 2014 06:58:41 UTC