- From: Reutzel, Bailey <bailey.reutzel@sourcemedia.com>
- Date: Fri, 17 Jan 2014 20:59:08 +0000
- To: Kumar McMillan <kmcmillan@mozilla.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
- CC: Web Payments CG <public-webpayments@w3.org>, Joseph Potvin <jpotvin@opman.ca>
Just wanted to throw this reporting form one of my colleagues on the MasterCard, Visa and Amex global standard: http://www.paymentssource.com/news/visa-mc-amex-push-to-replace-account-numbers-in-digital-payments-3015602-1.html -----Original Message----- From: Kumar McMillan [mailto:kmcmillan@mozilla.com] Sent: Friday, January 17, 2014 3:45 PM To: Anders Rundgren Cc: Web Payments CG; Joseph Potvin Subject: Re: Payment Tokenization Standards RE: https://newsroom.mastercard.com/press-releases/mastercard-visa-and-american-express-propose-new-global-standard-to-make-online-and-mobile-shopping-simpler-and-safer/ "The proposed framework has incorporated the input of many stakeholders, particularly card issuers and merchants. Over the coming weeks, the framework will also be presented to other partners and independent industry bodies...." Does anyone know if MasterCard actually presented a proposal and if so, presented it publicly? I'm curious to see what it was. I think adopting a token standard would be a small but important step toward more secure web payments. It seems easy to achieve given its relatively small scope. Especially nice is that it doesn't depend on any other payment asset definition or verification protocol or user identity spec, etc. It would specify how to process a transaction and nothing else, thus, easy to wedge into existing buy flows. A tokenization standard could even go hand in hand with request autocomplete. On Jan 17, 2014, at 9:46 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > Thanx Joseph, you raised many interesting questions. > > One was if this is "Open Standardization". This is IMO a huge problem for the traditional payment industry and essentially everything involving banks: They really don't want to operate in open. That's why they never managed making EMV-cards usable on the Internet which also made the EMV value proposal quite lame since the fraudsters simply moved their activity to the Internet targeting "Card not present" transactions. > > "Software Patents" is another great topic. IPR folks have indicated > that my SKS/KeyGen2 scheme violates tons of smart card patents. Since I have never read these patents and not that many specifications either, my guess is that the solutions become more or less obvious when you actually begin working in this space. To be on the safe(er) side I have filed some of the core ideas as "Defensive Publications". http://ip.com/IPCOM/000229430 http://ip.com/IPCOM/000215433 Although getting a nickel in license fee for every phone sold would be great, a patent would in reality only work as a blocker and destroy whatever value the idea had. > > Cheers, > Anders > "This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution"
Received on Saturday, 18 January 2014 22:17:56 UTC