W3C home > Mailing lists > Public > public-webpayments@w3.org > June 2014

CNP/Pull Payments

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 24 Jun 2014 09:34:06 +0200
Message-ID: <53A929EE.20406@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>
Although we all would like to get away from CNP (Card Not Present) payments
they simply cannot be eliminated due to legitimate use-case requirements.

What you can do is to embed CNP/Pull Payments in a security layer so that they
become very unattractive to mis-use and also be [completely] useless for card data thieves.

I'm working on a draft for this.  Unfortunately it builds on the rather heavy machinery
which I have described earlier in this forum [1].  OTOH, I don't see much value in new
payment systems if they do not address the #1 security problem we have today,
the reliance on unauthenticated card data.

Anders

1] http://webpki.org/papers/PKI/pki-webcrypto.pdf
Received on Tuesday, 24 June 2014 07:34:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC