- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 24 Jun 2014 09:34:06 +0200
- To: Web Payments CG <public-webpayments@w3.org>
Although we all would like to get away from CNP (Card Not Present) payments they simply cannot be eliminated due to legitimate use-case requirements. What you can do is to embed CNP/Pull Payments in a security layer so that they become very unattractive to mis-use and also be [completely] useless for card data thieves. I'm working on a draft for this. Unfortunately it builds on the rather heavy machinery which I have described earlier in this forum [1]. OTOH, I don't see much value in new payment systems if they do not address the #1 security problem we have today, the reliance on unauthenticated card data. Anders 1] http://webpki.org/papers/PKI/pki-webcrypto.pdf
Received on Tuesday, 24 June 2014 07:34:40 UTC