W3C home > Mailing lists > Public > public-webpayments@w3.org > June 2014

3D Secure++ for Push Payments

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 27 Jun 2014 05:49:20 +0200
Message-ID: <53ACE9C0.90401@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>
The merits of 3D Secure haven't been discussed in this list,
probably because it has [rightfully] been rejected in the US.
However, 3D Secure is a very cool idea, it just lacks a proper
platform to run on.

When I read Adrian's push payment manifesto, I realized that the stuff
I have worked with for a quite some time also could be useful as a technical
foundation for push payments.  Details:

0. Probably the payer must select payment type (=payment provider)...
1. The payer gets a digitally signed payment request from the payee
2. The payment request is redirected to the payment provider
3. The payer authorizes the payment request at the payment provider using a payer key
4. The payment provider counter-signs the payment request with its provider key
5. The resulting object is returned to the payee
6. The payee pulls money from the received object trough its payment provider

Note that the payer's card details wouldn't be given to the merchant
when you use your payment provider as the source rather than your card.
The payer only needs to be authenticated to the payment provider.

Although originally designed with another objective in mind, the following
steps and platform ought to work for push payments as well:
http://webpki.org/papers/payments/securing-card-not-present-transactions.pdf

I strongly believe that BaM-payments and Web-payments could/should be identical.

There are several hurdles.  Banks are slow as h**l, Standardization takes forever,
and Google can do whatever they want:
http://www.cnet.com/news/google-spells-out-ambitious-plan-android-world-domination

Cheers,
Anders
Received on Friday, 27 June 2014 03:49:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC