W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2016

Security of the solution. Re: CfC to publish documents as FPWD of the Web Payments WG

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 7 Apr 2016 18:34:19 +0200
To: Web Payments CG <public-webpayments@w3.org>
Message-ID: <57068C0B.2060302@gmail.com>
Non-member opinion: I don't believe that Web payments solutions that do not reach
a client-side security level comparable to EMV-cards in payment terminals, or Apple Pay,
are worth dealing with in a new standard.

That would for example exclude the Basic Card Payment (aka CNP - Card Not Present) profile:
https://w3c.github.io/browser-payment-api/specs/basic-card-payment

However, the strategy behind the Web Payment API (more or less) mandates that
even deficient payment schemes like CNP indeed transcend into W3C standards.
This strategy has multiple downsides including the inability giving the market
a firm message regarding core system features.

Naturally alternative approaches also have their share of problems; the issue
is rather what the payment world in general is expecting.

Anders
Received on Thursday, 7 April 2016 16:34:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:46 UTC