W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2016

Re: Security of the solution. Re: CfC to publish documents as FPWD of the Web Payments WG

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 8 Apr 2016 06:22:13 +0200
To: Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Web Payments CG <public-webpayments@w3.org>
Message-ID: <570731F5.8000203@gmail.com>
On 2016-04-07 19:22, Adrian Hope-Bailie wrote:
> I completely disagree with this.

Everything is cool unless Apple takes the somewhat less fuzzy path I'm
advocating since such a solution could provide state-of-the-art security
and UI, as well as being straightforward integrating in existing Web shops.

Anders

>
> If we produce a standard that provides no path for existing payment methods (albeit deficient) to be used and ultimately upgraded we will never get traction.
>
> There is nothing stopping someone defining an Encrypted Card Payment Specification which, if it is widely supported, should supersede the Basic Card Payments Specification.
>
> The market should drive this through merchants and payment apps that choose to not support the older less secure methods.
>
> On 7 April 2016 at 09:34, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     Non-member opinion: I don't believe that Web payments solutions that do not reach
>     a client-side security level comparable to EMV-cards in payment terminals, or Apple Pay,
>     are worth dealing with in a new standard.
>
>     That would for example exclude the Basic Card Payment (aka CNP - Card Not Present) profile:
>     https://w3c.github.io/browser-payment-api/specs/basic-card-payment
>
>     However, the strategy behind the Web Payment API (more or less) mandates that
>     even deficient payment schemes like CNP indeed transcend into W3C standards.
>     This strategy has multiple downsides including the inability giving the market
>     a firm message regarding core system features.
>
>     Naturally alternative approaches also have their share of problems; the issue
>     is rather what the payment world in general is expecting.
>
>     Anders
>
>
>
>
>
>
Received on Friday, 8 April 2016 04:22:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:46 UTC