W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2016

Re: PA-DSS for Payment App?

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 25 Oct 2016 21:37:33 +0200
To: Mountie Lee <mountie@paygate.net>, Web Payments CG <public-webpayments@w3.org>
Message-ID: <ce0be7c5-2671-8c76-4e0a-6cbdca8a9538@gmail.com>
On 2016-10-25 18:18, Mountie Lee wrote:
> Hi.
>
> I just want to get opinion how WG members think
> should payment app of browser default installed be compliant for PA-DSS?
>
> I know this is not part of WG standard issue.
> But considering wide adaption of web payment at real industries,
> I think PA-DSS is necessary for Payment App of Browser inside. (PCIDSS for web based payment app)
> at least payment app is storing credit card information.

Apple Pay for the Web should meet very strict security requirements but this has little to
do with the browser since their Payment App is a part of the platform (HW + OS + Browser).

Third-parties do not have access to such technology.

Anyway, assuming we rather stick to the [stone-age] technology the Web Payment WG
is touting (Basic Card Profile), what would PA-DSS impose more specifically
regarding stored credit card information?  I don't understand how for example
section 2.3 of https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf
would be applied to a browser.

Anders


>
> regards
> mountie
Received on Tuesday, 25 October 2016 19:38:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:47 UTC