- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 25 Oct 2016 21:37:33 +0200
- To: Mountie Lee <mountie@paygate.net>, Web Payments CG <public-webpayments@w3.org>
On 2016-10-25 18:18, Mountie Lee wrote: > Hi. > > I just want to get opinion how WG members think > should payment app of browser default installed be compliant for PA-DSS? > > I know this is not part of WG standard issue. > But considering wide adaption of web payment at real industries, > I think PA-DSS is necessary for Payment App of Browser inside. (PCIDSS for web based payment app) > at least payment app is storing credit card information. Apple Pay for the Web should meet very strict security requirements but this has little to do with the browser since their Payment App is a part of the platform (HW + OS + Browser). Third-parties do not have access to such technology. Anyway, assuming we rather stick to the [stone-age] technology the Web Payment WG is touting (Basic Card Profile), what would PA-DSS impose more specifically regarding stored credit card information? I don't understand how for example section 2.3 of https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf would be applied to a browser. Anders > > regards > mountie
Received on Tuesday, 25 October 2016 19:38:05 UTC