Difference between revisions of "Secure Payment Confirmation"

From MgmtWiki
Jump to: navigation, search
(Context)
(Problems)
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
==Context==
 
==Context==
From the [https://www.w3.org/TR/2021/WD-secure-payment-confirmation-20210831/ Secure Payment Confirmation (SPC) is a Web API] to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
+
[https://www.w3.org/TR/2021/WD-secure-payment-confirmation-20210831/ Secure Payment Confirmation (SPC) is a Web API] to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
  
 
==Problems==
 
==Problems==
 +
* In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network.
  
 
==Solutions==
 
==Solutions==
Line 13: Line 14:
 
==References==
 
==References==
  
 +
[[Category: Authentication]]
 
[[Category: Standard]]
 
[[Category: Standard]]
[[Category: Finance]]
+
[[Category: Payment]]

Latest revision as of 11:14, 11 June 2022

Full Title

W3C standard

Context

Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.

Problems

  • In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network.

Solutions

References