Difference between revisions of "Secure Payment Confirmation"
From MgmtWiki
(→References) |
(→Problems) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
| + | * In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network. | ||
==Solutions== | ==Solutions== | ||
| Line 15: | Line 16: | ||
[[Category: Authentication]] | [[Category: Authentication]] | ||
[[Category: Standard]] | [[Category: Standard]] | ||
| − | [[Category: | + | [[Category: Payment]] |
Latest revision as of 11:14, 11 June 2022
Full Title
W3C standard
Context
Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
Problems
- In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network.
Solutions
- SPC Design Choices for Flexibility and Scale 2021-10-06 Ian Jacobs
