Secure Payment Confirmation
From MgmtWiki
Full Title
W3C standard
Context
Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
Problems
- In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network.
Solutions
- SPC Design Choices for Flexibility and Scale 2021-10-06 Ian Jacobs