3DS Task Force

13 Jun 2018



Ian, Gildas, Olivier, asolove, Krystian, Ken, Laura, MikeHorne


<scribe> Scribe: Ian

3-D Secure 2 with Payment Request API


[Ian introduces https://w3c.github.io/3ds/]



Gildas: Would it be interesting to use 3-D Secure And other payment solutions

IJ: Happy to do so; who should we talk to?

Issue 6


asolove: there should be a method so that the merchant can change their 3DS needs in response to changes in the payment sheet.
... e.g., use cases where the merchant is using 3DS as an extra layer of security on some transactions
... it would be useful for the merchant to be able to look at changes to addresses
... I also think we should allow merchants to opt-out of 3ds...Ian said that not specifying 3DS means you opt-out, but I think we've heard that issuing banks in europe will require 3DS sessions as a way to authorize any card payment
... there might be a need for the merchant to say either (1) don't use 3DS at all or (2) don't do a step-up
... my biggest question for this spec is who will implement this?

IJ: Do you think an event definition in the 3DS spec would make sense?

asolove: Yes, but we need to understand who the counter-party is

Olivier: Wordline is presenting this topic to French banks
... it is still unclear to them whether the banks will distribute apps or the card schemes
... we think the ACS part will be reused to authenticate the card holder
... but 3DS2 as specified is more merchant side....but in this PR API model, the SDK is user-side

IJ: that is the heart of this topic - are there benefits and is this feasible?


FTF meeting to advance the work?

IJ: what would be necessary to get to next steps on this work? Would a face-to-face meeting help?

Next meeting

Proposed: 27 June

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/06/13 16:02:40 $