<scribe> Scribe: Ian
[Ian introduces https://w3c.github.io/3ds/]
https://w3c.github.io/webpayments-methods-tokenization/
https://github.com/w3c/3ds/issues
Gildas: Would it be interesting to use 3-D Secure And other payment solutions
IJ: Happy to do so; who should we talk to?
https://github.com/w3c/3ds/issues/6
asolove: there should be a method
so that the merchant can change their 3DS needs in response to
changes in the payment sheet.
... e.g., use cases where the merchant is using 3DS as an extra
layer of security on some transactions
... it would be useful for the merchant to be able to look at
changes to addresses
... I also think we should allow merchants to opt-out of
3ds...Ian said that not specifying 3DS means you opt-out, but I
think we've heard that issuing banks in europe will require 3DS
sessions as a way to authorize any card payment
... there might be a need for the merchant to say either (1)
don't use 3DS at all or (2) don't do a step-up
... my biggest question for this spec is who will implement
this?
IJ: Do you think an event definition in the 3DS spec would make sense?
asolove: Yes, but we need to understand who the counter-party is
Olivier: Wordline is presenting
this topic to French banks
... it is still unclear to them whether the banks will
distribute apps or the card schemes
... we think the ACS part will be reused to authenticate the
card holder
... but 3DS2 as specified is more merchant side....but in this
PR API model, the SDK is user-side
IJ: that is the heart of this topic - are there benefits and is this feasible?
https://github.com/w3c/3ds/issues/4
IJ: what would be necessary to get to next steps on this work? Would a face-to-face meeting help?
Proposed: 27 June