[Openid-specs-fapi] Fwd: Letter from Vice-President Valdis Dombrovskis: Comments about Redirection

Tom Jones thomasclinganjones at gmail.com
Sun Feb 24 22:07:37 UTC 2019


Boy, you hit the nail on the head there. The bank regulators will take the
side of the merchant and pisp over the bank and its customer.  What could
possibly go wrong?
Peace ..tom


On Sun, Feb 24, 2019 at 12:15 PM Dave Tonge <dave.tonge at momentumft.co.uk>
wrote:

> Big merchants will become PISPs, but its not worth it for smaller
> merchants.
> The UX doesn't need to be too bad though in a 4 party model - the PISP can
> collect consent in a widget on the merchant site before redirecting to the
> bank.
>
> The negativity against redirection is quite strange as PSD2 essentially
> brought in two competing requirements:
>  - third party payment initiation
>  - strong customer authentication
>
> Those against redirect have in their mind the mental model of card based
> payments where the user enters some numbers in the merchant website and
> never interacts with the bank who issued the card. However all card
> payments will end up having to be redirected because of the strong customer
> authentication requirements - so it is a contradictory position to hold.
>
> I think that most regulators will take a pragmatic position on this based
> on whether the bank is putting up "obstacles".
>
> Dave
>
> On Sat, 23 Feb 2019 at 05:09, Tom Jones via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>
>> Why would the merchant not seek to become the pisp? Then the ux is
>> pretty, but highly insecure. Isn't that what PSD is all about?
>>
>> thx ..Tom (mobile)
>>
>> On Fri, Feb 22, 2019, 7:45 PM Anders Rundgren via Openid-specs-fapi <
>> openid-specs-fapi at lists.openid.net> wrote:
>>
>>> On 2019-02-22 13:25, nat at sakimura.org wrote:
>>> > And interestingly, the Nordic countries support OpenID Connect in the
>>> redirect modes. It is actually quite interesting that people gets
>>> impression that redirects are user unfriendly where in fact if done
>>> correctly, it is hardly noticeable by the user. I probably should bmake a
>>> YouTube video about it.
>>>
>>> In a two-party scenario like a Fintech + Bank it can work fairly smooth.
>>>
>>> For a three-party scenario like Merchant + PISP + Bank, the UX part as a
>>> whole seems like a challenge.  That's the video I would like to see!
>>>
>>> Anders
>>>
>>> _______________________________________________
>>> Openid-specs-fapi mailing list
>>> Openid-specs-fapi at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>>
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190224/3cd85363/attachment.html>


More information about the Openid-specs-fapi mailing list