[Openid-specs-fapi] Strong MERCHANT Authentication
fpo at adorsys.de
Thu Apr 9 19:45:11 UTC 2020
> > Personally, I'm into "moderately smart contracts" that are targeted
> at a more conventional payment market:
> > Great illustration. This is the way to go. Banking Protocols like EBICS (
> http://www.ebics.org/home-page/) has been making use of the signature
> key-pairs in the corporate context for a while. Now it is also open for
> individual customers. We will slowly be witnessing progress in this
> Thanks! I hope you are right :)
> EBICS was new to me. It looks quite interesting.
> In my particular use case, secure lookup services are used rather than
> X.509 certificates due to the amount of structured and certified data
> needed by verifiers:
Submitting a payment request to a bank is associated with a lot of
provisions including AML, GDPR, ... (no matter if it is a credit transfer
or a direct debit). European PSD2 uses eIDas certificates for TPP. I like
the concept of strong merchant authentication as Merchant could also be
issued certificates. Merchant will then use certified key-pair to submit
the customer's signed payment request to the bank. Without any third party.
I suspect major merchants will endup acquiring tpp certificates.
> This makes the scheme scale trust-wise in the same way as the bank network
> itself without introducing new parties in the soup. Merchant hosting
> services may though be needed since banks typically are not equipped for
> dealing with small merchants.
Webendpoint base pki will be tough, as it takes a lot of time and effort to
implement new trust schemes across networks. Adding a sort of "Certificate
Transparency" system to Country-Authority issued certificates (like PSD2's
eIDas) will fulfill the purpose.
What I liked in your suggestion is the end user carrying his own key-pair.
This will make open banking a lot easier, as we might use it to kill
Co-Founder and Technical Lead at adorys
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi