[Openid-specs-fapi] Apple Pay/EMV Authorization Video Clip
anders.rundgren.net at gmail.com
Sun Mar 8 14:15:07 UTC 2020
Hi list and Ortwin from NextGenPSD2,
Since Apple Pay/EMV apparently is not considered being a competitor to Open Banking/PISP, I take the liberty raising this issue again. In the end it is up to the consumers to choose.
This excellent video clip by EMVCo shows the core (ARQC) of EMV authorizations: https://www.youtube.com/watch?v=h8TxLRN-SuM
EMV relies on "Card Processing Services" which through card number (PAN) databases locate and interact with the associated /Issuers/ who does the actual validation of authorization signatures (cryptograms).
This is an (with respect to user => bank) /end-2-end secured scheme/. Open Banking Wallet/Saturn use the same core security concept but replaces the card number with an /Issuer URL/ to avoid external processing .
What's missing then? Well, the Merchant/Payee should of course also be authenticated in some way. Using EMV this is based on TTPs that vouch for Merchants. In the Open Banking Wallet/Saturn this is accomplished in a smarter way which eliminates the need for TTPs dealing with authorizations. A fairly rudimentary (and published) Merchant hosting scheme may though be needed for scalability reasons.
Since ECB have publicly expressed that they want to /reduce dependencies/ on Card networks as well as on Apple Pay , why should they be interested in promoting a /new/ kind of TTP like the PSD2 PISP?
As I have shown, there seems to be no technical issues having a dual-mode API, ultimately making Open Banking APIs the core for /all/ payment authorizations.
The only (technical) requirement is that a payment provider holds accounts (funds) which unlike an (in my wording) "Artificial Firewall", is a /genuine service/.
Yeah, cooperation is difficult, these guys took it to another level: https://www.youtube.com/watch?v=P9mybTArlsk&feature=youtu.be&list=RDP9mybTArlsk :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi