Closed davidbenoit closed 4 years ago
Raised at F2F April 2019 - there are other attributes that can be carried too (for example, an "over 18" attribute which cards carry in Finland).
"over X" would be solved if the birthdate was present, where X depends on market, what is being sold, etc.
"over X" would be solved if the birthdate was present, where X depends on market, what is being sold, etc.
Except that runs foul of privacy. The point of saying "over X" is precisely so I don't have to give out my actual birthdate.
Sorry, I mean that if the browser/agent has the birthdate stored, it can answer the question. So, if I need the full birthdate I can ask for it, otherwise I could just ask "over X?"
Could you help me understand a bit more about the birthday requirement? It seems so forgeable to the point of being meaningless.
Apologies for the delay. The specific use I was referring to originally is for specific markets where the date of birth is actually checked against records at the bank at the time of authorization. I agree that the "over X" question is easily forged, but this is not.
This seems payment handler specific... in that the payment handler itself would communicate with the bank and do the birthday check. The merchant could also do the "are you 18+?" check also, but it could happen "out of band".
In some markets (Brazil, for example), local payment acquiring requires collection of more details about the consumer than are currently available. Specifically, we need the consumer's date of birth and national/tax identifier. We have seen other markets like Mexico where only the national/tax identifier is required, not the date of birth.