Open ianbjacobs opened 5 years ago
The EMVCo SRC API specification 1.0 [1] maintains the approach that neither card nor consumer personal details cannot be retrieved from SRC System in complete and clear form. Instead, the data is either masked, e.g. MaskedCard
, MaskedConusmer
or encrypted Payload
.
What is the purpose of getting access to full and clear data in the payment handler/payment sheet?
The draft SRC data model includes some masked response data for display: maskedEmailAddress, maskedPhoneNumber, maskedCountryCode.
There was a proposal to return the complete (unmasked) data with user consent. Further comment: "Consumer consent may be explicit / implicit depending on DCF policy."