tblachowicz
commented
5 years ago The EMVCo SRC API specification 1.0 [1] maintains the approach that neither card nor consumer personal details cannot be retrieved from SRC System in complete and clear form. Instead, the data is either masked, e.g. MaskedCard, MaskedConusmer or encrypted Payload.
What is the purpose of getting access to full and clear data in the payment handler/payment sheet?
The draft SRC data model includes some masked response data for display: maskedEmailAddress, maskedPhoneNumber, maskedCountryCode.
There was a proposal to return the complete (unmasked) data with user consent. Further comment: "Consumer consent may be explicit / implicit depending on DCF policy."