What to do if tokenized data looks like basic card data?

w3c / webpayments-methods-tokenization

https://w3c.github.io/webpayments-methods-tokenization/index.html

Other

15 stars 15 forks source link

What to do if tokenized data looks like basic card data? #21

Closed ianbjacobs closed 6 years ago

ianbjacobs commented 7 years ago

Moving this out of the wiki to an issue to discuss at the right time:

When a tokenization scheme (such as network tokenization) results in data that looks just like Basic Card data (e.g., dynamic CVV or dynamic expiry, format of the token = format of a card number), should a payment app that provides this sort of data label it Basic Card? Or is there a need for an additional signal to the merchant or their PSP?

MasterKeyur commented 7 years ago

As part of current specification there is no dynamic CVV or expiry. There is cryptogram which the acquirer needs to send in authorization to Network (to issuer) along with token (16 -19 digit) and expiry of token. As of now there is no need of separate label.

ianbjacobs commented 6 years ago

I am going to close this issue because the way that the specification is going suggests the response data will not look like Basic Card.