Card tokenization
22 views
Skip to first unread message
Ilya Haykinson
May 15, 2013, 8:51:21 PM5/15/13
to requestau...@chromium.org
Hi guys,
Thanks for the I/O presentation today. I was the guy who asked about providing some sort of a way to deal with service abuse if a service currently uses card equivalence as a way to prevent (say) duplicate free trials. While you're not the first service to create virtual card numbers, the popularity of Google Wallet is clearly going to lead to much more widespread use of this approach.
One possible way is to create a user-specific, card-specific HMAC that a developer can bind to a hidden field and save. Would this be something you could either get into the standard, or do yourself in the Chrome implementation?
Cheers,
-ilya haykinson
Thanks for the I/O presentation today. I was the guy who asked about providing some sort of a way to deal with service abuse if a service currently uses card equivalence as a way to prevent (say) duplicate free trials. While you're not the first service to create virtual card numbers, the popularity of Google Wallet is clearly going to lead to much more widespread use of this approach.
One possible way is to create a user-specific, card-specific HMAC that a developer can bind to a hidden field and save. Would this be something you could either get into the standard, or do yourself in the Chrome implementation?
Cheers,
-ilya haykinson
abod...@chromium.org
May 16, 2013, 1:50:09 PM5/16/13
to requestau...@chromium.org
Hi Ilya,
Thanks for attending the session and sharing your thoughts.
The abuse scenario you lay out is an important one. We'll have to put our heads together to come up with ways to mitigate it. I can think of a few other solutions as well. We'll update the list when we have a better answer.
Thanks.
Reply all
Reply to author
Forward
0 new messages