You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to requestau...@chromium.org
Hi guys,
Thanks for the I/O presentation today. I was the guy who asked about providing some sort of a way to deal with service abuse if a service currently uses card equivalence as a way to prevent (say) duplicate free trials. While you're not the first service to create virtual card numbers, the popularity of Google Wallet is clearly going to lead to much more widespread use of this approach.
One possible way is to create a user-specific, card-specific HMAC that a developer can bind to a hidden field and save. Would this be something you could either get into the standard, or do yourself in the Chrome implementation?
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to requestau...@chromium.org
Hi Ilya,
Thanks for attending the session and sharing your thoughts.
The abuse scenario you lay out is an important one. We'll have to put our heads together to come up with ways to mitigate it. I can think of a few other solutions as well. We'll update the list when we have a better answer.