Author: Mark van Cuijk 2014-07-27 06:55:38
Published on: 2014-07-27T06:55:38+00:00
During a user experience test, it was discovered that identifying payment processors instead of merchants could create problems. Firstly, as long as the merchant can be authenticated, users do not need to know or trust individual payment processors. Secondly, attackers can use payment processors to carry out MITM attacks, making victims believe they are paying merchants when, in reality, they are paying the attacker through the payment processor. To solve this issue, Mark has proposed the extension of PaymentRequest message with three additional fields: payee_pki_type, payee_pki_data, and payee_mandate. These fields can authenticate the identity of the merchant, rather than the payment processor, by including a certificate chain to validate the entity generating the message and a signed mandate from the merchant granting the payment processor the right to collect payments on their behalf. This solution is backwards compatible as existing wallets can ignore these fields, continue to show the identity of the payment processor, and complete payment processes by verifying the signature in the PaymentRequest message. However, wallets that understand the extension can check the validity of both certificate chains and the mandate, then display the identity information of the merchant alongside or instead of the payment processor’s identity, allowing end-users to clearly identify the merchant. Payment processors supporting the extension may offer it as an optional service, where clients wishing to use it must obtain their own certificate from a CA and sign a mandate. The process may need to be repeated when either the merchant’s or payment processor’s certificates expire, but this can be addressed when defining the format of the mandate.
Updated on: 2023-06-09T01:33:28.955091+00:00