Author: Kalle Rosenbaum 2015-03-14 09:28:01
Published on: 2015-03-14T09:28:01+00:00
When it comes to the security of PaymentRequests, it is out of the customer's control as soon as the request is created on the server. In situations where the hotel stores PaymentRequests, the customer must trust that the hotel will keep their information safe. However, if the hotel is hacked, the entire process becomes meaningless and customers' information can be compromised. This scenario is similar to storing usernames and hashed passwords for all subscribers to a video service that accepts PaymentRequests as proof of payment. If all PaymentRequests are stolen, all accounts must be shut down, or they may be sold or used for blackmail. One solution to this problem is for services not to accept reusable PaymentRequests as proof but instead generate a proof on demand that can only be used once. The use of BIP0070 for payments is convenient and would greatly improve the user experience. However, not all payments are made using BIP0070, which is primarily for merchants who have the skills, time, and money to use certificates. Small businesses like a lottery at the local church may not have the resources to set up a secure BIP0070 server.
Updated on: 2023-06-09T18:30:21.796166+00:00