Security and Privacy Considerations
Pages 89
- Home
- A Payments Initiation Architecture for the Web
- Adoption2017
- Agenda 12th November 2015 at 1700 UTC
- Agenda 17th December 2015 at 1700 UTC
- Agenda 19th November 2015 at 1700 UTC
- Agenda 20160107
- Agenda 20160121
- Agenda 20160128
- Agenda 20160204
- Agenda 20160211
- Agenda 20160310
- Agenda 20160317
- Agenda 20160331
- Agenda 20160407
- Agenda 20160414
- Agenda 20160421
- Agenda 20160428
- Agenda 20160505
- Agenda 20160512
- Agenda 20160519
- Agenda 20160526
- Agenda 20160602
- Agenda 20160609
- Agenda 20160616
- Agenda 20160623
- Agenda 20160728
- Agenda 20160804
- Agenda 20160811
- Agenda 20160818
- Agenda 20160825
- Agenda 20160901
- Agenda 20160908
- Agenda 20160915
- Agenda 20161006
- Agenda 20161020
- Agenda 20161027
- Agenda 20161103
- Agenda 20161110
- Agenda 20161117
- Agenda 20161201
- Agenda 20161208
- Agenda 20161215
- Agenda 20170105
- Agenda 20170112
- Agenda 20170119
- Agenda 20170126
- Agenda 20170202
- Agenda 20170209
- Agenda 20170216
- Agenda 20170223
- Agenda 20170302
- Agenda 3rd December 2015 at 1700 UTC
- Agenda for 3rd March telco
- All in the Browser
- Browser with remote Payment Apps
- Call for Consensus FPWD
- CFC_20140412
- Checkout API
- Components
- DeploymentExamples
- Extensibility_Notes
- F2F Agenda
- FTF March2017
- FTF Sep2016
- How it Works
- How the Working Group works
- Issue Summary
- MagWebinar
- Meeting Proposal 20161128
- Meetings
- Mobile Platform
- Networks List
- PaymentApp_Notes
- PaymentRequestFAQ
- PMI_Notes
- Proposed F2F Day 2 agenda
- RegistrationTypes
- Security and Privacy Considerations
- Spec_Notes
- Support for multi price and currency
- Synchronizing Github Issues with W3C Mailing Lists
- TestSuite
- TPAC 2015 issues list
- Web Payment Deployment Examples
- Web Payments Working Group FTF Meeting (July 2016)
- Web Payments Working Group Plan
- WPWG FTF Feb 2016
- WPWG FTF Feb 2016 Requirements
- Show 74 more pages…
Mailing list archives
Issues
- General
- Payment Request API
- Payment Method Identifiers
- Basic Card Payment
- Payment Apps API
- HTTP API and Messages
Tests
Adoption
Previous Topics
Clone this wiki locally
This page documents some security topics for consideration by the Web Payments Working Group. See also the WG's Security review using the TAG checklist.
Confidentiality Violations
Motivation: Attacker wants to know about victims location or spending behavior
Attack Vector: Browser extension or compromised Javascript code
Attacker installs code to listen to PaymentRequestUpdateEvents and report contents of PaymentDetails to attacker website.
Motivation: Merchant wants to know exactly which payment methods are available for a given consumer
Attack Vector: repeated calls to PaymentRequest interface with a single payment method per request; monitoring those which succeed and which fail
Attacker dispatches multiple PaymentRequest calls, capturing when a request fails immediately (which would be an indication the payment method is not supported) and otherwise aborting the PaymentRequest if it does not fail immediately. Collect the results and then through business logic decide which payment methods to offer to this customer. Remember the information via a cookie for future use. Offer new payment methods to the consumer because the merchant knows they do not yet have those methods registered and the merchant prefers those methods (e.g., private card, card with loyalty points, card with better terms for the merchant).
Password Sniffing
No known password sniffing attacks
Offline Cryptographic Attacks
No known cryptographic attacks other than capture and brute force HTTPS.
Replay Attacks
Motivation: MitM wants to harm merchant by issuing previously processed PaymentResponses
Attack Vector: Browser extension or compromised Javascript code
Attacker installs code that store (via localStorage) and replay previous basic card spec payment responses.
Message Insertion
Motivation: MitM wants to mine victim data by requesting fields that merchant does not need.
Attack Vector: Browser extension or compromised Javascript code
Attacker installs code that modifies paymentOptions to request information that merchant does not need and then reports this back to attacker's servers.
Message Deletion
Motivation: MitM wants to reprioritize acceptable payment methods.
Attack Vector: Browser extension or compromised Javascript code
Attacker installs code that modifies the list of acceptable payment methods before sending them on to the mediator.
Message Modification
Motivation: MitM wants to harm merchant by modifying price charged by merchant.
Attack Vector: Browser extension or compromised Javascript code
Attacker installs code that modifies total amount displayed to user and then modifies the amount before it is sent to the mediator.