1 / 6

Payment workshop

Payment workshop. Identity, Security and Privacy Timothy Ng (timng@microsoft.com). Identity. Identity. Introducing a commerce identity A single commerce identity across Microsoft Relates identity to financial data (accounts, instruments, tax information, etc )

salali
Download Presentation

Payment workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Payment workshop Identity, Security and Privacy Timothy Ng (timng@microsoft.com)

  2. Identity

  3. Identity • Introducing a commerce identity • A single commerce identity across Microsoft • Relates identity to financial data (accounts, instruments, tax information, etc) • Relates identity to rights (what they have purchased, etc) • Models trust relationships between accounts • Models both buyers and sellers • Centralizes information related to risk, fraud, trustworthiness • Online and offline • Rules and defaults • Customers can be identified by • Microsoft identity providers • OAuth identity providers • Credit cards, bank accounts (but some compliance issues)

  4. Identity challenges • Rationalizing all forms of identity • We like Oauth, but missing enterprise forms • We would like "views" that are influenced by identity (for example, when you log in using your home email, you should see a different view then when you log in using your corporate email) • Modeling trust relationships between commerce accounts • Non-trusted scenarios - don't give away your secrets! • Family scenarios • Organization scenarios • Interoperability • Usable outside Microsoft? • Non-Microsoft commerce accounts? • Bridging physical world and digital world • Reputation, risk, and fraud

  5. Security • Not only credit card numbers are insecure • Exploring APIs and protocols whereby PI information is not sent to merchants • Rather, merchants push invoices to users, and users instruct payment source to send money to merchants • Beyond web - exploring unification of web + physical experience • Interoperating consistently with various banks/card processors is difficult • Securing ACH • Securing financial accounts in general (2FA?) • Reducing PCI scope • Merchant protocols (ISO8583, etc) do not help with this • Backend processing (reconciliation, bank statements)

  6. W3C asks • Where in the "stack" does W3C think standardization may enable interoperability, reduce friction? • Standardization at a certain "layer" in the stack enables competitive innovation at a higher layer in the stack • Identity provider? • Authentication? • User reputation? • Risk/fraud? • Protocols, APIs, models? • UX?

More Related