[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] 3d secure hack
|
From: |
Jeff Burdges |
|
Subject: |
[Taler] 3d secure hack |
|
Date: |
Tue, 7 Aug 2018 20:36:35 +0200 |
We’ve discussed wallet backup and sync scheme here at length. I’ve argued
against a simplistic sync with small businesses use cases being one among many
scenarios poorly served by a simplistic sync scheme.
We could take this further and imagine organisations using Taler to manage
employee expenses, well frequently organisations can reclaim VAT if they buy
travel themselves, but not if they reimburse employees. This clearly requires
something much more complex than a simplistic sync, but actually I want to talk
about something else..
Aside from companies reimbursing employees for travel, travel also has enormous
privacy implications, so customers benefit enormously from buying travel with
Taler, but..
How would you use Taler for booking travel? Travel booking systems are
extremely poorly maintained and update slowly and incompetently. Renfe could
not process non-spanish cards for decades.
We could maybe exploit Visa 3d secure to circumvent this problem:
Taler exchange could act as a Visa card processor that issued exactly one card
in its own name. It publishes the card details, but all transactions with this
card are declined unless the merchant processes 3d secure redirection
correctly, which redirects to the Taler exchange’s 3d secure page. In that
case, the user is sent a Taler payment page for which their Taler wallet
prompts them and then pays.
In effect, users are making Taler payments, and they even receive Taler
receipts, but they mut first enter the credit card details for the exchange’s
card.. and Visa extracts some high fee.
I’d think users cannot contest payments because they did not enter their own
credit card details, or make a credit card payment, but conceivably the taler
exchange can act like a card issuer in a card dispute process. Also, users
enter any details they like during checkout, but obviously many travel services
check ids.
If this does not work for some reason, then there is still a middle ground
where organisations obtain one Taler credit card for all their employees, and
manage their employees expenses with Taler balance transfer tools.
Jeff
signature.asc
Description: Message signed with OpenPGP
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Taler] 3d secure hack,
Jeff Burdges <=