Why it matters
Payment security is existential. Understanding threats guides defense.
Advertisement
The architecture
Token theft: intercept token in transit. Defenses: TLS, short expiration, single-use.
Agent compromise: attacker controls user's agent. Defenses: agent-user binding, spending limits.
Advertisement
How it works end to end
Merchant fraud: fake merchant collects payment for nothing. Defense: merchant identity verification, dispute process.
Replay: reuse captured token. Defense: single-use, nonce tracking.
Wallet compromise: catastrophic. Defense: hardware-backed keys, multi-factor auth.
Fraud detection: velocity checks, anomaly detection at wallet.