Seems like the payment data is just handled by the credit card companies, so it's a matter of targeting random businesses vs Visa....
So, seems like you're ultimately advocating for all data to be handled by credit card companies, or similarly hardened targets. In the end this may not gain much; a company with compromised api access is still a good target. Which helps demonstrate another difference: Companies need ongoing access to their data, where payments are 'fire and forget' and thus are easier to protect.
So, seems like you're ultimately advocating for all data to be handled by credit card companies, or similarly hardened targets. In the end this may not gain much; a company with compromised api access is still a good target. Which helps demonstrate another difference: Companies need ongoing access to their data, where payments are 'fire and forget' and thus are easier to protect.