Comment by tmpfile

I’m not sure what you’re replying to?

He says:

> You shouldn't share a secret that someone else could use to generate payments. You should share some type of payload that is only valid for the payment you're making.

He’s advocating for a more secure one-time way of making a payment.

It would be more secure since it’s one-time and could not be reused even if the merchant didn’t use a pci compliant design