Web Payments Q4 2020

Agenda

• Evolution of WPWG hypotheses
• Revised hypotheses
• Discussion at this meeting

See the WPWG agenda for 19-22 October 2020.

Evolution of WPWG hypotheses

• Payment Request API focus: streamline checkout.
• We have learned a lot from adoption, experimentation, and discussion.
• Focus has shifted from adoption of PR API “as is” to how to leverage PR API in ways that industry has indicated are high value (e.g., low friction authentication).

Browser Data Storage Experience (I/II)

Initial hypothesis: streamline checkout by moving data storage (“card on file”) from merchant to browser and payment apps in order to reduce typing and enable for “one click pay” on the Web.

• Various industry stakeholders have agreed there is value —reduced cart abandonment— in browser capabilities to address the guest checkout use case, especially for medium-sized merchants.
• Merchants want to continue to manage “card on file” (or similar for other payment methods).

Browser Data Storage Experience (II/II)

• We have not seen many new players deploy payment apps beyond the *Pay (Apple Pay, Google Pay, Samsung Pay).
• These payment app providers want to manage user data including shipping address and contact information, rather than relying on browser-stored (autofill) data.
• Browsers have indicated that they did not want to store payment method specific data in the browser (cf. Mozilla and Google)

Single Buy Button Experience

Initial hypothesis: for guest checkout, streamline checkout by reducing selection noise (“NASCAR effect”), enabling single “buy button.”

• Some payment app providers require branded buttons on merchant pages (but only when the user is known to be able to pay with that payment app)
• Users recognize these brands; are used to buttons
• The PR API selector (“the sheet”) confused some users (cf. Shopify)
• Many stakeholders wish to control order of apps / payment credentials (“top of wallet”)

Payment Method Diversity Experience

Initial hypothesis: standards to facilitate checkout with payment apps will increase payment method diversity on the Web.

• Some payment app providers (e.g., Apple Pay, Google Pay, Samsung Pay) have leveraged PR and PH APIs.
• Others have not distributed payment apps but have indicated interest in modal window with origin display & 1p storage access.
• Others have indicated that they do not wish to have to create and distribute user experiences.
• Three scenarios: full-fledged payment app (“open window”), no UX payment app (“selection and authentication only”), no payment app (“register payment credentials”).

Authentication Experience

Initial hypothesis: it suffices to support a variety of authentication flows through payment handlers and Web standards out of the box.

• Support for Web Authentication (and built-in authenticators) has grown as the WPWG has worked on PR API. Discussions (e.g., in joint task force) have increased on topics like delegated authentication, WebAuthn in iframe, etc.
• Privacy changes in browsers (cookies, fingerprinting) are breaking some industry approaches to risk assessment and authentication (e.g., 3DS2). Browsers are expected to remove 3p cookies in 2021.

Agenda

• Evolution of WPWG hypotheses
• Revised hypotheses
• Discussion at this meeting

Revised Hypotheses (I/II)

• Payment Request API as-is provides value to some payment app providers.
• There is high value in providing a low-friction experience for strong customer authentication.
• There is also value in providing zero-friction tools to parties that do risk assessment, while protecting user privacy.

Revised Hypotheses (II/II)

• The browser may be able to facilitate guest checkout through credential storage, but the scope and nature is likely different from our initial hypothesis.
• To move to the next level of adoption, we would benefit from reviewing the Web payments architecture to identify core browser capabilities useful across a variety of payment methods.

Agenda

• Evolution of WPWG hypotheses
• Revised hypotheses
• Discussion at this meeting

Payment Request

• Advancing version 1.0 to Recommendation
• Revisiting architecture and core capabilities
• Handling new features and improvements (e.g., privacy, internationalization)

Authentication

• Secure Payment Confirmation (SPC)
  Includes transaction confirmation
• Web Authentication WG update

Note: The WPSIG is discussing zero-friction risk assessment and privacy.

Payment Method Requirements

• Card Payment Security / Secure Remote Commerce
• QR Code Use Cases
• Open Banking
• Web Monetization
• Real-time payments and registration for bill pay
• Also: Engagement with new Merchant Business Group

Notes

• During the final session of the meeting we plan to discuss planning and prioritization for the next year.
  • Please think about that over the next few days!
  • Compare with 2019 plan
• That planning and prioritization will include discussion of our own charter, which goes until the end of 2021.