Web Payments Q4 2020
Ian Jacobs
19 October 2020
Evolution of WPWG hypotheses
- Payment Request API focus: streamline checkout.
- We have learned a lot from adoption, experimentation, and discussion.
- Focus has shifted from adoption of PR API “as is” to how to leverage PR API
in ways that industry has indicated are high value (e.g., low friction
authentication).
Browser Data Storage Experience (I/II)
Initial hypothesis: streamline checkout by moving data storage (“card on file”) from merchant to browser and payment apps in order to reduce typing and enable for “one click pay” on the Web.
- Various industry stakeholders have agreed there is value —reduced cart abandonment— in
browser capabilities to address the guest checkout use case, especially for medium-sized
merchants.
- Merchants want to continue to manage “card on file” (or similar for other payment methods).
Browser Data Storage Experience (II/II)
- We have not seen many new players deploy payment apps beyond the *Pay (Apple Pay,
Google Pay, Samsung Pay).
- These payment app providers want to manage user data including shipping address and
contact information, rather than relying on browser-stored (autofill) data.
- Browsers have indicated that they did not want to store payment method specific data in
the browser (cf. Mozilla and Google)
Single Buy Button Experience
Initial hypothesis: for guest checkout, streamline
checkout by reducing selection noise (“NASCAR effect”), enabling
single “buy button.”
- Some payment app providers require branded buttons on merchant pages (but only
when the user is known to be able to pay with that payment app)
- Users recognize these brands; are used to buttons
- The PR API selector (“the sheet”) confused some users (cf. Shopify)
- Many stakeholders wish to control order of apps / payment credentials (“top of
wallet”)
Payment Method Diversity Experience
Initial hypothesis: standards to facilitate checkout with payment
apps will increase payment method diversity on the Web.
- Some payment app providers (e.g., Apple Pay, Google Pay, Samsung Pay) have leveraged PR and PH APIs.
- Others have not distributed payment apps but have indicated interest in
modal window with origin display & 1p storage access.
- Others have indicated that they do not wish to have to create and distribute user experiences.
- Three scenarios: full-fledged payment app (“open window”), no UX
payment app (“selection and authentication only”), no payment app (“register payment
credentials”).
Authentication Experience
Initial hypothesis: it suffices to support a variety of authentication flows through payment handlers and Web standards out of the box.
- Support for Web Authentication (and built-in authenticators) has grown as the
WPWG has worked on PR API. Discussions (e.g., in joint task force) have
increased on topics like delegated authentication, WebAuthn in iframe, etc.
- Privacy changes in browsers (cookies, fingerprinting) are breaking some
industry approaches to risk assessment and authentication (e.g., 3DS2).
Browsers are expected to remove 3p cookies in 2021.
Agenda
- Evolution of WPWG hypotheses
- Revised hypotheses
- Discussion at this meeting
Revised Hypotheses (I/II)
- Payment Request API as-is provides value to some payment app providers.
- There is high value in providing a low-friction experience for strong customer
authentication.
- There is also value in providing zero-friction tools to parties that do risk
assessment, while protecting user privacy.
Revised Hypotheses (II/II)
- The browser may be able to facilitate guest checkout through credential
storage, but the scope and nature is likely different from our initial hypothesis.
- To move to the next level of adoption, we would benefit from reviewing the
Web payments architecture to identify core browser capabilities useful across
a variety of payment methods.
Agenda
- Evolution of WPWG hypotheses
- Revised hypotheses
- Discussion at this meeting
Payment Request
- Advancing version 1.0 to Recommendation
- Revisiting architecture and core capabilities
- Handling new features and improvements (e.g., privacy, internationalization)
Authentication
- Secure Payment Confirmation (SPC)
Includes transaction confirmation
- Web Authentication WG update
Note: The WPSIG is discussing zero-friction risk assessment and privacy.
Payment Method Requirements
- Card Payment Security / Secure Remote Commerce
- QR Code Use Cases
- Open Banking
- Web Monetization
- Real-time payments and registration for bill pay
- Also: Engagement with new Merchant Business Group
Notes
-
During the final session of the meeting we plan to discuss planning and
prioritization for the next year.
- Please think about that over the next few days!
- Compare with 2019 plan
- That planning and prioritization will include discussion of our own charter,
which goes until the end of 2021.