Comments (7)
While this is certainly one way to do it, I don't think it's preferred or ideal. The user should be put through and 3DS flow inside of the payment instrument before any data is returned to the merchant. The goal is to make things easier for merchants and put the complicated logic inside of the payment instrument and whomever is providing that instrument.
Not sure this is possible. The way 3DS works today (as I understand it from a South African perspective) is that the merchant PSP has to go out and get the URL that they will redirect the payer to for them to do their 3DS auth. This can only happen after the paymentResponse has been returned to the merchant PSP.
To do this in the "payment instrument" would require a second call to the API or would require 3DS to adapt to our flow.
from webpayments.
You seem to be conflating the user and the browser ("Payer (Shopper) Browser"), but these are distinct roles and I'm getting confused who is taking what action. Perhaps you really just mean "Browser" here? Since there's only one browser (or "User-Agent") in any given transaction, I don't think we need to be more specific here.
Yes I have conflated them for the moment, I intended this to cover user interactions and the part of the user-agent that renders pages and deal with redirects. I can split them out if necessary, but for simplicity I had hoped this wasn't necessary.
I do not know what a "Browser Payment Agent/Wallet" and a "Payer (Shopper) PSP Wallet [aka Issuer Wallet]" are or how they differ.
Browser Payment Agent/Wallet is the Browsers inbuilt wallet
Payer (Shopper) Wallet [aka Issuer Wallet] is a 3rd party payment instrument and/or wallet and is an optional part of the flow. I added this to underline that it may come from something outside the browser and also that credit card issuers may provide these payment instruments.
While this is certainly one way to do it, I don't think it's preferred or ideal. The user should be put through and 3DS flow inside of the payment instrument before any data is returned to the merchant. The goal is to make things easier for merchants and put the complicated logic inside of the payment instrument and whomever is providing that instrument.
Yes, its not the end goal of what we are trying to achieve, but the existing 3DS implementations are a reality we need to deal with in our implementations. Whilst 3DS 2.0 is being discussed, I believe we will need to deal with 3DS 1.0 in our time-frames as I currently understand them. If the payment instrument is going to deal with 3DS, are you proposing that we will provide a vanilla 3DS implementation in the browser (at least initially)?
I think we need to as a group understand where we are talking about 'strategic' flows, where we need payment instrument from 3rd parties to enable the flow and where we are talking about 'transitional' flows, i.e. ones that will assist with our adoption, whilst not being ideal. This flow is definitely 'transitional'!
I am using planttext.com to take plain text and convert it into actual diagram, so not 100% sure it's accurate
I have no reason to think this is inaccurate, but for consistency, I'm recommending people use this site for rendering http://plantuml.com/plantuml/
from webpayments.
Since 3DS is meant to authenticate the cardholder, I'd expect in the mid-term that the schemes (sorry - methods) would define a way to transport in the payment response a proof-of-ownership (and consent) that would be recognized as a valid replacement for 3DS. This would typically be some kind of signature generated by the payment app.
In the mean time, for the "legacy" payment method, we can add an optional "UCAF" field in the payment response (UCAF stands for Universal Cardholder Authentication Field, and is the value that is generated by the issuer of the card at the end of the 3DS authentication, and attached by the merchant's PSP to the authorization request). That way, if the payment app is able to generate that value (typically if it's acting on the issuer behalf or if it's running 3DS itself), the merchant can skip the whole 3DS redirect phase and send the authorization request directly.
from webpayments.
Laurent, I agree with this, though we do need to address the short-term solution also to improve adoption speed as far as I am concerned. The specification need to allow the extension of the 'standard common payment methods' (i.e. cards) for things like tokenisation, 3DS 2.0, encryption etc. rather than treat cards as a legacy.
from webpayments.
Quite. Payment cards must be first class citizens in any solution.
On Wed, Nov 25, 2015 at 7:01 AM, mattsaxon [email protected] wrote:
Laurent, I agree with this, though we do need to address the short-term
solution also to improve adoption speed as far as I am concerned. The
specification need to allow the extension of the 'standard comment payment
methods' (i.e. cards) for things like tokenisation, 3DS 2.0, encryption
etc. rather than treat cards as a legacy.—
Reply to this email directly or view it on GitHub
#10 (comment).
Shane McCarron
[email protected]
from webpayments.
@mattsaxon any plans from anyone in the flows TF to try their hand at a 3DS payment method spec?
from webpayments.
Closing as flows related work is now in https://github.com/w3c/webpayments-flows
from webpayments.
Related Issues (20)
- [Payment apps] How can we optimize user experience when there is only one match? HOT 1
- Pull filters out of payment method data HOT 2
- Overview document figure 5 HOT 13
- Propose a payment method specification that includes an example of field level security HOT 1
- propose to add encoding attribute to data set HOT 18
- European market - Security concerns HOT 10
- [Tokenized Card Payment] Replace usage of 'last4' with 'suffix' HOT 8
- [Tokenized Card Payment] TokenCardRequest should inherit from BasicCardRequest HOT 3
- 3D secure support HOT 4
- Sepamail WebIDL syntax and algorithms HOT 4
- Payment Method Manifest spec - should enable country specific app discovery HOT 9
- Fingerprint and version metadata (in Web App Manifest spec) HOT 36
- Should the WPWG develop a cryptocurrency payment method specification HOT 14
- Adopt a "test as you commit" policy HOT 10
- Just a question, curious HOT 1
- Visual Identity for Web Payments HOT 14
- Specify both pickup and delivery addresses in a single payment request HOT 2
- QR use cases HOT 5
- Proposal to restore charter text around UI being out of scope HOT 10
- Pagos alex
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webpayments.