Web Payments

Web Payments Turbocharging mobile commerce through native browser APIs Jeff
Carpenter – @jcarp

Who is this And why are they up here Jeff
Carpenter Software Engineer Google Chrome (Please note: I am not speaking on behalf of Google) Formerly at Braintree Payments

Let’s go on a journey… a mobile commerce journey...

Let's fix it

</form> <script src=”gateway.js”></script> But what about PCI compliance?

</form> <script src=”gateway.js”></script> <script src=”cc-validator.js”></script> How about client-side validation?

</form> <script src=”gateway.js”></script> <script src=”cc-validator.js”></script> <script src=”paypal.js”></script> <script src=”dogecoin.js”></script> What about supporting different payment methods?

Everyone does this

Everyone does this in a different way

Everyone does this in a different way on mobile

More users are buying on mobile...

...but mobile conversion is much lower

Checkout on mobile web has a UX problem

Most frustrating aspects of mobile checkout • Small screen size
• Entering card information ◦ Need to enter for each merchant • Heterogeneity

Browsers can already store your credit card

Solution: native payment APIs for web

I’m excited about web payments because I don’t like entering
my credit card 1000 times

I'm even more excited about web payments because I'm lazy

2016 has seen two native APIs emerge PaymentRequest Google I/O
May 2016 Safari Apple Pay WWDC June 2016

PaymentRequest

var instruments = [ { supportedMethods: [ 'amex', 'mastercard', 'Visa'
] } ]

var details = { total: { label: 'Donation', amount: {currency:
'USD', value: '55.00'} }, displayItems: [{ label: 'CatDog', amount: { currency: 'USD', value: '65.00' } }] }

new PaymentRequest(instruments, details).show() .then(instrumentResponse => { console.log(instrumentResponse.details) // Spinner is
shown to customer // as you complete transaction // with your back-end instrumentResponse.complete() } )

{ methodName: 'visa', details: { cardHolderName: 'Jane Smith', cardNumber: '4111111111111111',
expiryMonth: '01', expiryYear: '2021', cardSecurityCode: '123' } }

Try it yourself! Chrome 53, Android only • Demo pages
◦ https://googlechrome.github.io/samples/paymentrequest/ • Integration guide • https://developers.google.com/web/fundamentals/primers/paymentrequest/?hl=en

When will PaymentRequest be available? • Available for credit cards
now in Chrome 53! • Android Pay late 2016 • 3rd party apps 2017

When will PaymentRequest be in all browsers?

Mozilla Firefox PaymentRequest in development

Microsoft Edge PaymentRequest in development

Safari Apple Pay in macOS Sierra and iOS 10 Intent
to implement PaymentRequest

Apple Pay in Safari

Apple Pay Payment Processing Certificate Apple Pay Merchant Identity Certificate

if (window.ApplePaySession) { var merchantId = 'com.dogs’ ApplePaySession .canMakePaymentsWithActiveCard(merchantId) .then(function
(canMakePayments) { if (canMakePayments) { // show Apple Pay buttons } }) }

var options = { currencyCode: 'USD', countryCode: 'US', total: {
label: 'Canine Clothing', amount: '19.99' }, supportedNetworks: ['amex', 'masterCard'] };

var session $('.apple-pay-button').on('click', function () { session = new ApplePaySession(1,
options) })

Confirmation pops up on your phone

session.onvalidatemerchant = (event) => { // Send event.validationURL to your
server // Start merchant session by // calling Apple’s servers // with two-way TLS (using merchant // validation certificate) }

PCI Compliance

PCI Compliance estimates Raw PaymentRequest: SAQ A-EP Via a payment
gateway (if supported): SAQ A-EP Android Pay & Apple Pay: SAQ A

SAQ A • SAQ A for raw PANs may not
be possible even with gateway support • W3C spec in development • Feature Policy • <iframe enable=”payment”>

Realistic timeline • Realistically given PCI compliance and browser development
timelines, my wildly speculative estimate is mid to late 2017

Web payments is a win-win for (almost) everyone in the
value chain

Merchants Upside: potentially more card volume Downside: might require engineering
resources to implement (based on how they accept payments)

Payment Gateways Upside: potentially more card volume Downside: engineering resources
to implement

Acquiring banks & Card Networks Upside: potentially more card volume
Upside: no change to existing payment rails

JavaScript library authors Downside: card formatting and validation no longer
handled by JavaScript

PayPal Has always been a simpler and safer alternative to
entering credit cards. Are web payments a threat to one of PayPal’s value props?

W3C Specs • Payment Request API ◦ Payment Method Identifiers
(e.g. the string ‘visa’) ◦ Basic Card Payment (credit card schema) • Start here: ◦ https://github.com/w3c/webpayments/wiki/PaymentRequestFAQ

Learning more • Good explanation of W3C rationale: ◦ https://www.w3.org/Payments/
• Bringing seamless checkouts to the mobile web - Google I/O 2016 ◦ https://www.youtube.com/watch?v=yelPlCVZLEE • Apple Pay WWDC talk ◦ https://developer.apple.com/videos/play/wwdc2016/703/

Thank You Comments - Questions - Tomatoes - @jcarp Special
thanks to: • Elliot Lee, Braintree • Zach Koch, Google Chrome

Resources https://github.com/alrra/browser-logos/ The collective pug owners of the internet

Web Payments

Web Payments

More Decks by jeffcarp

Other Decks in Technology

Featured

Transcript