Streamlining Payments on Mobile

Streamlining Payments on Mobile
Android Makers 2017

View Slide

@Mathieu_Calba

View Slide

Payment is not Easy

View Slide

Payment is not Easy
Amazon

View Slide

Payment is not Easy
Amazon
No Data Validation
No Formatting
No Limitation

View Slide

Payment is not Easy
Lydia

View Slide

Payment is not Easy
Lydia
Pre-filling

View Slide

Payment is not Easy
Lydia
No Formatting
Simple data filling

View Slide

Payment is not Easy
Stripe

View Slide

Payment is not Easy
Stripe
Format hints
Card type recognition
Formatting
Error highlight

View Slide

View Slide

Compatible card types

View Slide

Keep It Stupid and Simple

View Slide

Payment Account Number
4111 1111 1111 1111

View Slide

Expiration Date
4111 1111 1111 1111
04/17

View Slide

Expiration Date
CVV
4111 1111 1111 1111
04/17
111

View Slide

Expiration Date
CVV
Holder Name
4111 1111 1111 1111
04/17
111
Bill Murray

View Slide

Expiration Date
CVV
Holder Name
Terms of Sales
4111 1111 1111 1111
04/17
111
Bill Murray
I agree with the Terms of
Services of Android Makers

View Slide

Expiration Date
CVV
Holder Name
Terms of Sales
Pay Button
4111 1111 1111 1111
04/17
111
Bill Murray
I agree with the Terms of
Services of Android Makers
PAY 123.00 €

View Slide

Testing it

View Slide

Step 1 - Simplest Form
... >
android:id="@+id/edit_card_number"
android:hint="Card Number"
... />
android:id="@+id/edit_expiration_month"
android:hint="Expiration Month"
... />
...
android:id="@+id/check_box_terms"
android:text="I accept the terms & conditions
of AndroidMakers"
... />
android:id="@+id/bt_pay"
android:text="Pay"
... />

View Slide

... >
... />
android:id="@+id/edit_expiration_month"
android:hint="Expiration Month”
... />
...
android:id="@+id/check_box_terms"
android:text="I accept the terms & conditions
of AndroidMakers"
... />
android:id="@+id/bt_pay"
android:text="Pay"
... />

View Slide

Loose sense of what are we filling

View Slide

We can input whatever we want

View Slide

We have to manually select the next field

View Slide

We have to manually select the next field
Keyboard not showing up automatically

View Slide

Taking care of these first form
problems

View Slide

Step 2 - Minimal Form
... />
Keep sense of what are we filling

View Slide

android:id="@+id/card_number"
... >
android:layout_width="match_parent"
android:layout_height="wrap_content" />

Material Components for Android
compile 'com.android.support:design:25.3.0'
Keep sense of what are we filling

View Slide

InputType
Bit masking defining the basic content type of a text in an Editable object.
Used by IME to determine which keyboard to display.
Limit the input

View Slide

4 classes of InputType:
TYPE_CLASS_DATETIME
TYPE_CLASS_NUMBER
TYPE_CLASS_PHONE
TYPE_CLASS_TEXT
Limit the input

View Slide

Many flags & variations:
TYPE_DATETIME_VARIATION_DATE
TYPE_DATETIME_VARIATION_NORMAL
TYPE_DATETIME_VARIATION_TIME
TYPE_NUMBER_FLAG_DECIMAL
TYPE_NUMBER_FLAG_SIGNED
TYPE_NUMBER_VARIATION_NORMAL
TYPE_TEXT_FLAG_AUTO_COMPLETE
TYPE_TEXT_FLAG_AUTO_CORRECT
TYPE_TEXT_FLAG_CAP_CHARACTERS
Limit the input
TYPE_TEXT_FLAG_CAP_SENTENCES
TYPE_TEXT_FLAG_CAP_WORDS
TYPE_TEXT_FLAG_MULTI_LINE
TYPE_TEXT_FLAG_NO_SUGGESTIONS
TYPE_TEXT_VARIATION_PASSWORD
TYPE_TEXT_VARIATION_PERSON_NAME
TYPE_TEXT_VARIATION_PHONETIC
TYPE_TEXT_VARIATION_URI
...

View Slide

TextView.setInputType(int type)
Only change the input capabilities (keyboard, pasting, etc). Does NOT validate
the input.
Limit the input

View Slide

android:inputType
XML attribute
Limit the input

View Slide

Many flags & variations:
date
datetime
none
number
numberDecimal
numberSigned
textAutoComplete
textAutoCorrect
textCapCharacters
textCapSentences
Limit the input
textCapWords
textImeMultiLine
textMultiLine
textNoSuggestions
textPassword
textPersonName
textPhonetic
textVisiblePassword
time
...

View Slide

Expiration Date
TYPE_CLASS_DATETIME |
TYPE_DATETIME_VARIATION_DATE or date
Payment Account Number & CVV
TYPE_CLASS_NUMBER |
TYPE_NUMBER_VARIATION_NORMAL or
number
Card Holder
TYPE_CLASS_TEXT |
TYPE_TEXT_VARIATION_PERSON_NAME or
textPersonName
Limit the input

View Slide

TextView.setImeOptions
(int imeOptions)
Extend the type information for an Editor to
improve IME integration with the application.
Moving between inputs

View Slide

Many actions & flags:
IME_ACTION_DONE
IME_ACTION_GO
IME_ACTION_NEXT
IME_ACTION_NONE
IME_ACTION_PREVIOUS
IME_ACTION_SEARCH
IME_ACTION_SEND
IME_ACTION_UNSPECIFIED
IME_FLAG_FORCE_ASCII
IME_FLAG_NAVIGATE_NEXT
IME_FLAG_NAVIGATE_PREVIOUS
IME_FLAG_NO_ACCESSORY_ACTION
IME_FLAG_NO_ENTER_ACTION
IME_FLAG_NO_EXTRACT_UI
IME_FLAG_NO_FULLSCREEN

View Slide

android:imeOptions
XML attribute

View Slide

Many actions & flags:
actionDone
actionGo
actionNext
actionNone
actionPrevious
actionSearch
actionSend
actionUnspecified
flagForceAscii
flagNavigateNext
flagNavigatePrevious
flagNoAccessoryAction
flagNoEnterAction
flagNoExtractUi
flagNoFullscreen
normal

View Slide

TextView.setOnEditorActionListener
(OnEditorActionListener l)
Help you react on the Keyboard action key press

View Slide

Going Next (all except Card Holder)
IME_ACTION_NEXT or actionNext
Done (Card Holder)
IME_ACTION_DONE or actionDone

View Slide

When Activity starts
Showing/Hiding Keyboard

View Slide

android:windowSoftInputMode
Activity attribute defining how it interacts with the window containing the
keyboard.

View Slide

Can be a state and/or adjust.
state: state of the keyboard when
Activity becomes visible
stateUnspecified (default)
stateUnchanged
stateHidden
stateAlwaysHidden
stateVisible
stateAlwaysVisible
adjust: adjustments made to the
Activity’s main Window
adjustUnspecified (default)
adjustResize
adjustPan

View Slide

Hide the keyboard if shown when the user tap
the terms and conditions checkbox

View Slide

On demand
InputMethodManager.showSoftInput(View view, int flags)
InputMethodManager.hideSoftInputFromWindow
(IBinder windowToken, int flags)

View Slide

On demand
public static void hideSoftKeyboard(Context context, View view) {
InputMethodManager imm = (InputMethodManager) context.
getSystemService(Context.INPUT_METHOD_SERVICE);
imm.hideSoftInputFromWindow(view.getWindowToken(), 0);
}
public static void showSoftKeyboard(Context context, View view) {
InputMethodManager imm = (InputMethodManager) context.
getSystemService(Context.INPUT_METHOD_SERVICE);
imm.showSoftInput(view, 0);
}

View Slide

Adapting each Fields
to its Kind of Content

View Slide

First up:
Expiration Date fields

View Slide

Step 3 - Improving Expiration Date
No data validation
No error display

View Slide

Spinner are not suitable for month/year
selection on mobile due to the large amount of
possibilities
Data Validation

View Slide

TextView.addTextChangedListener
(TextWatcher watcher)
Listener on user inputs
Data Validation

View Slide

public interface TextWatcher extends NoCopySpan {
public void beforeTextChanged(CharSequence text,
int start, int count,
int after);
public void onTextChanged(CharSequence text,
int start, int before,
int count);
public void afterTextChanged(Editable text);
}
Data Validation

View Slide

private ForegroundColorSpan mErrorSpan = new ForegroundColorSpan(Color.RED));
private boolean mIsEditing;
@Override
public void afterTextChanged(Editable text) {
if (mIsEditing) {
return;
}
mIsEditing = true;
text.removeSpan(mErrorSpan);
String expirationMonth = text.toString();
if (isExpirationMonthLengthValid(expirationMonth)) {
if (!isExpirationMonthValid(expirationMonth)) {
text.setSpan(mErrorSpan, 0, LENGTH_EXPIRATION_MONTH, Spanned.SPAN_EXCLUSIVE_EXCLUSIVE);
mEditView.setContentDescription("incorrect card expiration month");
mEditView.announceForAccessibility(mEditView.getContentDescription());
}
}
mIsEditing = false;
}
Data Validation

View Slide

Data Validation

View Slide

Lot of space wasted, maybe we could merge
the expiration month and year fields into one
‣ Consolidate same kind of data together
‣ Allows us to validate the month with the
year
‣ Make room for CVV on the right and Pay
button moves up, making it always visible

View Slide

Using formatting pattern MM/YY
Without letting the user enter /
Optimising fields distribution

View Slide

private boolean mIsEditing;
@Override
if (mIsEditing) {
return;
}
mIsEditing = true;
// Remove filters because they prevent us from inserting
// non-digit characters when inputType is set to "number"
InputFilter[] inputFilters = text.getFilters();
text.setFilters(InputFilterUtils.EMPTY_FILTERS);
[...]
mIsEditing = false;
}

View Slide

@Override
[...]
// 1. We extract the expirationMonth and expirationYear
String noSpaceText = getDigitOnlyText(text);
int length = noSpaceText.length();
String expirationMonth = noSpaceText.
substring(0, Math.min(length, LENGTH_EXPIRATION_PARTIAL));
String expirationYear = "";
if (noSpaceText.length() > LENGTH_EXPIRATION_PARTIAL) {
expirationYear = noSpaceText.substring(
LENGTH_EXPIRATION_PARTIAL, Math.min(length, LENGTH_EXPIRATION));
}
[...]
}

View Slide

@Override
[...]
// 2. We try to format the newly entered text here
CharSequence base = getFormattedExpirationDate(
expirationMonth, expirationYear);
text.removeSpan(mErrorSpan);
text.replace(0, text.length(), base);
// 3. We handle the error in this field like in previous slide
// 4. Re-install filters
text.setFilters(inputFilters);
mIsEditing = false;
}

View Slide

Auto-advance to the next field!

View Slide

@Override
[...]
if (isMonthValid && isYearValid) {
if (isExpirationDateValid(month, year)) {
mCvvView.requestFocus();
CharSequence text = mCvvEditView.getText();
mCvvEditView.setSelection(text.length());
}
}
mIsEditing = false;
}
Auto-advance to the next field

View Slide

Spreading these improvements

View Slide

Step 4 - Improving PAN
No formatting

View Slide

No formatting
No data validation

View Slide

No formatting
No data validation
No error display

View Slide

Many types of Cards, multiple formats
Visa - 4xxx xxxx xxxx xxxx
Formatting

View Slide

Mastercard - 51xx xxxx xxxx xxxx
-> 55xx xxxx xxxx xxxx
Formatting

View Slide

to 55xx xxxx xxxx xxxx
American Express - 34xx xxxxx xxxxx
and 37xx xxxxx xxxxx
Formatting

View Slide

to 55xx xxxx xxxx xxxx
American Express - 34xx xxxxx xxxxx
and 37xx xxxxx xxxxx
and many others: https://en.wikipedia.org/wiki/Payment_card_number
Formatting

View Slide

Each type must validate the Luhn Algorithm:
public static boolean checkLuhnValidity(String number) {
int sum = 0;
boolean isOdd = true;
for (int i = number.length() - 1; i >= 0; i--) {
String digitString = number.substring(i, i + 1);
int digit = Integer.parseInt(digitString);
sum += isOdd ? digit : digit / 5 + (digit << 1) % 10;
isOdd = !isOdd;
}
return sum % 10 == 0;
}
Data Validation

View Slide

Using same technics as with the Expiration
Date field

View Slide

Detect type of card

View Slide

Detect type of card
Validate it

View Slide

Detect type of card
Validate it
Display type of card

View Slide

Detect type of card
Validate it
Handle CVV length

View Slide

Detect type of card
Validate it
Handle CVV length
Display icon for each fields

View Slide

Keep it Safe for your Users
(and for you)

View Slide

Keep it Safe for your Users (and for you)
WindowManager.LayoutParams.FLAG_SECURE
Allows to configure a Window as secure
Blocking screen capture

View Slide

Before calling Activity.setContentView(), add:
getWindow().setFlags(
LayoutParams.FLAG_SECURE,
LayoutParams.FLAG_SECURE)

View Slide


View Slide

A webpage hosted by the bank to validate the
identity of the person using the credit card
Totally outside of our control and the control of
your provider of payment
3D Secure

View Slide

Webpage can take forever to load or can fail to load without any message
Need to inform the user what’s happening
Adding a permanent SnackBar or other in layout message indicating that the
process is in progress, and what to do if nothing happens after some time
3D Secure

View Slide

Keep it Contextual

View Slide

Keep it Contextual
Let the User know what he is paying
Display the price directly on the Pay button

View Slide

Adapt to your Users

View Slide

Adapt to your Users
Be frictionless on the payment
Accept the most payment methods
Adapt to your marketed countries (PayPal in Italy, SOFORT in Germany, etc)
Use Android Pay if it’s available in your country (No France, thanks Google )
Remember their preferred payment method
Multiple Payment Methods

View Slide

Adapt to your Users
How to adapt the UI with multiple payment methods and keeping it clean?
No universal good way
Depends on your business and what you want to optimise for

View Slide

Adapt to your Users
Expanding list with one entry per payment
method

View Slide

Adapt to your Users
List with your preferred way of paying or the
mostly used at the top promoted at the top

View Slide

Adapt to your Users
Directly select the preferred way of paying (or
the mostly used)
And add an access to other payment methods

View Slide

View Slide

Remember for Them

View Slide

–Me, right now
“The better way to make a user fill in a form
is to fill it for him”

View Slide

Remember for Them
Suggest saving payment cards on your server
for recurring users, but do not force them to do
so
The perfect moment to suggest it is just after a
payment succeed

View Slide

Remember for Them
Do it on the server, not locally, as some public organisations do not allow you to
do so
Server needs to be certified with PCI-DSS at a very high level, not an easy and
quick thing to obtain

View Slide

Remember for Them
A saved payment card is
probably the preferred way
of paying, so make it the
most accessible one

View Slide

Remember for Them
Autofill Framework
Coming to Android O

View Slide

Stay One Touch Away
aka le Paiement Digital

View Slide

Stay One Touch Away
Do not force the user to use
his fingerprint
Fingerprint API

View Slide

Stay One Touch Away
Allow to use the CVV
Fingerprint API

View Slide

Stay One Touch Away
API 23 min, but compatibility version available in support library
Requires android.permission.USE_FINGERPRINT (not dangerous)
Fingerprint API

View Slide

Stay One Touch Away
FingerprintManager
Detect presence of Fingerprint hardware
CTS enforce the presence of an hardware backed KeyStore for it to be
compatible with the Android API
Detect if any fingerprint is enrolled
Authenticate a FingerprintManager.CryptoObject
Fingerprint API

View Slide

Stay One Touch Away
FingerprintManager.CryptoObject
Wrapper for using crypto objects with FingerprintManager
Works on Cipher, Mac, and Signature objects
Fingerprint API

View Slide

Stay One Touch Away
Mac
Checks integrity of information transmitted over or stored in an unreliable
medium, using a secret key known by each entities that want to read/write the
information
Fingerprint API

View Slide

Stay One Touch Away
Signature
Provides digital signature algorithm
Used for authentication and integrity assurance of digital data
Fingerprint API

View Slide

Stay One Touch Away
Fingerprint API with Signature - enrolment
My Application
Server
Payment
Cards
Fingerprint
Manager
create Signature
for a PrivateKey
1
authenticate
Signature
2
register
Signature
3
save
Signature
4
KeyStore

View Slide

Stay One Touch Away
Fingerprint API with Signature - payment
My Application
Server
Payment
Cards
Fingerprint
Manager
create Signature
for a PrivateKey
1
authenticate
Signature
2
pay with
Signature
3
validate
Signature
4
5
access
Payment Card
KeyStore

View Slide

Stay One Touch Away
Cipher
Cryptographic cipher for encryption and decryption
Needs a transformation, aka the operations you want to apply to your input to
get the output
Fingerprint API

View Slide

Stay One Touch Away
Fingerprint API with Cipher - encryption
My Application
KeyStore
Fingerprint
Manager
prepare Cipher
with a SecretKey
in encrypt mode
1
authenticate
Cipher
2
Database
save Cipher.getIV()
and encrypted Data
4
encrypt Data with
authenticated Cipher
3

View Slide

Stay One Touch Away
Fingerprint API with Cipher - encryption
My Application
KeyStore
Server
Payment
Cards
Fingerprint
Manager
prepare Cipher
with a SecretKey
and the IV
in decrypt mode
2
authenticate
Cipher
3
pay with
decrypted Data
6
Database
get the IV for
this Data
1
decrypt Data
with Cipher
5
get the
encrypted Data
4

View Slide

Stay One Touch Away
Consult a security expert to know exactly
what you can do with storing credit card data!
Fingerprint API

View Slide

Stay One Touch Away
FingerprintManager.isHardwareDetected()
Fingerprint API

View Slide

Stay One Touch Away
FingerprintManager.hasEnrolledFingerprints()
Fingerprint API

View Slide

Stay One Touch Away
FingerprintManager.authenticate(
CryptoObject crypto,
int flags,
CancellationSignal cancel,
AuthenticationCallback callback,
Handler handler)
Fingerprint API

View Slide

Stay One Touch Away
public static abstract class AuthenticationCallback {
public void onAuthenticationError(int errorCode, CharSequence errString) { }
public void onAuthenticationHelp(int helpCode, CharSequence helpString) { }
public void onAuthenticationSucceeded(AuthenticationResult result) { }
public void onAuthenticationFailed() { }
public void onAuthenticationAcquired(int acquireInfo) { }
};
Fingerprint API

View Slide

Questions?

View Slide

Credits
• Google Pixel device frames: Anjo Cerdeña https://material.uplabs.com/
posts/flat-google-pixel-svgs
• Fonts: Yanone Kaffeesatz & Signika

View Slide

Streamlining Payments on Mobile

Streamlining Payments on Mobile

Mathieu Calba

More Decks by Mathieu Calba

Other Decks in Programming

Featured

Transcript