Summary of MAG questionnaire responses about Basic Card, Tokenized Card, etc. from Ian Jacobs on 2018-08-02 (public-payments-wg@w3.org from August 2018)

From: Ian Jacobs <ij@w3.org>
Date: Thu, 2 Aug 2018 18:39:42 -0500
To: Web Payments Working Group <public-payments-wg@w3.org>
Message-Id: <1DD65F04-B977-4E2B-914E-05F89DA562CA@w3.org>

Dear Web Payments Working Group,

In July, Laura Townsend organized a questionnaire for MAG members about Payment Request API and related Web payments specifications. Here is a summary of the nine responses received.

Ian

----------------
Q. Is the Basic Card data model ok?

- Yes (77.28%)
- No (22.22%)

----------------
Q. What else for Basic Card would you require?

- Shipping address if different from billing

----------------
Q. Is the Tokenized Card Payment data model ok?

- Yes (28.57%)
- No (71.43%)

----------------
Q. What else for Tokenized Card Payment would you require?

- Need indicator to alert for higher level of fraud check in specific instances (high risk purchase/purchaser).
- Cardholder Name
- PAR
- Billing Address

NOTE: Since the survey, the specification has been updated to include Cardholder Name, PAR, and Billing Address. Separately, the WPWG is discussing whether to elevate Billing Address to the Payment Request API.

----------------
Q. Certain Tokenized Card Payment response members are encrypted. Do we have the right set?

- Don't need to encrypt the cryptogram (since already cryptographically derived and can only be used once).
- One responder indicated all fields should be encrypted.

----------------
Q. (Pull request 724) Do you prefer "one event" v. "multiple events"?

- One event (50%)
- Three events (33%)
- Other (16%). This person wrote:

"It would be best to have an event fired for every data element
required. Not only is the more efficient as we do not need to
parse what changed, but it also allows for future use cases where
I only want a behavior when a specific element changes OR new
elements are introduced. For example I want to update shipping
and tax after a billing or shipping was updated or soft login
after an email was entered. Merchants should not have to
interrogate the data to understand the event."

NOTE: The Editors have moved forward with the single event approach based on earlier feedback; see:
https://github.com/w3c/payment-request/pull/724
--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 718 260 9447

Received on Thursday, 2 August 2018 23:39:59 UTC