Re: [w3c/payment-method-basic-card] Leave Off Unneeded Information (#5)

What's clear to me is that my complete billing address (including phone number) shouldn't be sent to every merchant using `basic-card` since most checkout web forms using credit cards don't require all that information now and so users won't expect the information to be leaked. It seems like Apple has a similar viewpoint since their Apple Pay payment method doesn't include the billing address by default, the merchant needs to specifically request an array of [`requiredBillingContactFields`](https://developer.apple.com/documentation/apple_pay_on_the_web/applepaypaymentrequest/2216120-requiredbillingcontactfields). I personally don't think Mozilla should ship an implementation of basic-card that leaks the billing address by default.

Even if the merchant indicates they require a postal billing address, it's not clear whether a billing phone number is required even though that is also part of the [`PaymentAddress`](https://w3c.github.io/payment-request/#dom-paymentaddress) structure. It seems like we should have a separate option to request the billing phone number. e.g. if we copy Apple's approach we could have
```js
requiredBillingContactFields: [
  "name",
  "phone",
  "postalAddress",
]
```
(values are a subset of [`ApplePayContactField` options](https://developer.apple.com/documentation/apple_pay_on_the_web/applepaycontactfield))

I would ideally like the address to be even more fine-grained since some merchants only need the ZIP code for fraud detection, not the rest of the address.

Btw. I don't think an exclusion approach (#29) is the right idea as the defaults will heavily influence what developers request and we should only be giving the minimum required by default.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/issues/5#issuecomment-382128789