Re: [webpayments] Should a website be able to provide a label for the "Buy" or "Checkout" button displayed in the payment app? (#66) from Adrian Hope-Bailie on 2016-01-25 (public-payments-wg@w3.org from January 2016)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Mon, 25 Jan 2016 05:58:11 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/66/174516097@github.com>

:-1: unless we have a pre-defined set of verbs the payee can choose from or these are automatically inferred by the payment app based on the terms of the request.

The ability for the entity requesting payment to manipulate the user interface presented to the payer should be considered VERY carefully. This is heavily locked down in many existing payment systems today for good reason.

__EXAMPLE:__ A developer writing custom firmware for physical card acceptance devices is unable to use custom prompts when the device is requesting input from the user. The reasoning is that the developer could publish a malicious application that prompts a user to input their PIN when the data is not being captured securely and the developer is therefor able to steal the user's PIN.

This is a well-understood attack vector in a very mature payments system. Allowing payee's to control the input/prompts presented to users in our far more open and flexible system may expose the user to attacks we can't even imagine today.

I would suggest 3 alternatives (with preference for the first):

1. Allow the payment app to display an appropriate verb based on whatever logic they choose. The payment app is the payer's agent and so is not likely to be malicious or defraud the payer. Example: If the payer is tricked into making a payment or signing up for a subscription by their payment agent it's far more likely they can pursue legal action against the publisher of the payment app than the payee.
1. Always use the verb "Authorise" (which can be easily translated) and allow the payee to provide an appropriate product description:
1. _"Buy 15 widgets"_ - Authorize
1. _"Reserve $120 for your rental car"_ - Authorize
1. _"Subscribe to a weekly newsletter for $15 per week"_ - Authorize
1. Define a set of verbs which are not provided by the payee but selected by the payment app or mediator (browser) based on the terms of the payment being requested. The algorithm used to select these could be well-defined as part of our standard.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/66#issuecomment-174516097

Received on Monday, 25 January 2016 13:59:05 UTC