W3C home > Mailing lists > Public > public-payments-wg@w3.org > September 2016

Feedback on Roy's document on Push Payments

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Thu, 15 Sep 2016 16:27:23 +0200
Message-ID: <CA+eFz_Jv2LQmdBeW6YeRM_qJeJC2X_CBX79GQMvZyeq3rqAxZw@mail.gmail.com>
To: Payments WG <public-payments-wg@w3.org>
Regarding the document at:
https://github.com/w3c/browser-payment-api/blob/gh-pages/failure-handling.md

I think that the crux of solving this is the ability to keep the payee
informed of the state of a payment throughout the flow and, if they stop
getting state updates the ability to reference that payment when issuing
queries or reversal requests to other systems.

This kind of thing is well defined for protocols like ISO8583 (card
payments) but there are a few models. For example in ISO8583 you can use
either positive or negative completion. I.e. Assume a response has been
delivered unless you receive a request to reverse the original request vs
don't commit a tx until you get confirmation that the response has been
received.

I think our biggest risk is in the interactions between the
mediator/browser and the app. I think we can be fairly confident that once
the browser has the payment response it will be passed on to the payee
website.

One simple thing we can do to help developers of both payee websites and
apps is give every request a unique identifier. I'd be interested to hear
Adrian and Zach's thought's on this but my suggestion would be that
whenever a new PaymentRequest object is instantiated it internally
generates a new UUID which is accessible via a property of the object so
the website can record it before even calling show().

This same UUID (generated by the mediator) would be passed to the payment
app and payment methods would be expected to ensure that this identifier
travels with the payment through it's life-cycle so that the payee is able
to query the state from any component in the flow.

The next challenge is notifying the payee when the user has selected an
app/payment method so that if there is no further communication from the
mediator/browser the payee has some idea of how to query the status of the
payment.

Would an event that is emitted by the PaymentRequest object at that time be
sufficient?

The payee can assume that until they see that event the user has not even
picked an app and therefor there is no risk that the payment has been
initiated.

Note: It seems to me that unless we surface the actual instruments (and
therefor methods) using options as currently described in the payment apps
spec it is impossible to give the payee enough information to recover.

Finally, my recommendations for all push payment will be the following:

- Some form of signature on the request to verify the payee. ApplePay is
already doing this and it seems like a good idea if the payment is actually
processed by the app to ensure that some malicious code is not tampering
with the request before the app receives it.

- A callback URL in the request, or a static URL defined by the payment
method, that is used by the app to POST data back to the payee or payment
processing system rather than depending on the browser passing the data
back to the website which may or may not have timed out, lost focus, been
closed.

- A website that starts up and is able to determine that it was in the
middle of a transaction could then still pull the UUID of that transaction
from local storage and attempt to recover it's state.

Looking forward to the discussion!
Received on Thursday, 15 September 2016 14:27:52 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 15 September 2016 14:27:52 UTC