- From: Stephen McGruer <notifications@github.com>
- Date: Wed, 26 Jan 2022 08:10:29 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments/pull/260/review/863764106@github.com>
@stephenmcgruer commented on this pull request. > @@ -0,0 +1,29 @@ +# EMV® Secure Remote Commerce (SRC) User Recognition +<sup>[Home][home] > [Use Cases][use-cases] > SRC User Recognition</sup> + +See more [information about EMV®SRC](https://www.emvco.com/emv-technologies/src/), including the "Click-to-Pay" consumer facing UX. + +## Overview of Click-to-Pay Flow + +* During an enrollment phase, the user registers a card with an SRC System; thusthe SRC System has a relationship and uses cookies to recognize returning users. ```suggestion * During an enrollment phase, the user registers a card with an SRC System; thus the SRC System has a relationship and uses cookies to recognize returning users. ``` > +See more [information about EMV®SRC](https://www.emvco.com/emv-technologies/src/), including the "Click-to-Pay" consumer facing UX. + +## Overview of Click-to-Pay Flow + +* During an enrollment phase, the user registers a card with an SRC System; thusthe SRC System has a relationship and uses cookies to recognize returning users. +* At transaction time, the user pushes the Click-to-Pay button on a merchant site. This is typically provided by another party, the SRC Initiator (SRC-I), in a 3p context. +* The SRC-I interacts with each SRC system (by dispatching SRC system cookies to their servers) to establish whether this is a returning user, and if so, to retrieve registered cards. +* The SRC-I aggregates the responses into a candidate card list (i.e., cards registered in SRC systems under that user identity). +* The SRC-I displays the list of cards to the user for selection. +* (The rest of the flow happens, but it is not essential to understanding the problem statement.) + +## Expected Impact + +The desired user experience is that the user pushes the Click-to-Pay button and is presented with a list of registered cards. + +If third-party cookies are unavailable, an SRC-I will not recognize the user across different merchant sites. This means that the user will need to enter the SRC identity (e.g., via a form field) and possibly other information on each merchant site. I think the first half of this statement is still incorrect? The problem is not even different merchant sites, its far more fundamental - the **SRC systems** are in a 3p context when queried and thus cannot automatically identify the user. Instead, the user must enter their SRC identity manually as you then describe. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/pull/260#pullrequestreview-863764106 You are receiving this because you are subscribed to this thread. Message ID: <w3c/webpayments/pull/260/review/863764106@github.com>
Received on Wednesday, 26 January 2022 16:10:41 UTC