Comments (3)
After reading some documentation by Visa ("Improving Authorization Management
for Transactions with Stored Credentials") here are some thoughts. I welcome corrections.
- Visa distinguishes between card-on-file and not-card-on-file use cases. This would mean our payment method does not need to distinguish “recurring” from “installment” from “future transactions” use cases. If this is true for other brands, then we could enable the merchant to pass a boolean through the payment request API, for example “card-on-file.” It could be false by default but the merchant could set it to true for a variety of COF use cases.
- When the payment handler receives this bit about the card on file intention, a number of things might happen:
- The network or token service provider might return a different response based on this information.
- The payment handler might use this bit to trigger a user experience for securing consent for storage of the credential.
from src.
During the 29 May discussion [1] we dug more deeply into use cases for which this parameter and possibly others might be useful. As a result of the discussion, brand representatives are going to do more research internally.
It is probably useful to broaden this issue to the question: "What parameters are useful (if any) to support token usage scenarios?" On the call today we heard some combination (possibly) of:
- Token requestor id. If known, this may be sufficient for the token service provider to determine what to return to the token requestor.
- If no token requestor id present, then tokenUsageType and (possibly) tokenRequestorType.
from src.
At the 12 June teleconference [1] we resolved:
- To include an optional cardOnFile boolean. The name was adjusted so that if a more comprehensive approach is taken in the future that relies on some combination of token requestor id, tokenUsageType, and tokenRequestorType, that there will not be confusion in the meaning.
- Default value is "false" which means "guest checkout" use case.
- The purpose of the boolean is to allow the SRC system to optimize the response based on token usage.
- The specification should indicate that this parameter may not be used by all SRC systems.
- The specification should indicate that SRC systems may perform the same or similar optimizations independent of this parameter.
[1] https://www.w3.org/2019/06/12-wpwg-minutes#item01
from src.
Related Issues (20)
- How should assurance data in the response be modeled?
- Token and token reference use cases HOT 2
- Do we need payloadTypeIndicator? HOT 3
- Is EventHistory useful for the Payee
- Is support for custom input/output data required?
- Missing ServiceID in request data
- What request data do we need to support 3DS from the payment handler? HOT 1
- What are user journeys with SRC payment handlers?
- Consumer Identity Mapping
- Can we align AssurancePreference with SRC 3DS Preference?
- Allow for custom data to SRCI
- Can common payment handler be used for card-on-file updates?
- Maybe avoid mention of hasEnrolledInstrument for now? HOT 1
- Make the arc document a markdown doc HOT 2
- Try to remain vendor neutral HOT 3
- Phishing-resistant HOT 1
- SRC-I not defined HOT 1
- Browser-specific manifest instructions HOT 1
- Defining behavior in different SRC-I availability scenarios HOT 1
- expand acronym
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from src.