58
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 17:58, 27 June 2018
, 27 June 2018add How It Works section
(→Fingerprinting: Add proviso and link to EFF report) |
(add How It Works section) |
||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
The [[Firefox/Features/Web_Payments|web payments feature]] enables a faster, more secure payment process for online commerce | The [[Firefox/Features/Web_Payments|web payments feature]] enables a faster, more secure payment process for online commerce. This page describes the privacy and security characteristics of the initial release in Firefox, as well as a roadmap of future enhancements. | ||
== How It Works == | |||
Traditionally, the checkout process for an e-commerce website has been loaded in [https://en.wikipedia.org/wiki/Web_content web content]. As a result, the shopper has filled out payment-related details (credit card number, card expiration date, card security code, billing address, shipping address, etc.) at the merchant site, often over the course of several web pages in a workflow. When the user has provided all required information and is satisfied with the final price and order details (e.g., shipping method), the shopper clicks a button like "Place Order" and the shopper's payment instrument (e.g., a debit card) is authorized to pay the amount due. Although [[Firefox/Features/Form_Autofill|form autofill]] can make the checkout process somewhat less inconvenient, the user experience varies from merchant to merchant. | |||
By using the [https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API W3C Payment Request API], the web payments feature will present a standardized checkout flow in a trusted browser dialog window. At a high level, the workflow is as follows: | |||
1. At the merchant website, the user chooses items to purchase and clicks a "Pay" button of some kind. | |||
2. The merchant website invokes the PaymentRequest.show() method in the browser. | |||
3. Firefox presents a browser dialog window to complete the purchase. | |||
4. In the browser dialog window, the user provides information requested by the merchant (credit card number, shipping address, etc.), optionally requesting that Firefox save the information locally for re-use in future transactions. | |||
5. When the user completes the in-browser workflow, the browser sends a PaymentResponse to the merchant website with the requested information. | |||
6. Optionally the merchant website might ask the user to correct an error (e.g., an invalid postal code) and would then call the PaymentRequest.retry() method; the user would then correct the error and finish the workflow. | |||
7. When the merchant website accepts the PaymentResponse, it calls the PaymentRequest.complete() method and Firefox closes the browser dialog window. | |||
== Storage of User Data == | == Storage of User Data == | ||
| Line 23: | Line 37: | ||
== Data Exchange with Merchant Websites == | == Data Exchange with Merchant Websites == | ||
The | The Payment Request API has several security advantages over existing payment flows: | ||
* First, the payment request from merchant to browser and the payment response from browser to merchant are always protected by Transport Layer Security (HTTPS) because the Payment Request API can be used only in [https://www.w3.org/TR/secure-contexts/ secure contexts]. | * First, the payment request from merchant to browser and the payment response from browser to merchant are always protected by Transport Layer Security (HTTPS) because the Payment Request API can be used only in [https://www.w3.org/TR/secure-contexts/ secure contexts]. | ||