58
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 20:35, 27 June 2018
, 27 June 2018→How It Works: add link to basic card spec
(→Storage of User Data: add exp date) |
(→How It Works: add link to basic card spec) |
||
| Line 7: | Line 7: | ||
Traditionally, the checkout process for an e-commerce website has been loaded in [https://en.wikipedia.org/wiki/Web_content web content]. As a result, the shopper has filled out payment-related details (credit card number, card expiration date, card security code, billing address, shipping address, etc.) at the merchant site, often in a workflow spread over several web pages. When the user has provided all required information and is satisfied with the final order details, the shopper clicks a button like "Place Order" and the shopper's payment instrument (e.g., a debit card) is authorized to pay the amount due. Although [[Firefox/Features/Form_Autofill|form autofill]] can make the checkout process somewhat less inconvenient, the user experience varies from merchant to merchant and can contain various security vulnerabilities. | Traditionally, the checkout process for an e-commerce website has been loaded in [https://en.wikipedia.org/wiki/Web_content web content]. As a result, the shopper has filled out payment-related details (credit card number, card expiration date, card security code, billing address, shipping address, etc.) at the merchant site, often in a workflow spread over several web pages. When the user has provided all required information and is satisfied with the final order details, the shopper clicks a button like "Place Order" and the shopper's payment instrument (e.g., a debit card) is authorized to pay the amount due. Although [[Firefox/Features/Form_Autofill|form autofill]] can make the checkout process somewhat less inconvenient, the user experience varies from merchant to merchant and can contain various security vulnerabilities. | ||
By using the [https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API W3C Payment Request API], the web payments feature will present a standardized, more secure checkout flow in a trusted browser dialog window. At a high level, the workflow is as follows: | By using the [https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API W3C Payment Request API] and the [https://www.w3.org/TR/payment-method-basic-card/ W3C Basic Card Payment Method], the web payments feature will present a standardized, more secure checkout flow in a trusted browser dialog window. At a high level, the workflow is as follows: | ||
# At the merchant website, the user chooses items to purchase and clicks a "Pay" button of some kind. | # At the merchant website, the user chooses items to purchase and clicks a "Pay" button of some kind. | ||