Share user data with Payment App

[frank-hoffmann]

I propose that Payment Apps should be able to receive user data stored in the browser after explicit consent from the user. This is only relevant if RequestShipping or RequestPayer* is set to true in the PaymentRequest.

Use cases:

• Payment App require user data to authorize payment. Payment App do not have to ask for the same information again
• Payment App can simplify enrollment by utilizing user data stored in the browser
• A user have multiple "accounts", e.g. private/business. Payment App can identify this by email/phone
• Shared computer/browser. Payment App can identify the user by email/phone

User consent
In order for the Payment App to receive user data in the PaymentAppRequest explicit consent is needed from the user. This can be asked for either at installation or at first time using the Payment App.

The Payment App should indicate that it wants to receive user data at time of installation, when doing the requestPermission call.

User data
The user data in question is the same user data that the merchant get back with the PaymentResponse depending on the RequestShipping or RequestPayer* flags

[adrianhopebailie]

+1 to this proposal.

Payment through instant credit, using basic user and transaction information for scoring, is an increasingly common use case in developing economies where traditional credit is not available.
i.e. Just the user's mobile number may be enough

This is the user's data and they should be allowed to share it with payment apps they trust if they choose to do so.

[marcoscaceres]

Yes, no one disagrees with the use case - but asking for permission up front is not great. If you want this data, you need to call .show() at least once. Then the user can tell the browser to always share the appropriate data with the site on subsequent payment requests.

However, it's up to the UA to provide this UI/UX capability and not something that needs to be in the spec.

[adrianhopebailie]

However, it's up to the UA to provide this UI/UX capability and not something that needs to be in the spec.

The implication for the spec is that we define a way for:
a) the handler to request that it receives the data (it must make this request either at registration or in response to handling a payment request).
b) a mechanism for passing the data to the app

How we solve a) impacts the way browsers will ask for permission so while we may not design that we do need to consider it.

[tommythorsen]

Proposal

A payment app can request user data after being invoked, by calling a new method requestUserData() on PaymentManager:

interface PaymentManager {
    [SameObject]
    readonly attribute PaymentInstruments instruments;
    [SameObject]
    readonly attribute PaymentWallets     wallets;
    Promise<boolean> requestPermission();
    Promise<PaymentUserData> requestUserData(sequence<PaymentUserDataField> fields);
};

enum PaymentUserDataField {
    "name",
    "email",
    "phone",
    "shippingAddress"
};

dictionary PaymentUserData {
    DOMString name;
    DOMString email;
    DOMString phone;
    DOMString shippingAddress;
};

It is only possible for the payment app to receive user data that was required by the original PaymentRequest.

The browser may present a permission request dialog to the user. If the user chooses to not give permission to the app, the returned promise will be rejected.

[jnormore]

I get the need to ask for permission but I find the UX a little strange. The customer selects BobPay, payment app is triggered, payment app asks for permission, browser asks user "Do you want to allow BobPay to access your name and email address?", ...

I really only find it strange when comparing it to the experience today with a direct merchant -> payment provider interaction, where what data is shared with the payment provider is determined by the merchant and no permission is required. For a customer, something asking for permission to share data, especially for those not-so-sophisticated customers, is going to scare them off and cause a pretty big increase in cart abandonment rate.

I'm not saying a lot of payment providers don't need this data, I know they do and they should get it, I'm speaking from a merchant and customer experience perspective. I don't have a good answer on the sharing of the data, that may be another problem to solve, I just think that asking for permission on something during a payment process (a time when most customers may be a little on edge) is going to hurt checkout conversion rate a lot.

[rsolomakhin]

Does this API have to be in the payment handler spec? We can use the proposed Phone number API for phone numbers, for example, so maybe additional "Name API," "Email API," and "Address API" would be useful.

[jnormore]

A better approach instead of asking for permission during the purchase flow would be to ask during the install process IMO, anything to not increase cart abandonment rate.

[dlongley]

@rsolomakhin,

Does this API have to be in the payment handler spec? We can use the proposed Phone number API for phone numbers, for example, so maybe additional "Name API," "Email API," and "Address API" would be useful.

This sounds like it's potentially getting into Verifiable Claims territory. We've voiced our opinion in the past about Web Payments components collecting user data and creating separate APIs for each one of these bits of information as the wrong approach -- and one that will cause the platform to incur further technical debt. There's always one more bit of information that websites would like to ask the user for -- including for reasons other than Web Payments -- so there should be a generalized solution for this.

If this group wants to pursue reusing a generalized solution for obtaining user data, then such a solution should be worked out in conjunction with other interested groups (such as the Credentials Community Group and Verifiable Claims Working Group) so we avoid stumbling over each other or creating subtly different APIs that introduce confusion.

[tommythorsen]

In my opinion, a generalized solution for obtaining user data is not ideal in this case. Remember that at the time of invoking a payment app, the user has already gone through steps for selecting phone number, email address and shipping address as part of the payment request flow (assuming the payment request asked for this information).

A generalized API would presumably not be able to hook into the payment request context and pick out these exact pieces of user data. I would like to avoid that the user is prompted multiple times for phone number, email and address, as this would be annoying for the user, and open up the possibility that the payment app get sent different bits of information than get sent to the merchant.

As for when to ask for permission - at installation time or at the time of actually sharing the data - I don't have a strong opinion. Many modern systems (such as for instance the Android platform) seem to move towards asking permission at the time of use, and this generally seems like a better approach, as it better empowers the user to care about their own security and privacy. However, there could be reasons why our case is different (cart abandonment), and that we should ask at installation time instead. I would say that from a technical perspective, either solution is equally simple to specify and implement.

[Krystosterone]

On a related note, I had opened an issue here: #218 that seems to have a lot of overlap with the discussions above. I've closed it for now, but am referencing it here if we ever want to re-discuss these kind of implications.

Issue: #218
Summary: Provide a way for payment instruments to respond with information that would normally be provided by the user

[rsolomakhin]

I have a radical idea: the payment app should send its own user data to the user agent to help bootstrap it, if possible. For example, if the payment app has information about a shipping address that the user agent does not have, providing this address to the user agent will let the user see it and interact with it among the other shipping addresses in the user agent.

[Krystosterone]

🤔 Interesting! Where (in the life-cycle of the payment app) would you see this information being forwarded to the user agent?

[rsolomakhin]

@Krystosterone, most straightforward in my view is when PaymentRequest is constructed. At that point, we can fire a "RequestPaymentAddressEvent" in the payment handler, which can either ignore it or respond with a list of addresses it knows. This would be after "CanMakePaymentEvent" is fired for URL-based payment method names, e.g., "https://android.com/pay".