Every year at work, we take a few days to try and do something different from our everyday work, and se if we can live up to the name of the even: “Innovation Camp”.

This year I decided to try and take a look at the concept of an open standard for user-centric click-once payments. The idea is that a customer can create his shopping basket as per usual, but when he is done, then he can transfer all his billing, shipping and payment information to the merchant/gateway with one click.

Nothing new

The concept is not new. PayPal has had this for a while with their Express Checkout, and Stripe also has a similar thing, just for credit cards. Amazon has it’s own implementation, and even has a patent on it (go figure).

What all of these examples have in common though, is that they are locked in to either a specific payment provider, or a specific merchant.

The missing link seems to be an open standard, that would let all merchants implement the same feature, meaning that once a user has set up his information once, then any site would be able to offer the user a quick checkout experience.

Autofill functionality from browsers will get you some of the way, but it still depends on the websites forms to have a certain layout etc.

Enter the W3C

As you would expect, I’m not the first person to think that this could be standardized. The W3C has created a Web Payments Working Group that is looking into wether the W3C can help creating a standard that will eliminate all this neverending address and payment typing, reducing the friction with online purchases, and increase checkout completion rates. This includes both the Interledgers that seemingly will make payment gateways obsolete, and Verifiable Claims that could be the service independant single sign on the world needs 🙂

But all that seems way off in the future.

Working with what we have

Given that all official standards are probably way off in the future I tried to look at what we could do with the tech we have today. What I came up with is a solution where the customer will store his information in a wallet (browser/extension/app) that will be able to pick up a url from at url scheme association in the browser, or a QR/NFC tag.

It will the contact the merchants website, and exchange information in a standardized and encrypted fashion.

 

The responsibilities of the payment gateway is to provide proof of identity of the gateway and the merchant. The gateways identity will be provided by f.ex. a VeriSign certificate, in the same way that an EV https certificate can be used today. The merchants information is guaranteed by the gateway, since they know who tey are transfering the money to in the end.

Given that the customer trusts the chain, they can then send a message containing address information for the merchant, and payment information for the gateway. The payment information will be encrypted so only the gateway can read it. The merchant only functions as a transport for this information.

By using the flow described, I beleive that the user could get an improved checkout experience, because they will not need to type all their information. They will also get an improved sense of security because they have a chain of verification of the merchant, which is probably more than you would have today on a regular webshop. You would have to trust whatever is on the website. In this case the gateway guarantees the merchants credentials, and the gateways credentials is guaranteed by a Certificate Authority.

There is also no vendor lock in. The wallet, merchant and gateway can be created by whoever implement the standard. The only common thing is the Certificate Authority that needs to verify the payment gateway. I think this is a very strong feature over being locked into f.ex. PayPal to make your purchases.

Let me know what you think.