Closed cyberphone closed 2 years ago
SPC authentication happens after instrument selection, so this does not seem to be in scope for this specification. Closing this issue.
My hope is that SPC will be available within payment handlers to address some of these flows.
Unless representatives for Stripe or Adyen have something more concrete to enlighten us with, SPC (in its current incarnation), does not appear to enable competitive A2A solutions. Relying on the currently discontinued payment handler, would push the time-line further away and also comes with yet another set of non-trivial deployment issues. @stephenmcgruer @btidor-stripe
This issue is related to the "another protocol" mentioned in https://www.w3.org/TR/2021/WD-secure-payment-confirmation-20210831/#sctn-sample-authentication.
Since A2A transactions 1) are not supported by physical cards with printed account data 2) do not have standardized account data for figuring out account holding bank, the payer would in an e-commerce scenario first have to manually select bank. However, this method does not scale in a world with hundreds of thousands of issuer banks.
Unfortunately the problems do not end here: there is no clear way getting hold of account data (and associated
credentualId
) without first authenticating to the bank. Redirect/IFRAME + cookies seems like the only reasonable workaround.It is worth noting that most other A2A solutions including W3C Pay, do not suffer from these shortcomings. Existing A2A solutions typically address bank and account discovery through trusted third party services and support for specific payment networks. W3C Pay builds on decentralization through data stored in the payment credentials (like in EMV cards).