Open msporny opened 11 years ago
kumar303
commented
11 years ago The chrome dialog (referred to as Trusted UI) is mostly just a dumb pipe to a server. In theory, it could support one click payments. The user would click a Buy button, the UI would open a Trusted UI and the server could recognize the user via cookies when the web page loads and automatically complete the payment.
msporny
commented
11 years ago Yeah, so this is something we've been going back and forth on for a couple of years here. Do we want to always show a receipt of the purchase? Or are there going to be purchases where the receipt just gets in the way of the customer experience. Or do we want to provide an option for the customer such that they always see receipts, only see receipts over a particular value, etc. Seems like there might need to be a decent bit of configurability here.
The spec currently states:
While this is a flexible approach for payments in the browser, it does not allow the browser to achieve true one-click payments. Typically at least two clicks will be required and the buyflow will pop up an external page.
There is also concern that this mechanism may be susceptible to phishing attacks since the username/password of the payment processor will be requested from time to time.
A purely chrome-based buyflow would eliminate the phishing risk for purchases.