[Payment Request] Change phrasing on CVC code entry |
|||||
Issue descriptionPayment platforms are trying to allow merchants to defer sensitive part of their payment interactions to those platforms. This is a typical design that those platforms serve Payment Request API through an iframe and make it look as if it's a part of the merchant's website, but actual sensitive information handling is done by the platform. This strategy works quite well because merchants can take advantage of Payment Request API's benefits yet can easily implement the feature through those platform's SDK. But if you look closer to what Payment Request UI saids when paying with `basic-card` and entering CVC code, it saids: "Once you confirm, your card details will be shared with this site.". (see attached image) For users it sounds as if their credit card details will be passed to the merchant, but in fact it's passed to the platform. Some merchants concern about this and want to clarify that they are not actually handling those info. Can we rephrase the note? Perhaps something like "Once you confirm, your card details will be shared with https://payment-service.provider"?
,
May 25 2018
,
May 25 2018
Applies to Autofill too, since iframes are common there. Adding Dennis to think about this.
,
May 25 2018
I think this is by design. The reality is that users dont have trust models with payment processors. They have them with the site they're buying from. I think people would be alarmed that their CVC and card number were being passed to someone they had never heard of instead of the site they thought they were buying from.
,
May 29 2018
,
May 29 2018
,
May 31 2018
Why do we have to note that this information (unlike others without CVC) is submitted to the website? Legal reasons? If so, shouldn't clarifying who actually receives the information help? My alternative suggestion is "Enter confirmation digits to continue". |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by agektmr@chromium.org
, May 25 20181.1 MB
1.1 MB View Download