Should API support billing address capture (for tax computation)? #27
Comments
|
The method by which many payment systems work (especially in card) is to verify against billing address so billing address is required for some payment types and providers. In addition, some items will require the KYC address (government functions like BMV transactions). Delivery address is not always interesting to the payments process itself, but could be used if there is an AML issue with respect to shipping location of product that requires filtering by the payments provider. Lastly, a growing number of consumers provide KYC address -- because it is legally mandated -- and billing address for convenience -- yet have a fluctuating shipping address which generally in not germane to the payments process -- however, could be for filtering requirements as mentioned above. There are excellent examples of payment systems which cease working because of confusion of KYC / billing address having a mismatch against shipping address at the merchant. Personally over the last 6 months I have been working with Bank of America on this exact issue. The bank made an IT change which confused KYC and billing address. Once that happened, Delta Airlines refused to accept payment for a ticket because of the mismatch issue. My "delivery" address at the merchant (Delta) was equal to the billing address. So when I changed to the KYC address for approval of the payment, Delta refused again because they had a merchant mismatch of their delivery address of record with the physical (KYC) address I attempted to use. For this reason -- until finally adjusted by BofA (after first flat refusing the issue) -- I could not use my card at Delta because I could not figure out what address they believed they were verifying against. It took months for me to get them to believe it an issue and they claimed that KYC = billing address (which is of course false). I explain in more detail because the issue is with respect to lack of consistent definition. There is another further example of a bank confusing "mailing" address and "billing" address. In short, the bank verified against "billing" address but their database did not equate mailing=billing so the bank rejected the verification because no "billing" address was on file and there was a mismatch against KYC. I believe that there is reason that all three -- with consistent definition -- may need to be part of the protocol because of the fluidity for people with various reasons to maintain a shipment location for goods and "letter" or USPS location for "billing". And both of these are not the KYC address because the merchant never has a reason to collect the actual KYC address. Help? |
|
Before others say it -- there is a case that "shipping" address never enters the payments process and is only in the eCommerce flow. I can see this, however, I do see the continued confusion related to "billing", "mailing", "physical", "home", and other labels lacking consistency ... just an idea for consideration ... |
|
VAT rules in Europe get tricky, but :
I think the fraud reasons @djackso3 highlights sound more critical than VAT since VAT rate cannot impact the sale. It's true some merchants could save money by processing this information themselves, assuming their PSP chooses to make it available. A Payment App, PSP, etc. should never be forced to make this information available however. And they should not provide it unless the merchant actually requests it. |
|
VAT rules are quite different than the rules in the US. These vary by state, and within states by governmental district (county, city, etc.) Speaking as a merchant, I need to know a number of things about the purchaser to decide what sales tax to apply to the sale. But in general the rule is to use the shipping / use address to decide what sales tax to use, and then the billing address if a shipping / use address is not available. And yes, this does effect ultimate amount that is paid by the purchaser. Sales tax is passed on to the customer in the US in most cases. |
|
We must distinguish between data that is required for processing the payment and data that is being requested to streamline the checkout flow. @djackso3 said:
Which implies that this data is required for payment processing and should be gathered by the payment app. However, data that is required to calculate a final amount (i.e. it impacts the tax rate) should be supported as something that can be requested from the user agent so that the website has an opportunity to recalculate the final amount prior to the request being passed to the payment app. |
adrianhopebailie
modified the milestones:
Priority: High,
Discuss on Call - 28 April,
Discuss on Call - 5 May
|
The more things we keep trying to add the more I tend to think that a better design would be to provide new elements/components that merchants can put in their website to simply customize their checkout page. For example: <shipping-address on-change="callme(event)"></shipping-address>
<billing-address on-change="callme(event)"></billing-address>This component could be provided by the browser (or a polyfill), it could refuse to give access to the site (to JavaScript) any of choices shown to the user until one is selected, fire an "on address change" event when the user changes their address -- and let the merchant site customize their checkout experience around it. This would be a low-level component-based approach to providing a better checkout experience whilst also leveraging the browser's ability to provide this kind of information. The idea that we're going to be able to specify every checkout flow (or "at least" the common ones) and do so in a sensible way I think is perhaps not as achievable as we'd like to think. When the checkout flow doesn't work for the merchant, they have to abandon the whole API and start from scratch. Wouldn't it be better to build out some components (that could also be polyfilled) that a merchant can use to assemble their own checkout experience? With this approach they can configure it however they like -- update address/shipping options as they please and so forth, and still leverage the information that the user agent can provide to them. Then, once the final price has been calculated, they can call the payment request API with all of the requisite information they've collected to cause the user to select a payment app to complete the payment. |
|
-1 to including generic UI bits in the API. I think that will make it harder to gain adoption on the browser side. Ian |
|
I'm not a fan of the "all or nothing" design approach. What if we got to REC and didn't specify how to collect some piece of information that is required but the available choices are dependent upon some other piece of information we do collect via the API? Now that part of the API can't be sensibly used and has to be reimplemented on the merchant site. Starting with a low-level design and providing higher-level options would avoid these scenarios and potentially increase adoption on the merchant side. It would also help browsers understand how merchants are putting the components together to build good checkout experiences -- which would be valuable data for them to use to improve their own higher-level options. But I do agree that if browsers are disinterested in providing low-level components/APIs to merchants to allow them to construct better customized checkout experiences for more complex cases, this is a non-starter. |
|
Yes, let's chat more this week. Maybe no event is required. Could the merchant use retry() if the billing address affects the total? Ian |
|
Hi all, Here is some additional thinking about billing address and third party payment handlers.
One way to do this is through some sort of payment handler retry() mechanism, where the payment handler tells the browser (upon action by the user):
In other words: let's have all the data updates happen in the sheet so that the merchant can learn about them through events. This would allow the payment handler to proceed to payment if it wants, or ask for a correction by the user (in the sheet) before proceeding to payment. I realize this will be a non-pipeline user experience, and thus could potentially be confusing. I welcome suggestions for handling this in other ways, but I note that retry() from the merchant side is not likely to work in general because payment may have already happened (with a potentially incorrect total) by the time the merchant gets to do a retry(). There may also be some ways to simplify the user experience of getting the definitive billing address from the user:
My "hope" is that the billing address is correct most of the time, and thus the "payment handler retry()" UX is not necessary often. By the way, it has been pointed out to me that billing address information for tax purposes may also become a more important consideration in the US [1]. Ian |
|
I'd like to exhaust @michelle's current proposal, which is #749. Honestly, the above sounds extremely complicated, and would like the various UX teams to explore how it might work best (the requirement is clear: "merchant needs the billing address to calculate, user want to protect their privacy until they hit pay" - let's leave it at that and lets explore how far we get). |
|
Hi @marcoscaceres, I think one answer to "how far we can get" is "browser-stored cards." It is not clear to me from #749 how third party payment handlers would work. Ian |
|
Ok, but that’s a UX problem no? Or do we expect payment handlers to provide the billing address? Put differently, we know that we want:
If the UA exclusively holds the billing address(es), then the above holds. If the payment handler holds the billing address, then we need to have a more detailed discussion... but it feels like that discussion is outside the scope of v1, personally. |
|
@marcoscaceres wrote: Yes. My current understanding is that a payment instrument will have a billing address associated with it. For those payment instruments controlled by payment handler, they will therefore "own" the billing address. @marcoscaceres wrote: Yes, that is why I included the detail above. I agree it's not simple at first glance. @marcoscaceres wrote: Perhaps. That should be an explicit decision of the group. Ian |
Ok, so, if billing addresses are bound to payment instruments, then Then a redacted address can be sent back with the event's We can then work out what each dictionary looks like, but essentially, they can each have a For each payment method, we can define a base dictionary that everyone could use: dictionary PaymentMethod {
PaymentAddress? billingAddress;
}
// for paymentmethodchange, for example:
dictionary BasicCardChangeDetails : PaymentMethod {
// inherits billingAddress;
}
dictionary BasicCardResponse : PaymentMethod {
// inherits billingAddress;
// card number, etc.
} |
|
Hi @marcoscaceres, I may not have understood your proposal fully. However, if the proposal anticipates that the merchant only receives a billing address after the payment handler has been launched, then I think the proposal will be inadequate for use cases where:
Ian |
|
I’m going to defer this for a while until I can educate myself on those kinds of payments. If there are some good resources on how push payments work, happy to have a read. If we want to solve for basic-card and other card based payments, happy to continue on this. |
|
@rsolomakhin and I discussed this further today and I anticipate he will write up something sensible when time permits. At a high level, we discussed this type of flow which is a better experience than the one I had in mind.
@marcoscaceres, regarding push v pull payments, here's a piece by Adrian Hope-Bailie: A Push Payments Manifesto Examples: wire payments, ACH payments, SEPA credit transfers, Boleto Bancário, bitcoin, various real-time payments systems, etc. I invite others who know more about payments to list some useful resources. Ian |
|
@marcoscaceres the key difference with push is that by the time the website gets the PaymentResponse the payment is complete. You could even think of a payment method like PayPal as "push" in some contexts, in that: Compared with BasicCard, for example, the merchant has nothing more to do but mark the sale asd complete. The payment is already done. |
I don't understand how this is different from what I had proposed in the pull request? Could you please comment on the pull request? It seems like a waste of time for @rsolomakhin to have to redo what I already worked on? I don't see anything in your points that my pull request didn't already do. The only difference from the points above is that there event was sent to the PaymentRequest ( Wrote @adrianhopebailie:
Sure. I get that part.
I'm still not following :( |
|
@adrianhopebailie just to be clear, when I say "I'm still not following :(", I mean I'm unsure what I should change in the pull request that I made to meet the use case. I need direct feedback on the pull request itself. |
|
@marcoscaceres I don't think you need to change the PRs but perhaps there is a need to add something that shows how a PaymentHandler may cause the Q: Are you suggesting the spec text that describes how a Payment Handler might invoke the Push Payments and The underlying issue related to push payments is not with Billing Address but with I don't think |
|
@marcoscaceres @ianbjacobs @rsolomakhin I am throwing this idea in the ring: #759 because I think it would make solving this case a LOT easier. |
|
@adrianhopebailie and @marcoscaceres, To help discussion around this issue I have started to catalog proposals (that I've heard) for handling push payments: Ian |
|
@marcoscaceres's pull request #749 for payer address looks good to me. My discussion with @ianbjacobs concerned primarily figuring out how to make it work with payment handlers, which we have figured out, I believe, in a way compatible with #749. Payment Handler discussion can get a bit complicated, so it's better to keep it on the Payment Handler page, IMHO. But let me break that rule myself already: @adrianhopebailie, for what it's worth, I believe a |
|
So, I'm still worried about the whole billing address being tied to an instrument thing. For instance, I just bought a present for someone, and I obviously don't want to send the recipient the invoice. The website gave me these options:
It seems like this is not that uncommon. What am I missing? |
|
(I guess the billing address is not used for invoicing but only for verification of the card) |
|
Just adding a bit to the discussion - a billing address is really important when trying to perform any type of fraud prevention. When making a payment request, banks will compare the billing address to the real cardholder's address before declining a payment for fraud reasons. Furthermore, many eCommerce platforms have been designed with a Billing Address as a minimum requirement for placing an order. Not providing a method to collect it makes the PaymentRequestAPI unsuitable for use on most major eCommerce platforms running on millions of websites. Also for virtual/digital products, there is no shipping/delivery address, so you'd be inclined to skip the delivery address collection, however how is the merchant supposed to know the address of the customer if that is needed for any reason? This is usually why eCommerce platforms collect a billing address as a minimum, even for virtual products. |
|
Closed by merging #27 |
and others
During the Feb FTF meeting [1], Vincent Kuntz pointed out that in Europe, billing address is required to compute VAT. The use case is that you purchase something in one country (where VAT is applied) but it is being shipped to another.
Thus, for some tax computations, do we need billing address (or some portion of it, like "country")?
[1] https://www.w3.org/2016/02/24-wpwg-minutes
The text was updated successfully, but these errors were encountered: