Hacker News new | ask | show | jobs
by kyrra 3164 days ago
This is an implementation of the W3 Payment Request spec I believe: https://www.w3.org/TR/payment-request/

They talked about it at Google I/O earlier this year: https://www.youtube.com/watch?v=hU89pPBmhds

(I believe this is how it works, I could totally be wrong here, I haven't read on it too much).

This is a way of using forms of payments people have stored with Google (cards added for Play store, android pay, or other services) to pay for things with from merchants. The payments don't route through Google, rather it pulls the card details from Google and send them to whatever merchant you are buying from.

EDIT: This is useful: https://developers.google.com/payments/mobile-web-tutorial

It looks like websites can request data back as a Gateway_Token (to then run through Adyen, Stripe, Braintree, or Vantiv). Or you can setup a public/private pair[0] and Google will send the card details back of as an encrypted bundle that you can decrypt in a PCI compliant environment.

(disclaimer: I work on payments at Google, opinions are my own. I didn't work on this feature and don't really know anything about it).

[0] https://developers.google.com/payments/payment-data-cryptogr...
1 comments
Larrikin 3163 days ago
Does Google see the merchant you're paying?
link
kyrra 3163 days ago
See[0]. The "Pay With Google" initiative is adding a 'supportedMethods' of 'https://google.com/pay'. What is then in the data section of that supportMethods call to Google is up to Google, which is specified here[1]. It looks like Google required "merchantId", which the merchant registers with Google to get access to the cards Google has stored for that customer.

So yes, if a merchant wants to use a customer's card on-file with Google to pay at a merchant with "Pay with Google", Google will be able to connect the 2 dots together, but I'd read the ToS to see what is allowed[2].

The value-add here for merchants is to get customers to complete a purchase without having to go through the pain of typing in their card details. And for consumers, if they don't fully trust the website and the website is using Gateway Tokenization, then the merchant never sees the credit card data.

[0] https://www.w3.org/TR/payment-request/#the-methoddata-argume...

[1] https://developers.google.com/payments/mobile-web-tutorial#a...

[2] https://payments.developers.google.com/terms/sellertos

link