I’ve been playing around a bit with the Android/Chrome implementation and trying to imagine how the Dutch payment method iDeal could fit into Payment Handler. For those unfamiliar with it: it’s the most popular way of paying online in the Netherlands (57% market share) with over half of transactions being done on mobile (source: Currence, the company that owns iDeal).

The simplified way it currently works for ecommerce:

• The buyer checks out and selects their bank before clicking a ‘pay’ button.
• A transaction is requested (with the selected bank, a uniquely generated session identifier entranceCode, purchaseID and the merchantReturnURL) by the merchant on the iDeal network (gateway/acquiring bank). The response contains a issuerAuthenticationURL, purchaseID and transactionID.
• The merchant redirect the buyer to this issuer URL.
  • On mobile, the bank’s apps have an URL handler registered for the bank domains to continue the authorization process within the app.
  • If the app is not installed or the buyer is on desktop, the regular internet banking environment is used.
• The buyer logs in and authorizes, or cancels, the transaction and is redirected to the merchantReturnURL which can be a website or native mobile app link. The ec (entranceCode) and trxid (transactionID) fields are appended in the query string that allows the merchant to retrieve the initiated iDeal session for a purchase and the transaction status.

As it currently stands, it seems that Payment Handler could work with Dutch banking apps on Chrome/Android with no major changes to UX and use the same fields in the PaymentHandlerResponse details.

For service workers things are less clear for me:

• Service workers add no value, since all Dutch banks implement a form of two factor auth (SMS, card + reader device) and iDeal transactions require authentication for each transaction.
• I understand the reasoning for installation to filter out payment methods the buyer has, but IMO it is a step back from a buyer’s UX perspective compared to what there is today.
• If we must use a service worker, who would own/host it? With the way it works now it should probably be Currence and not one of the 61 payment gateways and 10 banks that participate in iDeal. But this would either confuse buyers with various deny any of these companies to innovate/experiment on their own
• Also how is a buyer expected to distinguish between a legit innovative gateway/bank that a merchant is using versus a malicious actor?

Hope this makes sense!