We need something like Apple Pay for buying things over the phone.
- From the call, the purchaser sends a payment beacon to start the transaction, which sends along your main identifier (probably your email address) and a signature that proves it came from your device.
- The merchant then sends a payment request to your address/endpoint, using the code you sent that only you could have built (to avoid people randomly sending you these things).
- You receive this instantly on your device as a prompt to pay the amount of the purchase, and you authenticate with your thumbprint.
Let me think out loud here:
- The transaction starts from the purchaser
- They send a wrapped ticket (like Kerberos) that only they can open when they get it back
- The merchant sends a payment request linked with the authentication token that proves it’s part of a trusted conversation
- The purchaser authenticates using a thumbprint or other 2-factor option
Let’s see if we satisfy all of the main authentication points:
- You have to have the card (that’s the thumbprint proving you own the auth point)
- Signature would be the thumbprint as well
- Matching the address to the card number would be built into the on-board authentication system, too
Oh, and the purchaser’s interface should also be able to send current location, select from guessed nearby addresses, or use the address associated with the endpoint/phone number.
This prevents the verbal dance of giving someone the delivery address.
The content being sent to the merchant could also be encrypted using that merchant’s public key, so that only they could decrypt it. This way you would only be leaking your location/address to the merchant and not anyone in-between.
The idea would also be to send a one-time-token for the payment itself, similar to Apple Pay. If the system was sending an actual credit card number still then it would be a modest upgrade if anything.
Anyway, tired, just wanted to put something down on that. Ordered a pizza yesterday and it sucked a lot.