Online Payment Flows

In the ever changing landscape of online payments and growing prevalence of shopping via mobile, payment players have implemented various payment flows in order to improve convenience, reduce drop offs and increase security.

The three main type of payment flows are via WebView (similar to a browser window), via Software Development Kit (SDK) and via App.

Payments via WebView

The first method of making payments online is via a WebView. This is the most common method as it is supported by both desktop and mobile. Common methods of authentication the user includes email and password, mobile number and one time password (OTP)and via scanning of QR code. This is also the default method used by most credit card partners.

Email and Password

An example of email authentication via WebView is PayPal. The user will first be redirected to a PayPal hosted page after checking out and is promoted to enter their email and password to login.

Pros:

• Requires minimal technical effort to integrate.
• Users are familiar with email and password login.

Cons:

• Email and password login can be easily hacked if there is no additional Two Factor Authentication (2FA) in place.
• Email addresses are usually not linked to an identity and is more susceptible to fraud.

Mobile number and OTP

An example of mobile number authentication via WebView is GrabPay. After checking out, the user will be redirected to a Grab hosted page to enter their mobile number and OTP to login.

Pros:

• Requires minimal technical effort to integrate.
• Mobile number is usually tagged to a person’s identity in most countries and is less susceptible to fraud.
• SMS OTP is an additional layer of authentication.

Cons:

• Payments can only be made when the user has the mobile phone with him/her.
• SMS OTP is not fool proof and can be obtained through social engineering techniques. Additional 2FA can be used to lower the risk.

QR code

An example of QR code via WebView is payments made via WeChat Pay on desktop. The user is redirected to a WeChat Pay hosted page with the QR code. The user can then open their WeChat app to scan the QR code and complete payment via the app.

Pros:

• Users who are logged in to the mobile app of the payment partner do not need to re-authenticate after scanning.
• Less likely to be susceptible to account takeovers as the user needs to be logged in to the app.

Cons:

• Payments can only be made when the user has the mobile phone with him/her.
• Users who do not have the app installed will need to install it from the App Store or Google Play Store and this could lead to drop offs.

Payments via SDK

The next type of payment requires the website or app to be integrated with the payment partner’s SDK. This allows payments to be made without the user needing to leave the shopping site to the payment partner’s page.

Examples include Alipay, Apple Pay and QuadPay via a Google Chrome extension.

Pros:

• Little to no technical integration required.
• User interface can be customized to suit the look and feel of the site or app.
• Higher security standards.

Cons:

• Time to required to load the payment method might be longer.

Payments via App

The last payment flow is mobile only. When users make a payment, they are redirected to the payment partner’s mobile app to complete payment via the app. In some cases, users will need to manually open the payment app.

Examples include Alipay and DBS Paylah! for web checkout.

Pros:

• Users who are logged in to the mobile app of the payment partner do not need to re-authenticate.
• Less likely to be susceptible to account takeovers as the user needs to be logged in to the app.

Cons:

• Requires more technical development for apps to support deep linking.
• Only works on mobile and requires a separate flow for desktop users.
• Users who do not have the app installed will need to install it from the App Store or Google Play Store and this could lead to drop offs.

Closing Thoughts

Ultimately, the different types of payment flows offer their own pros and cons to both customers and merchants. Some payment partners offer various flows to cater to the different use cases and circumstances of their merchants.

An increase in mobile traffic and payment transactions in regions such as Southeast Asia may prompt payment partners and shopping sites to forgo the desktop related payment options like QR codes entirely.

In addition, with poor connectivity and slower internet speeds in some regions, payment methods need to be light and nimble and with as little reliance on external networks such as telcos for the SMS OTPs to be delivered.