One of the really strange things about the internet, is that the one thing every business needs, payment, is also the one thing that we haven't solved yet. True, there have been many of workarounds, but they are just that - workarounds.
What I want is to be able to pay for a product *without* having to create an account, and without going through complicated steps involving a lot of numbers. I want payment online to be as easy and private as paying with a credit card in real life. No, I want it to be even simpler than that, because the internet is better, right?
Let me illustrate the problem. To pay for a product in the physical world, you swipe your credit card and type in four digits on a terminal...and you are done! That's easy, convenient, really efficient, and very practical.
Online, however, you have to fill in a complicated form like the one below, involving having to type (in my case) a total of 207 characters. That's not easy. Worse yet, you have to go through all these steps for every single brand you want to buy from. And you have to give them your credit card information - opening yourself up to risk of fraud and other security problems.
Why is it that we accept this? Why is it that, after twenty years, this is still the way to pay for things online? No wonder it is hard to make money online. Imagine if you had to do this in every physical shop.
It is sale 101. Never put complicated steps between the customer and the sale.
What we need is quite simple. We need a system...:
The solution is quite simple. The technology already exists, and it is easy to implement. We need to think of payments the same way as Facebook think of the Like button.
The way the Facebook like button works is very, very simple. They just use an iframe. An iframe is essentially a mini website embedded into another website - causing you to have two different websites on the same page.
Here is the like button from Facebook. And as you can see, it is loaded from www.Facebook.com using a secure connection. It's *on* Facebook.
You can then embed this page on any other site using an iframe. Here I am placing the above web page on 42Concepts. Now we have one site, with content coming from two different pages.
When I place a like button on my site, Facebook does not send any information about you, nor can I like anything on your behalf. The same when you click on the like button. No information is being sent to my servers. The entire window is *on* Facebook. When you click that button, you are not doing it on my site, you are actually doing it in the mini-site above. Facebook knows who you are because you are *on* Facebook.
You have 100% privacy and security but at the same time you can like anything from anywhere. It's so simple that it is brilliant (and Facebook is far from the only one doing this).
This is what we need to create a secure and private payment system that works across any site.
The banks and credit card companies need to get together and create a payment site that works just like a like button. We don't want to give our credit card information to other people. We don't want them to know who we are. We just want to be able to pay for a product - using one click, and that's it.
Imagine that VISA and MasterCard created a page like this.
It's a payment checkout page *on* MasterCard's server. It is using a secure connection. The seller, in this case CBS, is verified by MasterCard. And because MasterCard already have all your payment information, it also knows how you prefer to pay for things online (but you can change it if you want to).
And you would trust it.
More to the point, upon purchase, again handled by MasterCard, the only thing MasterCard sends to CBS is the payment itself. CBS does not get access to your name, email, or your address. And CBS does not get access to your credit card information. The only thing they get is the money.
This is exactly the same as when you buy something in a physical shop. Unless you specifically tell them who you are, the shop have no idea who just paid them - but they still get the money.
But here is the smart part of it. This mini-shop, managed by MasterCard, can then be embedded on any page, just like a YouTube video or a Facebook like button. For instance, CBS could use it on their own website. They could put it in a blog post, on Tumblr, in a Facebook tab, and even add it to a Google Hangout. It's just a shop in an iframe.
More to the point, this would obviously not be limited ti just one product. It can be used for any product, for any brand. And be used, embedded and/or shared on any platform and any device.
And because it is handled by MasterCard, you don't have to sign up for each site. In fact, you never have to sign-up again. You don't have to fill in tons of forms. You don't have to do anything.
With just one click, you have purchased this product securely and privately. And you will be able to watch and download the product immediately.
Imagine if buying a product online was as easy as this. Any site, any brand, any product, on any channel, using any device ...and the only thing you need to do is to click ...once!
What about physical products? ...or magazine subscriptions?
It is the same thing. Here is an example with Nike. Same box and the same system, handled by MasterCard. Now in this case, because it is a physical product, Nike is requesting access to your name and address, which you are clearly notified about in the payment screen.
Again, because this is actually just an iframe handled by MasterCard, you don't have to sign-up for a Nike account, and Nike doesn't get access to your credit card information, or anything else than the specific information listed in the payment screen.
It's completely secure, and 100% private. Even if a hacker hacks into Nike's servers, they can't do anything. Nike's servers will only know your name and address. There is no username or password, no email address, nothing!
Here is another example with New York Magazine, asking people to subscribe.
Same box, same principle. All you need to do is click. There are no complicated steps. The New York Magazine only gets access to your email address (for sign-in) and the money. They do not get access to your credit card, your physical address, or even your name.
And renewals are handled securely by MasterCard automatically.
It is secure and private commerce that can be used by everyone (like AdSense), and embedded anywhere (like the Facebook Like button or a YouTube video). And you don't need to sign-up for anything. All you need to do is to ask your bank to give you a MasterCard (or VISA), and you can easily use it anywhere - online and offline.
This concept also opens up many other advances. For one, it will enable micro-payments. The reason why micro-payments doesn't work today is that there is a fixed fee associated with each transaction.
For instance, on PayPal the fee is 2.9% + $0.30 per transaction. Meaning that if I want to sell something for 5 cents, I would loose 26 cents each time. But since this payment platform is handled by the credit card companies themselves, they can easily charge only a percentage, and still make just as much money.
Publishers would suddenly be able to charge for each article. We would have a payment system that could handle anything from 1 cent to a million dollars (or more).
Another thing this could be used for is authenticated logins. A huge problem that we have today is that it is easy to sign-up with a bogus account. We see this on all social platforms. But MasterCard wouldn't have that problem because only they can create an account when they issue you with a credit card.
This means that sites like Twitter could ask people to sign-in with MasterCard, and thus only accept people who have been validated by a them. It is not 100% perfect, but it would certainly make it a lot harder to be a spammer. You would have to persuade a MasterCard to create a huge number of bogus accounts for you. And since banks are legally responsible, well ...that's not likely to happen. Even if a someone in some 3rd world country does so, MasterCard can just block them altogether.
This whole system is not only secure and maintains your privacy. It is also much, much harder to cheat.
Thirdly, think affiliate bonanza. Because this is a shop in an iframe, you can offer anyone a cut of the profit, and it would be handled centrally by MasterCard. Meaning that affiliate sale can be truly mixed with social sharing, across sites and brands - without having to sign-up for each merchant.
If you are technically inclined, you are probably thinking about a million reasons why this won't work. So let me explain why this does work, even technically. This entire concept is based on three important elements:
I will get to the API, but let's discuss the last two. The main reason why ecommerce is problematic, from a security standpoint, is because data is being sent over questionable connections.
The way to solve that is not to make things more secure, but remove anything that 'bad guys' are not allowed to see. This concept does just that. The information sent to the client only contains the product being sold, and the name of the buyer. If you look at any of the screens above, not a single thing is a security risk.
It wouldn't matter even if a person has a virus on their computer. The transaction can only take place between you and a verified merchant (by MasterCard). So if someone decides to exploit the system, MasterCard can just block the transaction (and the merchant altogether). You, as a buyer, will never be at risk.
Note: The easiest way to handle this is for MasterCard to delay the transfer of funds by two weeks.
Secondly, since the merchants don't get access to the credit card information, nor any private information about the buyer, questionable security practices (like those we hear about every week) won't matter. It doesn't matter if CBS gets hacked, because they don't have any information that can be exploited.
What's left is to make sure the payment cannot be diverted ...and this is where the API comes into play. The trick is to turn it into a platform that can handle anything. You don't want complicated setups, or expensive service providers. This should be something anyone can do. Also, the API must be server-to-server based. You never want to send any information through the client.
We have three elements. The platform (e.g. MasterCard), the Merchant (e.g. CBS) and the Buyer (e.g. you).
The first part looks like this:
The buyer visits a merchant page (or anywhere else the iframe is embedded). The iframe is requested causing the Platform to call the Merchant server for product information.
So we have dual requests here. First the site request the iframe page, but before it is sent back, another server-side request is done to get the actual information and validate the source. This prevents fraud. Even if the iframe was loaded from a 3rd party site (like Tumblr), the product information would still come from the merchant server.
The next step is the payment and delivery of the product. And once again, it does not involve any exchange of information to the client. For instance, if it was loaded from Tumblr, the blog would have no clue as to any of these steps.
Notice that it is not the merchant that delivers the file, it is delivered by the Platform. Upon payment, the Platform tells the Merchant server that a Buyer has paid (only providing the anonymous payment ID), and request the file to be delivered.
If the Merchant doesn't deliver the file, the transaction is cancelled before the customer has paid anything. Again, preventing fraud. It is also the Platform that sends out the receipt and email with the download link.
This is for digital products. For physical products, the Platform just sends the contact info (name+address) to the Merchant.
All of this is just a concept. But we need to simplify payments online, and I think this is the best way to do it. It's private and secure, while at the same time it's open to everyone. It can be used on any site, using any device, and on any channel.
You might be thinking, "this is great we should create a startup and make it happen". But the catch is that it only works at scale. It's the chicken and the egg problem.
In order for this to work, you first have to get access to everyone's payment information. For a startup to do this, you literally first have to ask them to sign-up for your system, before they can buy anything anywhere else. That is an almost impossible task.
That's why this must be done by credit card companies. They already have the scale and the data. We use it every day in millions of credit card terminals.
It could also, potentially, be done by the big digital platforms, like PayPal, Amazon, Apple, and Google. They also have the scale and many people's credit card information. If I was working for Google, I would work really hard to make this happen. It's like Adsense for ecommerce. A shared payment platform that anyone can implement with a minimal amount of coding.
The company who makes this happen will rule the future of ecommerce - on any device and anywhere.
And for you, the buyer. You would have a secure and private way to pay for products online that is as easy as watching a YouTube video or clicking a Like button.
Founder, media analyst, author, and publisher. Follow on Twitter
"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé