Payments Developers Live - Wallet APIs Office Hours


Uploaded by GoogleDevelopers on 18.10.2012

Transcript:

MIHAI IONESCU: Hey, guys.
We're back with another session of Segments Live on
Google Developers.
Today we're going to have an Office Hours style session.
We got a lot of questions on Moderator and in the Groups,
so we're going to try to answer as many as we can.
But first, let's start to make a few announcements.
PENG YING: What's going on, Mihai?
MIHAI IONESCU: A lot of stuff is going on.
Last week we told you about Google DevFest.
The West Coast edition is going to happen this weekend.
And I'm going to switch now to the screen.
If you guys signed up, great.
Unfortunately, it looks like we are sold out for the
Saturday and Sunday events.
PENG YING: Oh, it's sold out.
What's going on?
Can you tell them a little bit more about DevFest and what
we're trying to accomplish?
MIHAI IONESCU: It's going to be very cool this weekend.
We have a lot of talks on Wallet.
We have talks on various Chrome APIs, Code Labs, so if
you signed up, you're really going to enjoy it.
And of course, there's going to be a party.
PENG YING: Nice.
I love those parties.
MIHAI IONESCU: That's what I'm looking forward to.
PENG YING: I think people are just coming for the parties.
The Code Labs, eh--
no, I'm just kidding.
It's a great way to learn more about
different technical aspects.

MALE SPEAKER: We noticed that your computer is not sharing
to [INAUDIBLE].
MIHAI IONESCU: OK.
Oh, so we'll fix that.
MALE SPEAKER: So let's make sure you're fully mirroring
before we continue.
MIHAI IONESCU: OK.
PENG YING: [INAUDIBLE] out.
So how does it look?
MALE SPEAKER: Well, what we could do, we could run the
[INAUDIBLE] again and start again.
PENG YING: Well is it mirroring?
MALE SPEAKER: What we're seeing, we see your
background.
We don't see the rest of it.
PENG YING: Oh, it's not mirroring.
It's doing the--
MIHAI IONESCU: It's on--
PENG YING: No, just-- it's--
do you have the mirror up here?
MALE SPEAKER: Just say, for everyone who's listening,
we're going to take a couple of minutes.
MIHAI IONESCU: How about now?
Is it working?
FEMALE SPEAKER: Yes, we're good.
MIHAI IONESCU: OK.
So let's keep going.
Slight technical delay here.
PENG YING: Technical difficulties.
[INAUDIBLE].
MIHAI IONESCU: It happens when you're live.
But now we're good.
So I just talked about the Dev Fest West.
We're sold out, but for those who signed up, we are looking
forward to see you guys.
And the other announcement--
we keep on mentioning every time--
but we love people who are passionate about APIs, and
we're hiring in the Developer Relations Team, in the Wallet
Team as well.
So if you're interested, you want to play with the latest
and greatest, check out the Developer Relations Jobs page
and apply for advocates, program engineers, program
managers, wherever you feel you can make the most impact.
PENG YING: And the URL is developers.google.com/jobs.
We're really looking for a few new folks to help out.
So please apply if you're interested.
MIHAI IONESCU: Cool.
Let's move on to the questions.
Lots of them, very little time.
PENG YING: Yeah, so--
MIHAI IONESCU: Do you want to take the first one?
PENG YING: I will take the first question.
And the first question is--
it's related to right now Google
Wallet deals with goods.
It's "How do I verify that the JSON web token I create is
correct?" And first, let's talk about what a
JSON web token is.
It's a method to ensure that content you send over to the
client's browser hasn't been altered when you
go through a purchase.
So the way that we do it is we append a signature to the end
of a body content.
So a JSON web token consists of three things, a basic
C4-encoded header appended to a content body, appended to a
signature, all concatenated with periods.
So in order to ensure that the JSON web token you create is
correct, what you can do is you can take the content
between the two periods and then Base64 decode it, and
then take a look at that JavaScript Objects.
You can also use our JSON web token decoder.
MIHAI IONESCU: Yeah, I'm going to put it up on the screen
right now so you guys can see it.
It's on the documentation under Resources Tools, a very
useful tool.
PENG YING: With this tool, you can just copy and paste the
entire JSON web token that you've created, and then this
tool will decode the main body using the technique I
described earlier.
It does some additional things, like HTML encoding, or
HTML decoding, so if your slashes or something are
incorrect, it'll automatically correct that for you, which
isn't the best.
But there are caveats to it.
But If you really want to ensure that the content's
correct, what you can do is you can open up the Developer
Tools in Chrome and then go to the Console and use atob,
which will convert your Base64 string to
just a regular string.
MIHAI IONESCU: Cool.
So the next question--
I'm going to take the next one-- looks like it's somewhat
related also for the digital with API.
And the question is, "I get the following error message on
an [INAUDIBLE]
request." And the message is, "We could not complete your
purchase because of technical issues." "How do I figure out
the problem?"
So the first thing you do when you get something like that,
you check the error codes that you receive in the client
failure handler.
So that's a client-side handler, which will be called
when the payment fails, the transaction fails
for whatever reason.
And I'm going to put up on the screen, again, the reference
to those error codes.
So if you watch the screen now, you will see that we have
four error codes in the Error Type field that will give you
an indication of what went wrong.
So the first three are the most important ones that you
should bluelight.
For example, Merchant Error will tell you that the
purchase request contains an error, for example, a badly
formatted JWT that my colleague
talked about earlier.
You can use the decoder, see if one of the field is an
incorrect format, fix that, and move on.
The other two are Purchase Canceled, either the buyer
cancelled the purchase or there is a
payment declined error.
Not much you can do there, but it's a good indication where
the problem is coming from.
And the third one is Post Back Error, which means you failed
to acknowledge the Post Back notification
sent to your server.
You have 10 seconds to do that.
Otherwise, the transaction is automatically cancelled.
So check that you received the Post Back notification.
Look at your logs, and make sure you
respond in 10 seconds.
And finally, the last one is Internal Server Error.
It can happen.
It seems it means something went wrong on Google side.
If you see that, let us know in the forum, and we'll help
you debug that or check if there's something
wrong on our side.
PENG YING: Cool.
So I'll take the next one.
It's a question from a forum about recurring subscriptions.
"When is a subscription first and second payment charged?
I'm confused about the phrase 'you'll be charged at the end
of the billing period starting on.'" Yeah, so I guess we want
to take a little bit of time to clarify the billing cycle
for recurring billing.
The first subscription payment starts on the start date that
you set in the recurring item in the JSON web token.
Well, depending on how you schedule your--
how you create your recurring item and your initial payment
inside the JSON web token, the first payment is taken at the
time the customer purchases, which is that
initial payment segment.
And then the recurring billing starts at the start date that
you set within your recurring item.
So those are the two differentiations.
The second payment will occur one month after the start
date, exactly one month after the start date, and
so on, and so forth.
MIHAI IONESCU: Yeah, so it's a little confusing statement.
And I think we're working on making it better.
Because there are a lot of technical terms there, and
probably it's not the best.
PENG YING: Yeah.
Subscriptions are a confusing thing.
MIHAI IONESCU: All right, I'll take the next question.
It's related to Google Wallet Mobile, so we're switching
gears a little bit here.
And the question is, "Does Google Wallet Mobile require
an internet connection to authorize a payment at an NFC
reader?" And the answer is no, it does not require an
internet connection.
It will work 100% without a data connection.
And this is a big misconception that you'll
always need to be online, either wireless or on your
carrier network, so you can make a payment.
It is not required.
All the phone is doing is transmitting your card
information to the reader.
And then the reader voice processing the entire
transaction.
So all you have to do is enable your phone, tap, and
you're good to go.
PENG YING: Yep, simple.
MIHAI IONESCU: Very simple.
PENG YING: OK, I'll take the next one.
"I'd like the ability for users to purchase physical
goods with Google Wallet inside my app.
The in-app purchase API cannot be used for this purpose, as
it is restricted to digital goods.
What API should I use?"
So right now, for--
I'm guessing they're talking about web applications and not
Android applications.
Or what do you think, Mihai?
MIHAI IONESCU: Oh yeah, let's see.
So it looks like he's mentioning it could be either
an Android web application or an Android application.
In either case, physical goods are not supported at this time
on mobile apps.
You could use the Checkout API.
Right now, that's your only option.
But that is only available to merchants in the United States
and the United Kingdom.
So there's a big limitation right there.
The good news is that we are working on expanding the
current Digital Goods API to support physical items.
So that will come, and it'll also be
available in more countries.
PENG YING: There's a few different payment method APIs
that we're currently working on.
And then these are geared towards physical goods for
mobile or for the web.

Should I take the next one, or do you want to
take the next one?
MIHAI IONESCU: I can take the next one.
PENG YING: OK.
MIHAI IONESCU: So the next one also related to
Google Wallet Mobile.
The question is "If I lose my phone, how can I prevent my
Google Wallet Mobile from being used to make payments?
What other security components are part of
Google Wallet Mobile?
So it's a very good question and a question
that comes up regularly.
There are lots of protection layers to prevent
unauthorized use.
First, you have two layers of passwords.
The first one is your Android screen lock.
You have to turn on your screen in order to enable any
NFC type of payment.
And then unlike leather wallets, you have an extra
four-digit Google Wallet pin that prevents
unauthorized access.
So that's the first layer.
The second layer, if your wallet ever gets lost--
your phone wallet-- ever gets lost or stolen, you can
remotely disable it.
And that would prevent any unauthorized use.
Your credit cards will continue to work normally.
It's just your phone is completely disabled right now.
And other security enhancements, we can mention
encryption, the debit and credit cards you store are
stored securely online in the Cloud.
They're not even on the phone.
On the phone, you use a virtual card.
So your credit card numbers are not even
passed to the merchants.
So there are lots of layers that prevent any type of
unauthorized use.
PENG YING: All right, I guess the next one I'll take.
MIHAI IONESCU: You'll take the next one?
PENG YING: "What advantages does Google Wallet Mobile have
over making a payment by swiping a credit card?" I
think there are a few different advantages.
One is simplicity, I suppose.
What happens when you tap to pay is that multiple things
are transmitted.
So for merchants who accept it, it will also transit
things like loyalty cards, offers, and then possibly any
clipped coupons that you've stored.

We hope that Wallet will, in the future, enable you to
store more things within the Wallet.
So like we were talking about previously on one of our
Google Developer Live sessions is that the idea of storing
maybe a transit card in the Wallet or something like that,
tickets, and so on, and so forth.
So we hope that it's a thing of convergence and it
simplifies the user's life.
In addition to that, it's pretty convenient.
So instead of carrying maybe your loyalty cards, your
credit cards, your gift cards, your whatever else that you
may store in a Wallet, you can all have it digitally
represented within the phone.
And it's much more--
the space isn't as large of a concern because
everything is digital.
And the last thing is security.
As Mihai previously mentioned, it's much more secure than
your physical device.
MIHAI IONESCU: Yeah, and less worries if you lose it.
PENG YING: Yeah.
MIHAI IONESCU: Cool.
Next question, "Can you demonstrate using a phone to
make Google Wallet mobile payment at an NFC reader?" We
don't have an NFC reader here, but we can demo.
We have lots of videos--
PENG YING: YouTube.
MIHAI IONESCU: That show it, how it's done.
So I'm going to switch to my computer now, again, and I'm
going to launch a video here.

[VIDEO PLAYBACK]
PENG YING: I don't know if HTMI gets the audio out, but--
-With Google Wallet--
PENG YING: We'll--
-You can pay with your phone at hundreds of thousands of
merchants with any card you want.
To get started, select your card--
MIHAI IONESCU: Pick a card--
-Visa, MasterCard,
MIHAI IONESCU: Any card.
-Or Discover, credit or debit.
If you don't see the card you want, it's a snap to add
another one.
All your payment info is encrypted and stored securely
in your Google account online.
And with Google offers that automatically sync to your
phone, saving is simple.
MIHAI IONESCU: Yes, coupons.
-Let's say you're buying a smoothie.
Just tap the back of your phone on the
terminal and that's it.
A confirmation screen will let you know you're good to go.
Enjoy your blended beverage.
[END VIDEO PLAYBACK]

PENG YING: Cool.
MIHAI IONESCU: Wasn't that great?
Tap and pay, and then enjoy your smoothie.
PENG YING: It's the future.
MIHAI IONESCU: Yes.
And you guys see the page I just put up?
It's very useful.
If you go browse it, you can see lots of merchants that are
accepting Google Wallet.
And if you want to try it, just go ahead and go to one of
these merchants, buy something you like.
PENG YING: Yeah.
I'll take the next question.
"How are payments by Google Wallet processed?
Would a bank charge me a fee for using it?"
So the way that Google Wallet works right now, as Mihai
mentioned, that Google provides a one-time card for
the merchant to process.

It's a prepaid MasterCard debit card, I believe, so that
when the merchant processes it, they just go through their
typical merchant processor or a merchant gateway.
So as a user, you incur no fees.
And as a merchant, you would pay the typical fees that you
do to your credit-card processor.
MIHAI IONESCU: And if I can add, a lot of questions on
security or related to what's just been asked right now
about fees, the answers can be found in our FAQ page.
I'm going to put up again the page so everyone can see it.
It's one click away, google.com/wallet/faq.html,
and lots of good answers to most
frequently asked questions.
So if we didn't answer something on this session or
not to your satisfaction, please go
check out the FAQ page.
And with that said, let me move on to the next question.
Oh, it's an easy one.
"How do I know if a payment terminal will accept Google
Wallet Mobile?" So very simple.
I'm going to put the page up again.
Look for the PayPass sign.
You can see it right there--
PENG YING: Yep.
So we're using the same communication protocol that
your credit card uses, that your MasterCards use, PayPass.
MIHAI IONESCU: So if you see the PayPass sign, you can tap
your phone and pay.
PENG YING: Yep.
I guess I'll take the next one. "Can I attach a debit
card to my Google Wallet Mobile?" Yes.

Now, because we're aliasing the credit card and providing
a one-time card to the merchant, you can actually add
any type of card to your Google Wallet and use it at
any store that can accept payments through PayPass.
So you can add debit cards.
You can add Discover.
You can add MasterCards, anything that is in your
wallet as a method of payment.
Or I would say not anything, but most things that are in
your wallets as a method of payment, you can likely add to
Google Wallet.
MIHAI IONESCU: Just right, most likely will work.
PENG YING: Yeah.
MIHAI IONESCU: Yeah.
You just saw the demo video before.
It had the credit card or debit card screen.
Just try, see what works.
On top of that, if I can add, you are able to add your gift
cards to the phone.
So that's great.
Macy's, Bloomingdale's, you name it.
You get a gift card.
Put it on the phone.
It will be there.
You're not going to lose it.
PENG YING: A few gift card partners.
Some stored value.
MIHAI IONESCU: And very convenient.
OK, let me take the next one, another
security and risk question.
"Is any information stored at risk?
How is the user protected?"
So I think we covered it in a previous question.
To recap, linked credit or debit-card credentials are not
locally stored on the phone.
They're in the Cloud.
The merchant will not get your information.
If your phone is lost or stolen, there is no fear that
your information is compromised.
You can remotely disable it.
All kinds of security layers that protect you.
PENG YING: Yeah.
I guess I've got the next one.
MIHAI IONESCU: Take the next one?
PENG YING: Yeah.
So "Does Google Wallet Mobile work on the Nexus 7?" And the
answer to that is yes.
It should be working on Nexus 7.
MIHAI IONESCU: A resounding yes.
PENG YING: Yeah.
I would hope that it works on our own device.
MIHAI IONESCU: If it works, it works on all devices.
PENG YING: Yeah, so there's an FAQ that-- do you
want to show the FAQ--
of the list of devices that Wallet is supported on.
And if we can bring that up--
MIHAI IONESCU: Let's see.
So if you can see my screen, then actually I think we go to
the Help Center, which is at the bottom of the page.
And in the Help Center, it should be Eligible Devices.
So you see here on the left side at the bottom of the
navigation sidebar, we click on Eligible
Devices, and it's in there.
The Nexus 7 Tablet.
PENG YING: Nice.
MIHAI IONESCU: Yeah, I think it was available the moment
the tablet shipped.
And to come back to a previous question, now that the tablet
is Wi-Fi only, you don't even need Wi-Fi to make a payment,
as we said.
Any Google Wallet payments do not require any connectivity.
So I think you are somewhat related to this aspect.
So just take your Nexus 7 out there and buy stuff.
And this is the list of devices currently supported.
PENG YING: I think you get the next question.
MIHAI IONESCU: I'll get the next question.
So actually, let me see.
We have quite a few questions about international
availability, and we get them every session.
And the answer is invariably we cannot make any firm
announcements at this time.
But we can point you to the newly launched Google Wallet
page on Google+.
It has a lot of timely announcements and a lot of
discussion on these topics.
They are much more frequent than our biweekly session.
So please check it out.
And that's the first place you're going to hear about the
new launches and availability.
PENG YING: Yep, social media, it's taking over.

I guess I'll take the next one.
"Does a transaction using Google Wallet Mobile look any
different than a credit-card swipe to the cashier?" Well,
other than going up to the PayPass terminal and then
tapping your phone, the transaction should look
identical in the sense that if you were to take a credit card
and tap it, the credit card transmits on the pin, the
[INAUDIBLE] number, or the account number, to a terminal.
And then you would be able to process it normally like that.
The phone is doing the same thing.
So it's riding the same payment rails.
And to a cashier, it should look like the same flow.
MIHAI IONESCU: They may be a little surprised.
PENG YING: Yeah, like, what's that, a phone?
MIHAI IONESCU: It's magic.
What did you do?
PENG YING: Can you do that again?
Can you make a few more purchases?
MIHAI IONESCU: Yeah.
Did you really pay?
I'm not going to give you your stuff.
So that's fun.
I would say I experienced that with merchants, and they were
really amazed of how fast it was and how convenient.
And yeah, go try it.
I'm sure you'll have fun.
I'm looking at a couple of questions which
are somewhat related.
The question is "How will a store handle a Google Wallet
transaction if they require a signature?" And the second one
is if they require to see the card.
So generally, stores are asking you to see the card and
the signature to make sure the card is signed, to make sure
you sign with the same signature, to double check
that the card is not a duplicate or
a compromised card.
So none of this really applies when you make a payment with a
mobile device.
Your card is already stored in there.
It is saved in the Cloud.
There is no reason if the transaction goes through for
the merchant to check the
physical card or the signature.
So I think those are corner cases, and probably the
merchant is not educated.
PENG YING: Well, I think before you can enter in a
card, you have to enter in some identifying information
associated with the card so that Google Wallet can ensure
that the card belongs to you.
It's pretty minimal information, but it's to know
your consumer and make sure that it's not a stolen card
that we're adding to our network.
MIHAI IONESCU: So the security check already happened.
The merchant is protected and doesn't need to actually check
your physical signature.
PENG YING: Yep.
MIHAI IONESCU: All right, getting closer to the end.
Let's--
PENG YING: Should I take this last one?
MIHAI IONESCU: Yes, let's do that.
PENG YING: All right. "Does Google Wallet Mobile protect
me against unauthorized payments the same way my
credit card does?" Because we're using your credit card
as the back instrument, you should receive the same
protections--
you would receive the protections that your credit
card provides for you.
We're simply putting an alias card in front of it, or
putting a one-time card in front of it that is backed by
your card, which means that all payments will eventually
end up on your card.
And we're working--
or we have ties in place to ensure that this
kind of stuff happens.
So yes, you will be protected against unauthorized payments.
MIHAI IONESCU: So again, lots of good answers to questions
on the security, privacy, and merchants
are in the FAQ section.
So if something we didn't answer,
please go check it out.
All right, we got close to the end.
Thank you, everyone, for submitting questions.
PENG YING: A reminder to if you signed up for DevFest
West, we'll see you this weekend.
And then be sure to check out developers.google.com/jobs for
information about our jobs availability.
We hope to see you next time.
MIHAI IONESCU: All right, bye-bye.
PENG YING: See ya.

[MUSIC PLAYING]