My Google I/O 2018: G-Pay and Identity

Using Google Pay on your web site can improve your e-commerce conversion rates. Shoppers are not required to re-enter credit card or shipping details on new sites, greatly streamlining the checkout flow (especially on mobile devices).

In this blog I continue with my Google I/O 2018 summary. Part 1 in this series focused on Google Assistant. Part 2 on VR, AR, and Web standards. Here is part 3 on Google Pay and Identity management. As per part 1, the following are my personal notes from various sessions I attended – errors are my own!

Google Pay

Why Google Pay?

  • Website checkout and payment flows still have surprising gaps. 26% of sites in one survey lost user entered inputs on forward/back navigation; 46% did not do interactive error messages for common mistakes during data entry (e.g. JavaScript validation to ensure a US zip code is all digits).
  • Google Pay (https://developers.google.com/pay/) was formerly a collection of separate services such as Android Pay and Google Wallet aimed at reducing payment friction. Google Pay is now a “best practices” solution.
  • Google Pay powers experiences like Google Play (Android app store), YouTube subscriptions, and more – Google depends on the service itself.
  • Registered Google Pay users do not have to re-enter card details, addresses, etc., reducing friction at checkout/payment time – which is particularly useful on mobile devices.

G-Pay Design Requirements

  • Must have a fast, lightweight UI.image1
  • Can be dropped on bottom of a product page as a sticky.
  • Works with many popular payment processors. (The provided JavaScript library for web sites is free to use – the payment provider is where the fees are.)

image7

  • Internationalized buttons.

image10.jpg

  • Users can update and manage their card information safely and securely.
  • Supported on a wide range of browsers (Android, Safari iOS, etc). Still works on browsers that don’t yet support Web Payments API.
  • Security matters – be secure, but it is also important to make UX “feel” secure for your visitors. Google is a recognized brand name.
  • Google encourages tokenization – avoid sending card data to your site.
  • Transaction notifications are supported for added security.
  • Receipts all visible in the G-Pay account (for user auditing).
  • Users trust G-pay more than your own payment approach.
  • G-Pay can store loyalty card information as well.
  • The mobile app also allows sending money to friends.

General Advice

  • Use auto fill for forms, including with credit card details if you don’t use G-Pay.
  • 30% speed improvement on average using autocomplete. Make sure you use the standard field names to maximize auto completion success rates (e.g. use “cc-csc” for CVC number).
  • Use “placeholder” attribute, not JavaScript, to display prompt text when field is empty for autofill works more reliably.
  • See https://g.co/pay/autofill for more details.
  • But the Google Pay button is better than autofill. Make G-Pay the default if you can.
  • Forced account creation was second biggest reason for abandonment, so allow G-Pay with guest checkout, then ask if user wants to create an account at end of payment flow to reduce risk of losing the sale.
  • Good to show which payment method it’s going to use on the page alongside the cart, tax, shipping costs, etc.
  • Show same info in receipt – show payment was made with G-Pay with last 4 digits of credit card number.
  • Dark button recommended – seems to be more popular!image6
  • Might not need to check identity as tightly on phone as its a personal device, but shared google home needs better verification. Starbucks for example added Google Pay to send money to the user’s Starbucks account. Notification sent to phone afterwards. So can only order via Google home using money in your Starbucks account.
  • GoogleYOLO – You Only Login Once.

image4.jpg

G-Pay Use Cases

  • G-Pay is already widely adopted.image11
  • Several transit authorities now support G-Pay, increasing the number of pre-registered users.
  • Door dash app – one page summary of cart, with pay button on the page. Pop up and confirm. Very slick payment flow. (Also used Google Maps for delivery location.)
  • Hotel Tonight discovered 65% of users were more like to complete a payment after installing Google Pay. Many other sites have also increased conversion after adoption.
  • Higher conversion rates have also been seen for new customers who have not registered a card yet.

Sign Up / Sign In

  • Sign up and sign in are valuable beyond G-Pay.
  • Want good security with good experience. Want to make it easy for developers too.
  • Passwords are painful – weak, forgotten, reused, stolen.
  • Identity federation is better, using standards like OpenID or OAuth2. Services provide authentication and profile information.
  • Google supports one tap sign up and auto sign in. Redfin saw 80% increase in signups. Trivalgo 50%. Another music site got x43 more!
  • One tap sign up is a very slick experience. No email verification needed (if they already have a Google account). Works across browsers.
  • Developers.google.com/identity
  • Firebase authentication library allows you to use Google identity plus your own additional registered users (e.g. so can create customer accounts for users without a Google profile).
  • How to block account hijacking? ReCaptcha v2 based on user click. Does all fallback to additional checks. But bots are getting smarter. V3 reCaptcha public beta was announced at Google I/O. Returns a score rather than a black and white trust/don’t trust. You can now decide trust level needed by your site. E.g. payments require more checks, a free email list subscription requires less. So you can reduce friction if security is less critical.
  • Credential management API: an Open Web API for credentials. Auto sign in, or password challenge or federated credential. Adding certificate credential support this year.
  • One study shows passwords shared on 20% of sites.
  • Even one time passwords not very good. Can do man in the middle attack. 12.4M phished each year. Physical security keys are better (and becoming cheap). Web authentication API (webauthn) coming soon – it’s already in Chrome beta. Works with security keys. Can also use finger print scanners on device.
  • PayPal can use it already, with fingerprint authentication.
  • Can adopt security measures incrementally if needed.

Conclusions

Google Pay (G-Pay) is an easy way to improve the conversion rate on your e-commerce site, especially for mobile devices. It avoids the need to for shoppers to re-enter card and address information on different sites, made possible due to the wide penetration of Google identity services and federation. For more details see the Google Pay site  (https://developers.google.com/pay/).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: