Help simplify & streamline the process of filling in credit card details in Firefox for Android by allowing users to securely store their credit card information as part of their Firefox profiles/accounts, and to have that information readily available as an autofill function when filling in forms on the web.
Currently it's really more difficult than it needs to be fill in credit card details online, particularly when on a mobile device. We want to make it easier for users to engage in ecommerce while on their mobile devices, and to help reduce typing and errors when doing so.
US data shows that tablet users are more likely to use their browser for m-commerce activity (56%) versus using a mobile application. Smartphone users will use the browser 22% of the time (and use specific applications). The intent with this feature is to not only make the tablet m-commerce experience easier, but with an added implication that we can make smartphone shopping easier by not having to input credit card details in all the time. (http://www.comscoredatamine.com/2013/08/apps-drive-smartphone-engagement-browsing-wins-on-tablets/)
- Final set of specifications TBD
- For consideration
- Storing your credit card details does not necessarily need to be linked to your Firefox Account, although this MAY be a path we want to pursue (upon implementation or at a future date)
- The main point here is that credit card details should be kept as an in-field option (like passwords) when it comes across common (and tagged) credit card fields
- Can we treat as a similar way that we do with passwords, ie come across a common credit card field once and ask the user if they wish to remember?
- Obviously security comes into play here, so we'll need to watch the security model closely
- As a user, I expect Firefox to ask for my permission any time the browser identifies an opportunity to store my credit card information, so I don't have to worry about it storing this information without my knowledge or consent.
- As a user, I would like the option of storing my credit card information (numbers, expiry date, and security code) in my browser so I can easily and automatically fill in those details on websites that need credit card information to make my shopping experience easier and quicker on a mobile browser.
- I would also like to be able to store my billing and shipping addresses, so it's easier for me to fill in that information when needed.
- As a user, I expect that my credit card information will be stored securely by my browser, and that it will require a password to autofill the fields, even if I do not use a master password for anything else in my browser.
- As a user, I expect that I will be asked for my password once per page when I am using this information to fill in a form. For example, when filling in the credit card #, expiry date, and security code fields in a form, I will be asked for the password only for the first form field I am filling in on that page. If I move to another page and use this autofill feature again, I expect to be asked for my password again.
- As a user, I expect there to be several ways for me to access this autofill information, including through settings where I can clear or replace the information for a stored card, through the browser's context menu, and as an automatic prompt if my browser recognizes a form is requesting credit card information.
- As a user, I expect to be able to store information for several different credit cards in my browser, all protected by the same password, so it's easy for me to select between them.
- As a user, I expect to be able to set an easy-to-remember name for each credit card, so I don't have to remember which is which based purely on the credit card number.
- As a user, I want Firefox to intelligently prompt me to use my stored credit card information to autofill a form if it recognizes a form as requiring credit card information. It should be easy for me to specify which credit card to use, if there is more than one card stored.
Research & other examples
- Credit card information should only ever be accessible through the browser, and only then when the user is successfully authenticated. There should be no way of accessing that information from outside of the browser (ie: by accessing the device file system or what have you), and no way to access that information without successfully authenticating.
- Security review successfully completed
- Privacy review successfully completed
- Specifications are met
- User stories are satisfied