-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider allowing Alice to send payment details during RFQ or Order step #323
Comments
For many To zoom out for a minute, it is common and beneficial to require basic payment information (e.g., the type of The RFQ/Quote response stage is usually focused on providing the sender with information about the exchange rate, fees, and the amount the recipient will receive, rather than collecting sensitive payment information. Reasons can include:
It seems reasonable to collect sensitive payment details later in the process during the "Order" stage, after the sender has agreed to the terms of the transaction and is ready to fund the transfer. |
In favor of "It seems reasonable..." though I would add, to support the broad array of potential use cases the protocol probably has to support the transmission of PII at both the RFQ or the Order stage. Right? Because I can think of concrete use cases in the realm of credit transactions wherein, in order for a Quote to be issued, PII must have already been submitted. Perhaps we can simplify by deeming any such use case as out-of-scope. |
I have thought for some time as to why things were in RFQs and why order contained all the information and why Order was really an ACK. In the original paper there is a back and forth with "bids" and "asks" and then a final bid which is "acked", so I think, but am not sure, maybe that was the origin of why The only possibly vaguely functional reason as to why to include it in RFQ I could think was to know enough to decide if a quote can even be provided (checking denylists etc) and perhaps some finer grained decisioning around PII (but I don't know what that would be in the case of a payment or remittance, for insurance for example of course, but that isn't really a case that is relevant!). Also, having tried a few things just yesterday, from what I can tell all of them quote before having all that information, but to get a real quote (for example with OFX) I was onboarded with them (so they had some PII of mine, and knew I would be receiving a remittance by an AUD bank account) so it isn't quite as clear to me (and perhaps is why the paper had that dance of BID/ASK and then an ack). Having said that, the KYC process would take care of the onboarding-ability with a PFI, so I conclude like @frankhinek that if we could, perhaps putting data in the order instead of the RFQ may make more sense in the general case. EDIT: I just realised KYC happens when you ADD a PFI, so at that point, does that mean the PFI is showing offers potentially specific to you? (the spec doesn't say that, as offering is an endpoint anyone can access, like a shopfront window) but providers I have worked with, the offers are fine tuned to me once I am onboarded. |
Agree with that it seems most reasonable to have the actual instrument info (i.e. debit card number) on the Order message as it the customer is accepting the quote. Im forgetting if there was a reason it was placed on the rfq, but it might be because thus far weve only built on ramp proof of concepts w a payment link, not a literal debit card, thus attaching debit card info on rfq might not have been given a second look (or I might just forget why its there lol). I'm pretty sure for the on ramp via payment link, the payment link is returned in the quote in response to the rfq, and to confirm execution, the customer must go to the link and submit payment details there instead of actually sending an Order message. In this case, Order messages to confirm execution is redundant and was not actually used in the poc. |
This does come up for offramps though, we do currently need to provide external bank acct info on rfq (based on the tbdex spec), which i also think would be better suited on order. |
aye @michaelneale you got it. the reason all information was requested as part of the RFQ was because at that time we were operating under the assumption that KYC would happen implicitly using the details provided within an RFQ and we didn't want to:
the 2nd point still being possible is why i think adding the ability to request payment details at order time vs. replacing the ability to request details at rfq time makes sense. |
yeah - sounds reasonable. @mistermoe now KYC happens at PFI onboarding, does that also change offerings to be different after KYC vs anon offers via offers endpoint? |
Using an IRL example, sending in all payment details in the RFQ step would be analogous to:
Offering
: At a farmer's market, I look at various cheese being offered at a stand. It says she sells goat cheese and she accepts US debit cards.RFQ
: I ask how much it would be to buy 1/2lb goat cheese using a debit card, but while asking, I start whispering my US debit card number to the cheesemaker (??)Quote
: Cheesemaker tells me how much 1/2lb goat cheese is (10 USD), and shows me her phone that lets me tap my card to payOrder
: I tap the phone and payOrderStatus
: Cheesemaker cuts and wraps the cheeseClose
: I walk away with the cheeseMy qualm is with step 2. Why do I need to provide my debit card details during the RFQ step? It would be quite weird to do this in IRL, is there something would make this not weird / required in a tbdex exchange?
A scenario that would make more sense to me is that I'd send over my debit card details during the
Order
step, but currentlyOrder
is an empty struct.The text was updated successfully, but these errors were encountered: