Proposal:
We define an indicator that merchants can use to signal to wallets that payment should be made via a claimable balance rather than as a direct payment to the account.
1. Buyer chooses to buy item or goes to checkout page.
2. Merchant specifies a muxed account for the destination of payment.
3. Merchant monitors for a claimable balance with a claimant of the muxed account.
4. Buyer sends payment via a claimable balance to the muxed account, adding themselves as a claimant as well.
5. Merchant finds claimable balance and verifies it is an exact payment.
6. Merchant claims claimable balance, updates internal records of payment, and makes the digital item available for download.
7. If there is anything wrong with the claimable balance, or communication with the merchant breaks down, the merchant can ask them to try again, or the buyer can claim back the claimable balance and send a new one.
Note: Replace muxed accounts with memos in a world that muxed accounts have not been implemented in SDKs yet, like where we are today.
Why:
To simplify Stellar integrations for merchants who already accept card payments.
Merchants who accept card payments typically integrate with payment gateways using a two-step model: authorization and capture.
Authorization locks up the amount on the account for a predefined number of days or until the authorization is voided, whichever occurs first. Authorizations typically display as pending transactions to consumers on their digital bank statements.
Capture moves an authorization into clearing to start the process of moving funds from the card issuing bank to the acquiring bank of the merchant. Merchants typically capture an authorization when delivery is being made, such as shipping a product or making it available for download. Separating capture into a second step allows merchants to run additional checks on the buyers method of payment, display a confirmation screen before finalizing payment, and binding operations on the backend that are easier if done together.
This two-step model simplifies payment flows because merchants do not need to monitor payments to accounts, verify amounts, and deal with refunds or reversals for overpayment, underpayment, etc.
Payments on Stellar are push payments. The wallet pushes money to an account and the merchant must identify it, verify if it is an exact payment, underpayment, overpayment, and issue refunds, etc. This complicates integrations for merchants who only do auth/capture payments. But claimable balances provide us with a mechanism for supporting auth/capture style payments natively and simplifying their integrations.
Possible approaches:
This proposal should become a CAP and a SEP:
CAP: An account flag indicating that it cannot receive payments directly.
SEP: Define how wallets identify claimable balances should be sent, and recommended claimants to ensure a wallet can claim back a payment.
Alternatively the CAP could be a SEP if the indicator was implemented as:
1. Data entry on the account indicating that payment should be via a claimable balance. SDKs could fail payments to these accounts in the same way they fail payments to accounts requiring memos when no memo is included.
2. Accounts could keep their trustlines disabled, add a trustline temporarily when claiming the balance, send the balance to another account, then remove the trustline in the same transactions. Wallets could default to sending claimable balances to accounts without a trustline.
Both SEP-only approaches have limitations and problems.
Alternatives with what we have today:
Merchants can already display SEP-7 URLs or QR Codes to wallets that craft the request to be a claimable balance, however it is more common to use simple QR Codes that contain only the destination account, and not all wallets use SEP-7.
Next steps:
I'd like to explore a CAP proposal that prevents payments from being sent to accounts that have incoming payments disabled. I think this change would be rather simple, and would be useful in cases beyond this such as smart contracts which need the balance of an account to be predictable.
Does anyone have thoughts about this? Would anyone be opposed to a CAP that makes this proposal and a corresponding SEP that defines how wallets should interact with it?