Wallet Controls Overview

The Microsoft® Wallet version 2.1 helps shoppers purchase items quickly, easily, and securely at their favorite online stores. In addition, merchants benefit from an enhanced shopper experience through increased sales and shopper traffic at Web store sites.

The Microsoft Wallet 2.1 facilitates electronic transactions using the following tools:

Important

The Address Selector and Payment Selector are available as plug-ins for site visitors who use Netscape Navigator and as ActiveX™ controls for site visitors who use Microsoft® Internet Explorer.

The Wallet SDK provides the tools for third parties to extend the Microsoft payment platform with their payment types. The SDK contains the following sample code and documentation for third-party payment providers to develop payment extensions:

Requirements

The Microsoft Wallet controls require Netscape Navigator version 3.0 or later, or Internet Explorer version 3.0 or later. In addition, the Microsoft Wallet can be used only at merchant sites that have scripted support for the controls on the payment page.

Microsoft Wallet

The Microsoft® Wallet consists of two ActiveX™ controls: an Address Selector and a Payment Selector. These controls facilitate an electronic purchase at a merchant Web site. Aside from providing a convenient method of posting shopper information to a merchant site, the Microsoft Wallet provides the most secure environment for storing credit card information.

A client payment component (CPC) object in the Payment Selector implements a payment method such as credit cards or electronic cash debit cards. The Credit Card CPC that ships with the Microsoft Wallet contains several default payment types, such as Visa, MasterCard, and so on. Using the Wallet SDK, you can create your own CPC to support other payment methods. For information about how to build a CPC, see the section “Sample Client Payment Component.”

You can also create new payment types (such as a department store card) that plug into the default Credit Card CPC. Shoppers can then add, delete, or edit instances of this new payment type in the same way they manage the default payment types. Because the are many varied types of credit cards, this payment type is referred to as the Other Card.

For information about how to build an Other Card payment type, see the section “Sample Other Card Component.”

The following diagram shows how the Payment and Address Selectors function within the Wallet architecture.

Migration from Microsoft Wallet Version 2.0

The Microsoft Wallet is upgraded to the most current version automatically when the shopper uses an outdated Wallet at a site that supports that latest version. Using an outdated Wallet generates a dialog box requesting the user’s approval to install version 2.1 of the Wallet. If the user approves the upgrade, version 2.1 of the Wallet is installed on the client computer transparently. All user data is transferred to the new Wallet storage, and is available to the shopper through the Wallet user interface.

Migration for Other Card Components

Note that version 2.1 of the Other Card components does not enter any information other than necessary registration of Component Object Model (COM) objects in the registry. All of the registry entries defining an Other Card are now created by the Credit Card CPC. In addition, the Wallet’s Credit Card CPC only permits installation of Other Card types that are unique. If a payment type already exists in the Payment Selector, installation of that type stops and an error is returned to the user.

Note

Other Card components created with version 1.0 of the Microsoft Wallet Kit will not work in version 2.1 of the Wallet. You must rebuild them. For information, see the section “Sample Other Card Component.”

Support

If you have any questions or issues about the Microsoft Wallet, contact our product support team at mswallet@microsoft.com.

Signing Controls

If you use the Wallet SDK to build a Client payment component, PIP or Other Card, you must sign the resulting .dll, the associated .cab file, or any other extension to the Wallet before it can be loaded by the Payment Control. Signing your file makes it possible also for Microsoft's Authenticode™ technology identify the publisher of software to users before the user downloads this software from the Internet.

To sign your code
  1. Download the latest version of Microsoft® Internet Explorer version 3.0 from http://www.microsoft.com/ie/download.
  2. Apply for credentials from a Certificate Authority (CA). Go to http://www.microsoft.com/workshop.prog/security/authcode/certs.htm for instructions on how to obtain a Software Publisher's certificate from a CA. After identifying the CA from which you want to obtain a certificate, visit the CA's Web site to fill out an online certificate application.

    Once you have completed this application, it will take approximately one week for the CA to verify your information. Once the CA has verified the information you have provided, the CA will issue you credentials and a private key that you must store securely. You need both the provided credentials and the private key to sign your code.

  3. Get the latest version of the ActiveX™ Software Development Kit (SDK). You can download the latest version of the ActiveX SDK from http://www.microsoft.com/workshop/prog/sdk/. The tools that you use to sign your code are included in the SDK. Consult the code-signing documentation provided in the SDK for additional information on using these tools.
  4. Prepare your files to be signed. If you are building any PE file (.exe, .ocx., .dll, or other), you do not need to do anything special to prepare the files. If you are using a .cab file to distribute your control, you need to add the following entry to your .ddf file before creating the .cab file:

    Set ReservePerCabinetSize=6144

  5. Sign your files. You can now use the ActiveX SDK to sign your .exe, .cab, .ocx, or .dll file. Currently, only 32-bit files can be signed.

    The following is an example of how to use signcode.exe, which is included in the ActiveX SDK, to sign your files:

    signcode -prog myfilename -name displayname -info http://www.mycompany.com -spc mycredentials.spc -pvk myprivatekey.pvk
    
  6. The following table describes the parts of this example command.
    Command Part Meaning
    myfilename Name of the file to sign.
    displayname Description of the file that will show up in the certificate.
    http://www.mycompany.com Should provide the user with more information about the file to be downloaded.
    mycredentials.spc Name of the credentials file obtained from the CA.
    myprivatekey.pvk Private key that was generated during the application process with the CA.

    Note that if you invoke signcode.exe without any parameters, it will run a wizard that will step you through the signing process.

  7. Test your signature.

If your signing process was successful, running chktrust as described previously will bring up a certificate.

The Wallet and the Protected Store

Microsoft's Protected Store, which is a component of Internet Explorer 4.0, supports securely storing important, private information, such as credit cards, electronic drivers licenses, ATM cards, and electronic cash. The Protected Store stores this information such that no one can access this information without the user's permission. Additionally, the Protected Store allows this information to be securely transmitted to any computer and used with any application through the user of PFX technology.

The Wallet is designed so that if Internet Explorer 4.0 is installed on a system, Payment control data is automatically migrated to the Protected Store.

Address Selector

The Address Selector stores users’ personal and business addresses securely on their computer. To add an address, a user completes a dialog box with business or personal address information that is stored according to a display name or nickname. Shoppers at merchant Web sites that support the Microsoft Wallet can select addresses from the Address Selector by their display name, without having to fill out a series of merchant HTML forms. Address information is stored securely on the client computer and only released to the merchant if the user clicks OK in an Address Security dialog box.

The ten addresses most recently selected by the user are displayed in a drop-down list in the Address Manager. Users can access the remainder of their addresses by clicking the All addresses button, which generates a dialog box that lists all other addresses in the Wallet storage.

The Address Selector is fully integrated with the Windows Address Book (WAB), if the WAB is on the user’s computer. Clicking the Address Book button of the Address Selector allows users to select from addresses in their Windows Address Book and add them to the Address Selector.

Payment Selector

Users can complete online transactions using the Payment Selector to choose a type of payment. The Payment Selector currently contains the VISA, MasterCard, JCB (only in Japan), American Express, and Discover (only in North America) payment types. Other third-party payment providers are developing payment types that extend the Microsoft Wallet payment platform. Third-party payment types range from a bank debit card to an electronic cash card. In addition, merchants who want to offer branded credit cards can easily write components to plug into the Payment Selector interface. The Payment Selector can store any number of credit card types.

The Payment Selector Add Wizard guides Wallet users through establishing a new credit card by entering credit-card information, providing a billing address, and assigning a password to the credit card. The credit-card information is encrypted and stored in the Wallet protected storage on the client computer.

If a merchant site supports the Microsoft Wallet, shoppers can quickly and easily select their preferred type of payment from the Payment Selector without having to complete HTML forms for billing and credit-card information. The ten credit cards most recently used are displayed in a drop-down list. The remainder of credit cards in the Wallet are displayed by clicking the All payment types button. Payment information is stored securely on the client computer and released to the merchant only if the user enters the credit-card password to approve the purchase amount.

Note

A single Payment Selector can store credit cards owned by different people, because each credit card is protected from improper use by a password assigned by the cardholder.

Using the Controls

For information about how to use the Microsoft Wallet controls on a Web page, see Understanding the Script in the Webmaster Kit Samples.

Wallet Security

The Microsoft® Wallet provides shoppers with secure and convenient storage for their payment and address information. Credit-card information is encrypted and stored in the Wallet protected storage.

The Microsoft Wallet also contains a Payment Builder interface that allows third party encryption methods to plug into the Payment Selector’s Credit Card component. This encryption interface supports extensions such as the SET protocol that provide additional security during the payment process. The appropriate encryption protocol can be selected by the Credit Card component based upon the Accepted Types string. The Payment Selector’s Payment Builder interface allows shoppers to conduct electronic transactions using the most secure encryption available for their credit-card information.


© 1997-1998 Microsoft Corporation. All rights reserved.