https://portswigger.net/daily-swig/microsoft-pushes-ahead-with-controversial-buy-now-pay-later-feature-for-edge-browser The Daily Swig [ ] ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) Regions Hacking News Data Breaches Cyber-attacks Vulnerabilities Bug Bounties More About Africa Asia Europe Middle East Latin America North America Oceania View all US news APT focus Take a closer look at Iran's state-sponsored hacking groups Regions Latest Hacking News Hacking Tools Hacking Techniques Pen Testing Cloud Security Database Security Email Security Network Security View all hacking news Movers and shakers OWASP stirs up web app threat categories in 2021 Hacking news Latest Data Breaches Data Leak Organizations Enterprise Security View all data breach news In focus Software supply chain attacks - everything you need to know Data Breaches Latest Cyber-attacks Cybercrime Cyber Warfare DDoS Attacks Supply Chain Attacks View all cyber-attack news Special report North Korean cyber-threat groups become top-tier adversaries Cyber Attacks Latest Vulnerabilities Zero-Day News RCE XSS SQL Injection SSRF CSRF XS Leaks View all security vulnerability news I, robot Machine learning security vulnerabilities are a growing threat Vulnerabilities Bug Bounty News VDP News Research OSINT View all bug bounty news Bug Bounty Radar The latest programs for October 2021 Bug bounties Interviews Analysis Research Deep Dives Browsers Ransomware Phishing Malware Encryption Privacy Mobile IoT Policy and Legislation Machine learning DNS Open Source Hardware Authentication Events View all infosec industry news Cybersecurity conferences A schedule of events in 2021 and beyond More topics Microsoft pushes ahead with controversial 'buy now, pay later' feature for Edge browser Emma Woollacott 26 November 2021 at 13:54 UTC Updated: 26 November 2021 at 14:02 UTC Browsers E-Commerce Microsoft Twitter WhatsApp Facebook Reddit LinkedIn Email 'It's like you're recapitulating the worst IE browser extensions and installing them by default', grumbles one user Microsoft pushes ahead with controversial buy now, pay later feature for Edge browser Microsoft is introducing a new feature in Edge allowing customers to pay for e-commerce transactions in instalments - and not everybody is happy. The 'buy now, pay later' (BNPL) feature is, controversially, integrated at the browser level, thanks to a partnership with third-party payments provider Zip, formerly QuadPay. The option is similar to those already offered by many e-commerce sites and web payment providers such as PayPal. RELATED Microsoft unveils 'Super Duper Secure Mode' in latest version of Edge It allows any purchase between $35 and $1,000 made through Microsoft Edge to be split into four payments over a six-week period. The option appears at the point of checkout as an alternative to a credit or debit card number. Linking a Microsoft account to a Zip account will apparently make the purchase process quicker. While the service is being promoted as 'interest-free', some were quick to point out that all transactions are subject to a "$4 flat fee". 'Please, please stop' The new buy now, pay later feature is currently available in Microsoft Edge Canary and Dev channels and, says Microsoft, will be available by default to all users in Microsoft Edge release 96, expected later this month. The company is currently asking for feedback - but what it's getting is far from positive. Read more of the latest browser security news "Please, please stop bloating the browser with these revenue grabs. It's like you're recapitulating the worst IE browser extensions from the 90s/00s and installing them by default," one user said. Some complain that it slows performance down, while one calls it a "predatory lending scheme". Several suggest that the feature will damage Microsoft's reputation. 'Too intrusive' Adam Fowler, a Microsoft Most Valued Professional (MVP), tells The Daily Swig that he, too, is uncomfortable about the buy now, pay later scheme. "Microsoft Edge is the browser that now comes with your Windows PC, and the gateway to the world wide web. Should that product, when detecting that you're buying something and seeing a credit card field, suggest that you could use another financial service to spread the payments?" he asks. "Surely the browser should stay agnostic to what you do and how you do it, instead of promoting certain services to take a cut. It's worse than having a default homepage mixed with news and adverts, because it's more intrusive and triggered when performing a certain contextual action." DEEP DIVES The future of browser security: Check out the latest features destined for mobile and desktop Fowler agrees that the inclusion of the feature damages trust. "For a business, Edge should be the browser that ties into your full Microsoft identity, securely saving what you do through profile settings and favourites in the browser, but suggesting financial services is not a trustworthy action," he says. "Where do you draw the line in advertising and promoting third-party services if Microsoft go ahead with this? There is a difference between using a search engine promoting ads based on keywords, versus the browser inserting extra ads on top of those ads. The browser shouldn't change what you're seeing on a web page for financial gain." Microsoft has not responded to repeated requests for comment. Given the widespread condemnation of the feature, it may be reconsidering a full rollout - its deal with Zip permitting. Check out the Microsoft Edge Insider blog post for further details on the BNPL scheme. YOU MIGHT ALSO LIKE Microsoft fixes reflected XSS in Exchange Server Browsers E-Commerce Microsoft Edge Privacy US Windows North America Retail Organizations Emma Woollacott Emma Woollacott @EmmaWoollacott Twitter WhatsApp Facebook Reddit LinkedIn Email This page requires JavaScript for an enhanced user experience. Latest Posts Ukrainian police expose international phone-hacking gang 26 November 2021 Ukrainian police expose international phone-hacking gang 'Phoenix' group laid low following seizure of computing equipment and stolen devices Maritime giant Swire Pacific Offshore suffers data breach 26 November 2021 Maritime giant Swire Pacific Offshore suffers data breach Organization said it suffered 'unauthorized access' to systems HTTP request smuggling New differential fuzzing tool reveals novel techniques 25 November 2021 HTTP request smuggling New differential fuzzing tool reveals novel techniques Related stories This page requires JavaScript for an enhanced user experience. Ukrainian police expose international phone-hacking gang 26 November 2021 Ukrainian police expose international phone-hacking gang 'Phoenix' group laid low following seizure of computing equipment and stolen devices Bloated browser? Microsoft pushes ahead with controversial 'buy now, pay later' feature for Edge 26 November 2021 Bloated browser? Microsoft pushes ahead with controversial 'buy now, pay later' feature for Edge Maritime giant Swire Pacific Offshore suffers data breach 26 November 2021 Maritime giant Swire Pacific Offshore suffers data breach Organization said it suffered 'unauthorized access' to systems HTTP request smuggling New differential fuzzing tool reveals novel techniques 25 November 2021 HTTP request smuggling New differential fuzzing tool reveals novel techniques Burp Suite Web vulnerability scanner Burp Suite Editions Release Notes Vulnerabilities Cross-site scripting (XSS) SQL injection Cross-site request forgery XML external entity injection Directory traversal Server-side request forgery Customers Organizations Testers Developers Company About PortSwigger News Careers Contact Legal Privacy Notice Insights Web Security Academy Blog Research The Daily Swig PortSwigger Logo Follow us (c) 2021 PortSwigger Ltd.