From a pure statistical comparison (as also presented in the keynote) your face is more unique than your fingerprint in normal situation. When talking about edge cases (like someone trying very hard to rob you) then both of them have their own drawbacks.
So from this points of view I don't see any major difference betweeen them.
If you trust TouchId then you can trust FaceId in the sense of correctly indentifying while paying that YOU are the one who is authorizing the payment.
I don't think there will be another confirmation other than the payment Flow implemented by the apps.
That's not what I meant. I'm interested in the UX. When I accidentally click to purchase an IAP currently, nothing happens until I actually confirm it with TouchID. With FaceID it could presumably already have confirmed the purchase because I looked at the screen too long.
If it works anything like Apple Pay, you'll be required to push the side button to confirm a purchase. The Face ID piece will simply authorize you but there's still an action required to make the purchase.
