The W3C Web Payments Working Group has announced that the Payment Request API is now being implemented in all major browsers including Chrome, Edge, Firefox, and WebKit. Facebook and Samsung have also introduced support for the W3C Payment Request API. The Facebook Messenger Extensions SDK includes a PaymentRequest object that supports the API. The Samsung Internet for Android 5.0 release introduced support for the API as well as extended autofill features. The Group also announced that the Payment Request API and Payment Method Identifiers have advanced to Candidate Recommendation Status.
The Payment Request API is part of the W3C payment specifications, the first public drafts published in April of last year. The API is primarily about usability, and it aims to standardize user experience so that checkout and payment are faster and more consistent. The API provides a means to store and rapidly return credentials so that users don’t have to take the time to complete lengthy card numbers and other payment information. The API also allows merchants to use multiple payment methods without having to complete extensive integration with payment platforms.
We reached out to Ian Jacobs, W3C Web Payments Lead, who explained that the group anticipates having a standard hook to bring payment methods to the Web along with an improved user experience will make it easy to bring more secure payment methods to commerce. For example, a number of stakeholders have expressed to the W3C, interest in tokenized card payments. So the Web Payments Working Group is discussing how to effectively use the Payment Request API to facilitate tokenized card payments.
"The standard hooks created by Payment Request API should give us both usability and security benefits - usability through the new browser interfaces, and security through tokenization and other more secure payment methods," said Jacobs.
We also reached out to Dr. Lukasz Olejnik, an independent security and privacy consultant, and researcher, who told ProgrammableWeb that the "Payment Request API makes online payments more secure as it provides a unified and standardized browser-based interaction platform between the customer and merchant. In the long run, it will greatly simplify how payment forms are made. The API went through pretty significant security and privacy scrutiny at W3C."
Olejnik went on to explain that "as for implementation, the focus should be on awareness and consent. Whenever possible, the user should have a choice prior to relaxing of any security or privacy models. The API allows for a relative flexibility, so user agents could consider by default to follow an opt-in scenario (if they chose so) to some of the APIs internals, and explicitly require the user to make an informed decision regarding privacy and usability of the feature. I would suggest making things transparent, and configurable."
The W3C Web Payments Working Group is working on quite a few projects related to web and mobile payments. The Payment Handler API provides a standard method of initiating payment requests from web pages and applications, enabling websites to become payment applications. The Payment Method Manifest is a potential (not official) W3C specification that defines the "payment method manifest" file. According to the W3C announcement post, the Payment Method Manifest supports "the secure deployment of third-party payment apps for proprietary payment methods." In September 2016, the group published the first public working drafts of the Web Payments HTTP Specifications. The specifications include Web Payments HTTP API 1.0 and Web Payments HTTP Messages 1.0.
For more information about the W3C Payment Request API, visit the official W3C website.