In retrospect: Payment APIs in the Browser from Anders Rundgren on 2021-01-20 (www-tag@w3.org from January 2021)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 20 Jan 2021 07:21:12 +0100
To: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <3b66c144-c8ee-e271-afcc-5e4081885fe4@gmail.com>

Years ago I publicly expressed doubts [1] about the idea creating a specific payment API in the browser.

One of the reasons was architectural: a browser is a platform, while payments represent applications. Usually you want applications to utilize features of the platform rather than integrating applications in the platform itself.

In the case of https://www.w3.org/TR/payment-request/, payment applications are not integrated in the platform, but are assumed to implement an abstract interface. My reservations about this concept was that I suspected that such an interface would stifle innovation since it is difficult knowing in advance what different applications may possibly need.

Since this activity begun I have therefore rather followed the path outlined in the linked document. The current solution supports the following features which squarely matches a fixed payment API:
- Standardized digital receipts
- Real-time account balances
- Account-to-Account payments using EMV-like schemes including refund support
- POS payments
- Gas station payments
- RBA (Risk Based Authentication)
- Transaction privacy
- Secure CoF/AoF (Card-on-File/Account-on-File) support
- Secure enrollment of payment credentials

A planned next step, person-to-person payments is entirely outside the scope of the W3C work although it has become a "must have" feature.

However, this is just the tip of the iceberg; the biggest problem is that the payment industry including Google, are rather using native applications. The promise, enabling powerful payment applications to be written in "pure" Web technology has not been accomplished.

To cope with that, Google/Shopify/W3C are currently testing a specific payment application (Secure Payment Confirmation) for inclusion in the browser itself. To me, this is as far from the "Open Web" as is technically possible and will most likely be rejected by the payment industry who wants to define/standardize payment applications on their own.

thanx,
Anders

1] https://cyberphone.github.io/doc/web/webpayments-taleof2roadmaps.html

Received on Wednesday, 20 January 2021 06:21:28 UTC