Worldpay Web Payments and Web Authentication Demos

On 21 June 2018, Danny Russell (Worldpay) presented demos that illustrate Web Payments flows in different browsers enabled by Payment Request API, Payment Handler API, Web Authentication API and the Open Banking UK API.

As of August 2018, the different browsers featured —Edge, Chrome, and Firefox— have different levels of support for the W3C APIs. The W3C community is working to achieve interoperability among these and other browsers to streamline payments and enable strong authentication on the Web.

Edge

This pre-recorded video illustrates the Open Banking UK API and the Web Authentication API used in Microsoft Edge. This demo does not illustrate Payment Request API or Payment Handler API.

• The user initiates an Open Banking UK payment, selects a bank, and is redirected to the issuing bank's Web site. Not shown: the user has previously performed a Web Authentication enrollment for this account.
• The user logs into their account with a password.
• The browser makes use of Windows Hello API —Microsoft's implementation of FIDO specifications— to authenticate the user via facial recognition.
• Not shown: the user would then select an account to complete a payment via the Open Banking UK API.

Chrome

This demo illustrates Payment Request API, Payment Handler API, Web Authentication API, and Open Banking UK used in Google Chrome.

Enrollment

• The user registers an authenticator with their issuing bank (NatWest). The user has a Yubikey ("Neo" model) inserted in his laptop. The user enters a password to log in to the issuing bank, then enrolls the authenticator (by demonstrating presence via the Yubikey). Although it is not shown, the user has previously registered the "Pay with Open Banking" Web-based payment handler (from Worldpay) via the Payment Handler API.

Payment

• Now on the demo merchant site, the user triggers Payment Request API by pushing the "Pay with Web Payments" button.
• In Chrome's UX, the user selects the "Pay with Open Banking" payment handler and the browser launches it.
• The payment handler implements the Open Banking API. Thus, the user selects an issuing bank (NatWest). The payment handler prompts the user to log in to the issuing bank with a password and then authenticates the user with the same Yubikey.
• The user then selects a NatWest account and initiates payment via the Open Banking UK API.
• The payment handler returns response data for this payment method to the browser (via Payment Handler API), which returns it to the merchant (via Payment Request API).

Firefox

This pre-recorded video illustrates the Firefox implementation of Web Authentication, as well as the Open Banking UK API. This demo does not illustrate Payment Request API or Payment Handler API.

• The user initiates an Open Banking UK payment, selects a bank (Barclays), and is redirected to the issuing bank's Web site. Not shown: the user has previously performed a Web Authentication enrollment for this account using a Yubikey.
• The user logs into their account with a password.
• The browser uses Web Authentication and prompts the user to activate the same Yubikey that was used at enrollment.
• The user then selects a Barclays account and initiates payment via the Open Banking UK API.
• The user is redirected to the merchant site.

All pre-recorded video is Copyright © Worldpay.

Questions? Please write to the Web Payments Working Group <public-payments-wg@w3.org>. Please note this is a publicly archived mailing list.