In June 2020, Anne Pouillard and Sebastian Giraldo Botero from Wordline shared a pre-recorded demonstration in Chrome that featured three APIs being developed at W3C: Payment Request, Payment Handler, and Web Authentication (WebAuthn).
In particular, this demo shows an experimental "minimal UI" checkout experience, where the user simply authenticates to pay.
See also the 2018 Worldline demos.
Once authenticated to her bank, the user is invited to install the bank payment app that will allow simple and secure use of her bank card for web payments.
The registration process begins with a WebAuthn enrollment flow. The bank (the relying party) generates a challenge for the browser which then relies on the mobile phone's authenticator to authenticate the user. The user can choose from multiple authentication methods (FIDO key, fingerprint). In this demo the user chooses fingerprint authentication (previously set up as a means to unlock the phone). When the user authenticates successfully, the bank registers both credentials (public key) and the signed challenge for this user.
After Web Authentication enrollment, the payment handler is registered in the browser : it includes a token corresponding to that particular user's card. After registration, the user can verify in the phone settings that the payment app has been correctly installed.
The user has ordered some products on a eCommerce site and is ready for checkout. We assume that this eCommerce site has a machine to machine connection with an card acceptance platform.
When user clicks the checkout button, the Payment Request is built and partially shown in the minimal UI. Then the user is asked for fingerprint authentication. On successful authentication, the Payment Handler process the payment request : it makes a call to the bank server in order to retrieve card details associated with the token of the user's card.
Once the eCommerce site has all the card details (tokenized or not, depending on the bank implementation choice), it can provide them to the card acceptance platform in order to authorize the card transaction and accept the payment.
The pre-recorded video is Copyright © Worldline.
Questions? Please write to the Web Payments Working Group <email@example.com>. Please note this is a publicly archived mailing list.