Copyright © 2017 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and permissive document license rules apply.
The Basic Card Payment specification describes the data formats used by the PaymentRequest API [PAYMENT-REQUEST-API] to support payment by payment cards such as credit or debit cards.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
The working group maintains a list of all bug reports that the group has not yet addressed. Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This specification was derived from a report published previously by the Web Platform Incubator Community Group.
Sending comments on this document
If you wish to make comments regarding this document, please raise them as GitHub issues. Only send comments by email if you are unable to raise issues on GitHub (see links below). All comments are welcome.
This document was published by the Web Payments Working Group as a Working Draft. Comments regarding this document are welcome. Please send them to public-payments-wg@w3.org (subscribe, archives).
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document is governed by the 1 March 2017 W3C Process Document.
This section is non-normative.
This specification is a Payment Method specification for use with the PaymentRequest API [PAYMENT-REQUEST-API]. With it, merchants can collect the basic card details (card holder name, card number, etc.) through the PaymentRequest API that they have traditionally collected through Web forms, but with an improved user experience.
The Web Payments Working Group is also investigating payment methods that offer greater security (e.g., through tokenization).
This specification relies on several other underlying specifications.
The payment method identifier string for the Basic Card Payment method is basic-card
.
This section describes payment method specific data that is supplied as part of the data
argument to the PaymentRequest
constructor.
enum BasicCardType {
"credit",
"debit",
"prepaid"
};
dictionary BasicCardRequest {
sequence<DOMString> supportedNetworks;
sequence<BasicCardType
> supportedTypes;
};
The BasicCardRequest
dictionary contains the following fields:
supportedNetworks
supportedNetworks
field contains a sequence of identifiers for card networks that the merchant accepts. W3C maintains a list of approved
card network identifiers.
supportedTypes
supportedTypes
field contains a sequence of card types that the merchant accepts. Implementations will determine how to match the type values credit
, debit
, and prepaid
.
The supportedNetworks
and supportedTypes
fields are both optional. If neither is provided then any card may be returned. If only supportedNetworks
is provided then any card type may be returned
provided it matches one of the networks. If only supportedTypes
is provided then a card may be returned from any network provided it matches one of the types.
The BasicCardResponse
dictionary contains the response from the PaymentRequest API when a user accepts payment
with a Basic Payment Card payment method.
dictionary BasicCardResponse
{
DOMString cardholderName;
required DOMString cardNumber;
DOMString expiryMonth;
DOMString expiryYear;
DOMString cardSecurityCode;
PaymentAddress? billingAddress;
};
The BasicCardResponse
dictionary contains the following fields:
cardholderName
cardholderName
field contains the cardholder's name as it appears on the card.
cardNumber
cardNumber
field contains the primary account number (PAN) for the payment card.
expiryMonth
expiryMonth
field contains a two-digit string for the expiry month of the card in the range 01
to
12
.
expiryYear
expiryYear
field contains a four-digit string for the expiry year of the card in the range 0000
to
9999
.
cardSecurityCode
cardSecurityCode
field contains a three or four digit string for the security code of the card (sometimes known as the CVV, CVC, CVN, CVE or CID).
Owners of web sites SHOULD NOT store the payer's card information except where warranted, such as storage for future and recurring payments. When card information is stored, web site owners SHOULD take measures to prevent its disclosure.
Note: Implementers may be subject to PCI DSS or other regulations, but discussion of those considerations lies outside the scope of this document.