This specification describes data structures for card-based payments using WebIDL. It is used by other specifications to facilitate monetary transactions with "basic cards", such as credit and debit cards.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

The working group maintains a list of all bug reports that the group has not yet addressed. Pull requests with proposed specification text for outstanding issues are strongly encouraged.

Note: Sending comments on this document

If you wish to make comments regarding this document, please raise them as GitHub issues. Only send comments by email if you are unable to raise issues on GitHub (see links below). All comments are welcome.

This document was published by the Web Payments Working Group as a Working Draft.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 March 2017 W3C Process Document.

1. Introduction

This section is non-normative.

This specification is a Payment Method specification for use, for instance, with the PaymentRequest API. With it, merchants can collect the basic card details (card holder name, card number, etc.) as an alternative to collecting the same information through a HTML form.


The Web Payments Working Group is also investigating payment methods that offer greater security (e.g., through tokenization).

2. Payment Method Identifier

The standardized payment method identifier for this specification is " basic-card".

3. BasicCardRequest dictionary

dictionary BasicCardRequest {
    sequence<DOMString>     supportedNetworks;
    sequence<BasicCardType> supportedTypes;

The BasicCardRequest dictionary contains the following members:

The supportedNetworks member contains a sequence of identifiers for card networks that the merchant accepts. W3C maintains a list of approved card network identifiers.
The supportedTypes member contains a sequence of card types that the merchant accepts. Implementations will determine how to match the type values credit, debit, and prepaid.

The supportedNetworks and supportedTypes members are both optional. If neither is provided then any card may be returned. If only supportedNetworks is provided then any card type may be returned provided it matches one of the networks. If only supportedTypes is provided then a card may be returned from any network provided it matches one of the types.

4. BasicCardType enum

enum BasicCardType {
A credit card.
A debit card.
A prepaid card.

5. BasicCardResponse dictionary

dictionary BasicCardResponse {
    required DOMString       cardNumber;
             DOMString       cardholderName;
             DOMString       cardSecurityCode;
             DOMString       expiryMonth;
             DOMString       expiryYear;
             PaymentAddress? billingAddress;

The BasicCardResponse dictionary contains the following members:

The cardholderName member contains the cardholder's name as it appears on the card.
The cardNumber member contains the primary account number (PAN) for the payment card.
The expiryMonth member contains a two-digit string for the expiry month of the card in the range 01 to 12.
The expiryYear member contains a four-digit string for the expiry year of the card in the range 0000 to 9999.
The cardSecurityCode member contains a three or four digit string for the security code of the card (sometimes known as the CVV, CVC, CVN, CVE or CID).
The billingAddress member optionally contains a PaymentAddress that represents the billing address associated with the card.

6. Security and Privacy Considerations

Owners of web sites SHOULD NOT store the payer's card information except where warranted, such as storage for future and recurring payments. When card information is stored, web site owners SHOULD take measures to prevent its disclosure.

Note: Implementers may be subject to PCI DSS or other regulations, but discussion of those considerations lies outside the scope of this document.

A. References

A.1 Normative references

Payment Method Identifiers. Adrian Bateman; Zach Koch; Roy McElmurry; Marcos Caceres. W3C. 26 July 2017. W3C Working Draft. URL: https://www.w3.org/TR/payment-method-id/
Payment Request API. Adrian Bateman; Zach Koch; Roy McElmurry; Domenic Denicola; Marcos Caceres. W3C. 25 July 2017. W3C Working Draft. URL: https://www.w3.org/TR/payment-request/

A.2 Informative references

Web IDL. Cameron McCormack; Boris Zbarsky; Tobie Langel. W3C. 15 December 2016. W3C Editor's Draft. URL: https://heycam.github.io/webidl/