Updates on Payment Request V1 and SPC
I want to share two updates from the Web Payments Working Group.
The first is that we are preparing a slimmed down version of Payment Request API version 1 to advance to Recommendation by early August. Privacy and internationalization reviews led us to look closely at features related to requests for shipping/billing addresses and contact information. To satisfy some of those concerns and because the features are not widely used in the wild, our plan is to remove them. Doing so should also make it easier for browser vendors to maintain their implementations of the API, and for the Working Group to add new features. Once we've adopted these changes (following a Call for Consensus to the Working Group), we will return to Candidate Recommendation for a brief period, then proceed mid-July to Proposed Recommendation.
The second topic is Secure Payment Confirmation (SPC). (For an introduction, see the previous blog post on SPC and the Stripe Experiment.) The Web Payments Working Group held a 4-day remote meeting in early April to discuss SPC, including:
- The encouraging results from Stripe's pilot leveraging SPC within EMV® 3-D Secure.
- Consideration of requirements from other payment flows such as Open Banking APIs and EMV® Secure Remote Commerce.
- Initial discussion on the scope of SPC functionality, especially on low- or zero-friction options within SPC authentication.
To focus our SPC deliberations, a few weeks ago we created an SPC task force within the Web Payments Working Group. One of the first goals was to craft a clear answer to the question "What is SPC?" Here is our current draft (subject to change; feedback welcome):
Secure Payment Confirmation is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
The task force has also taken a stab at answering the question "What is unique about SPC?" and capturing some consumer-to-business user stories. After our work on SPC scope we will progress to gathering requirements and prioritizing feature requests.
Our work on use cases and requirements, as well as feedback from the growing number of pilots (Stripe version 2, Airbnb + Adyen) will inform the shape and initial capabilities of the API.
Now is a great time to experiment; please contact me or the Chrome Team for more information about participating in the second origin trial.