Payment Request API: A new W3C standard that will start rolling out with upcoming browser versions. It is a standard that will simplify the way in which all payments are made on the internetnetwork.
The new standard is called the Payment Request API, and it will store payment card details in programs browsing, just like with passwords.
Sites will be able to use the API to create one-click buttons that will allow the user to buy a product without having to type their payment information.
A pop-up window will appear with the payment details. The user will then be able to choose the payment method along with a delivery address previously stored in the browser.
You can try a test API from here.
Browsers that support the Payment Request API include Google Chrome, who for the first time began to support the API from Chrome 53 for Android in August of 2016 and added support for desktop desktops last month with the release of Chrome 61.
Microsoft Edge has also been supporting the Payment Request API since September of 2016, but the feature requires users to have a Microsoft Wallet account.
Firefox and Safari are still working to support the API.
Let's just look at how the new API works. The Payment Request API provides vendors with a system for managing financial transactions.
When a user makes an order, the site makes an API call to the user's browser by transmitting the details that the order needs. The browser then asks the user with a popup window, card details (if they do not exist), and a delivery / shipping address that is also stored in the browser's autocomplete section.
With these details, the browser - not the website - comes into contact with the payment method of the user, who can be Visa, Mastercard or any other major credit card provider.
Once the payment is completed, the browser sends a response to the website, which records the pluschange and proceeds with shipping the product, knowing that the money is already in his bank account.
Payment providers such as PayPal or Amazon, they might not use the new API, but a lot of other companies will. The Payment Request API is one of the few World Wide Web Consortium standards that most major technology companies have applied for.
The API is also considered to be very good in e-commerce security as it prevents store owners from storing payment card data on their servers. This means that there is no longer any fear of leaking information from a large or small online store.
By moving the payment card items into the browser, the responsibility for keeping the data safely moves to the browser and the user itself.
Payment Request API. Nevertheless:
Although the Payment Request API is a very secure online transaction handling method, it is not perfect.
For those who do not understand the risks, the browsers manufacturers will have a complete picture of your finances and transactions. So there will be many who will not want to store such information in their browser.
Thus, the Payment Request API will not be able to fully replace the standard payment methods and will be just another payment option in the W3C templates.
In addition, since the API is still under development, there are too many security loopholes that have not been discovered.
Two of these were recently discovered by DR. Lukasz Olejnik, an independent cyber security researcher at Princeton's Center for Political Science, a subsidiary.
The researcher has discovered that sites that do not sell products or advertisers may abuse the API to create profiles for users by identifying the payment options that each user has stored in the browser or to find out when the user pays from normal and when from incognito mode.
"I think both issues may have their origin in the specifications," said Olejnik, who reported the two issues in the appropriate team of the W3C.
Work on the Payment Request API is expected to be completed by the end of the year, giving developers enough time to deal with these problems.
