Payment Request API: A new W3C template that will begin to slowly come up with upcoming versions of browsers. It is a model that will simplify the way in which every online payment is made.
The new standard is called the Payment Request API payments, and will store payment card details in browsers, just like passwords accesss.
Sites will be able to use the API to create one-click buttons that will allow the user to buy a product without having to type their payment information.
A pop-up window will appear with the payment details. The user will then be able to choose the payment method along with a delivery address previously stored in the browser.
You can try a test API from here.
Browsers that support the Payment Request API include Google Chrome, who for the first time began to support the API from Chrome 53 for Android in August of 2016 and added support for desktop desktops last month with the release of Chrome 61.
Ο Microsoft Edge υποστηρίζει επίσης το API Αίτησης πληρωμής από το Σεπτέμβριο του 2016, αλλά η λειτουργία απαιτεί από τους users have a Microsoft Wallet account.
Firefox and Safari are still working to support the API.
Ας δούμε λίγο όμως πως λειτουργεί το νέο API. Το Payment Request API παρέχει στους πωλητές ένα σύστημα για τη management οικονομικών συναλλαγών.
When a user makes an order, the site makes an API call to the user's browser by transmitting the details that the order needs. The browser then asks the user with a popup window, card details (if they do not exist), and a delivery / shipping address that is also stored in the browser's autocomplete section.
With these details, the browser - not the website - comes into contact with the payment method of the user, who can be Visa, Mastercard or any other major credit card provider.
Once the payment is completed, the browser sends a response to the website, which records the pluschange and proceeds with shipping the product, knowing that the money is already in his bank account.
Payment providers, such as PayPal or Amazon, may not use the new API, but too many other companies will use it. The Payment Application API is one of the few Web Design Consortium standards that most of the major technology companies have applied for.
The API is also considered to be very good in e-commerce security as it prevents store owners from storing payment card data on their servers. This means that there is no longer any fear of leaking information from a large or small online store.
By moving the payment card items into the browser, the responsibility for keeping the data safely moves to the browser and the user itself.
Payment Request API. Nevertheless:
Although the Payment Request API is a very secure online transaction handling method, it is not perfect.
For those who do not understand the risks, the browsers manufacturers will have a complete picture of your finances and transactions. So there will be many who will not want to store such information in their browser.
Thus, the Payment Request API will not be able to fully replace the standard payment methods and will be just another payment option in the W3C templates.
In addition, since the API is still under development, there are too many security loopholes that have not been discovered.
Two of these were recently discovered by DR. Lukasz Olejnik, an independent cyber security researcher at Princeton's Center for Political Science, a subsidiary.
The researcher has discovered that sites that do not sell products or advertisers may abuse the API to create profiles for users by identifying the payment options that each user has stored in the browser or to find out when the user pays from normal and when from incognito mode.
"I believe both issues may have their origins in the specifications," said Olejnik, who referred the two issues to the appropriate W3C team.
Work on the Payment Request API is expected to be completed by the end of the year, giving developers enough time to deal with these problems.