Payment Request API: A new W3C template that will begin to slowly come up with upcoming versions of browsers. It is a model that will simplify the way in which every online payment is made.
The new template is called the Payment Request API or Payment Request API, and will store the payment card information in browsers, just as with passwords.
Sites will be able to use the API to create one-click buttons that will allow the user to buy a product without having to type their payment information.
A pop-up window will appear with payment details. The user will then be able to select a payment method, along with an address delivery, previously saved in the browser.
You can try a test API from here.
Browsers that support the Payment Request API include Google Chrome, who for the first time began to support the API from Chrome 53 for Android in August of 2016 and added support for desktop desktops last month with the release of Chrome 61.
Ο Microsoft Edge υποστηρίζει επίσης το API Αίτησης πληρωμής από το Σεπτέμβριο του 2016, αλλά η λειτουργία απαιτεί από τους χρήστες να διαθέτουν ένα λογαριασμό στο Microsoft Wallet.
Firefox and Safari are still working to support the API.
But let's see how the new API works. The Payment Request API provides sellers with a system to management financial transactions.
When a user makes an order, the site makes an API call to the user's browser by transmitting the details that the order needs. The browser then asks the user with a popup window, card details (if they do not exist), and a delivery / shipping address that is also stored in the browser's autocomplete section.
With these details, the browser - not the website - comes into contact with the payment method of the user, who can be Visa, Mastercard or any other major credit card provider.
Once the payment is complete, the browser sends a response to the site that records the transaction and proceeds with the product being sent, knowing that the money is already in its bank account.
Payment providers, such as PayPal or Amazon, may not use the new API, but too many other companies will use it. The Payment Application API is one of the few Web Design Consortium standards that most of the major technology companies have applied for.
The API is also considered to be very good in e-commerce security as it prevents store owners from storing payment card data on their servers. This means that there is no longer any fear of leaking information from a large or small online store.
By moving the payment card items into the browser, the responsibility for keeping the data safely moves to the browser and the user itself.
Payment Request API. Nevertheless:
Although the Payment Request API is a very secure online transaction handling method, it is not perfect.
For those who do not understand the risks, the browsers manufacturers will have a complete picture of your finances and transactions. So there will be many who will not want to store such information in their browser.
Thus, the Payment Request API will not be able to fully replace the standard payment methods and will be just another payment option in the W3C templates.
In addition, since the API is still under development, there are too many security loopholes that have not been discovered.
Δύο από αυτά ανακαλύφθηκαν recently από τον DR. Lukasz Olejnik, ανεξάρτητο ερευνητή στον τομέα της ασφάλειας στον κυβερνοχώρο στη θυγατρική του Κέντρου Πολιτικής Πληροφορικής του Princeton.
The researcher found that sites that do not sell products or advertisers may misuse the API to create profiles for users by identifying the payment options that each user has saved in the browser, or tracking when a user pays from a regular and when from condition operation anonymous browsing.
"I believe both issues may have their origins in the specifications," said Olejnik, who referred the two issues to the appropriate W3C team.
Work on the Payment Request API is expected to be completed by the end of the year, giving developers enough time to deal with these problems.
