By Kristina Russo
Web payment standards focus on streamlining the payment process and increasing security for all parties involved: consumers, merchants, banks, mobile operators, developers, and payment solution providers. Leading the effort to develop these payment standards are the World Wide Web Consortium (W3C) and EMVCo.
W3C is an international standards organization with over 400 members from business and industry, academia, governments, and nonprofit organizations. Its focus: to develop the protocols and guidelines that ensure the long-term growth of the web.2 Within W3C, the Web Payments Working Group has created the Payment Request API to make consumer web payments simpler, faster, and more consistent across all payment types and browsers.
The API allows a merchant to request payment from a buyer, with the browser serving as the interface to capture a person’s necessary payment details.3 Shoppers enter their information just once (or not at all if they already have it saved on another website). The browser automatically uses that data for all subsequent payments. To date, the Payment Request API is supported by both mobile and desktop versions of key browsers including Safari, Chrome, Firefox, Edge, Opera, and Samsung Internet.4
For consumers, the Payment Request API offers a single user interface that is consistent across all websites using the standard.5 This promotes familiarity for each checkout experience while eliminating the cumbersome and error-prone data entry common especially on small mobile devices. Additionally, the API improves on the auto-fill function by optimizing for mobile web pages and ensuring data fields are correctly mapped.
For businesses, the Payment Request API significantly reduces the amount of time it takes a customer to purchase products, which, in turn, could help to increase sales. For example, checkout times for customers at J.Crew.com, (a Payment Request API test merchant) have decreased by 75 percent.6 And because payment and shipping data are already stored in the browser, the potential log-in barrier that exists in most “Buy Now” or “Express Checkout” options can be eliminated.
Further, this new web payment standard lets businesses accept all types of card-based payments in a single API call, providing additional flexibility for their customers.7 The Payment Request API also accepts several forms of mobile payment, including Samsung Pay, Google Pay, and Apple Pay.8
Finally, and ever-critical for all parties, the new W3C standard adds increased security because credit card numbers are not actually passed through the merchant.9 Rather, single-use tokens are passed along, offering protection against possible interception and replay attacks.
Going forward, W3C plans to further simplify the web payment process by including biometric authentication and dynamically produced hard-number generation. It is also exploring ways to work better with 3DS from EMVCo, examined next.10
EMVCo is a consortium of financial companies that focuses on the technical advancement of the EMV Specifications, or “smart card” technology, for web payments.11 The draft of its Secure Remote Commerce (SRC) framework, released in October 2018, “offers an approach to promote security and interoperability within the card payment experience in a remote payment environment,” according to EMVCo.
More simply, one member of the consortium explained the web payment standard provides “a foundation for digital transactions that gives consumers, merchants and issuers a single digital point of sale, resulting in a consistent, convenient and secure way to pay.”12 SRC facilitates the payment process by using information stored and managed by a payment network and its participating issuers and merchants, according to EMVCo.13 That includes card validation and authorization through existing channels.14
For consumers, it is envisioned that an SRC mark on a merchant’s website would convey a secure payment environment, which is does through an encrypted token that passes to the merchant at the time of a transaction.15 EMVCo’s secure web payment standard also reduces the need for entering card and shipping information and intends to provide a consistent, interoperable, and streamlined way of doing business on the web.16
A cumbersome online checkout process may be stopping many consumers from completing their intended purchases. Financial executives may wish to keep a close watch on W3C’s and EMVCo’s developing web payment standards, which are focused on eliminating existing barriers—a win-win for shoppers and businesses alike.
Kristina Russo is a CPA and MBA with over 20 years of business experience in firms of all sizes and across several industries, including media and publishing, entertainment, retail and manufacturing.
1. “Online shopping cart abandonment rate from 2006-2017,” Statista; https://www.statista.com/statistics/477804/online-shopping-cart-abandonment-rate-worldwide/
2. “W3C Mission,” W3C.org; https://www.w3.org/Consortium/mission
3. “Introducing Web Payments: Easier Online Purchases with the Payment Request API,” Smashing Magazine; https://www.smashingmagazine.com/2018/01/online-purchase-payment-request-api/
4. “Payment Request API,” Can I Use; https://caniuse.com/#feat=payment-request
5. “Web Payments Overview,” Google Developers; https://developers.google.com/web/fundamentals/payments/
6. Keynote Chrome Development Summit 2017, Youtube; https://www.youtube.com/watch?v=1-g1rvkORQ8
7. “Disruption at Checkout: The New W3C Payments Standard,” Bluesnap; https://home.bluesnap.com/snap-center/blog/w3c-web-payments/
8. “Introducing Web Payments: Easier Online Purchases with the Payment Request API,” Smashing Magazine; https://www.smashingmagazine.com/2018/01/online-purchase-payment-request-api/
10. “Browser or Buy Button? W3C’s Jacobs on the Payments Request API,” PYMNTS.com; https://www.pymnts.com/digital-payments/2018/w3c-api-ecommerce-checkout-consumer-data/
11. “EMVCo Launches 3DS Test Platform,” PYMNTS.com; https://www.pymnts.com/news/payment-methods/2018/emvco-3ds-test-platform/
12. “VISA Announces Continued Support for EMV Secure Remote Commerce Specification,” PYMNTS; https://www.pymnts.com/visa/2018/emv-secure-remote-commerce-specification-standardization/
13. FAQ Secure Remote Commerce – General & Technical Questions December 2018, EMVCo; https://www.emvco.com/emv-technologies/src/
16. “EMVCo Publishes Draft EMV Secure Remote Commerce v0.9 for Public Comment,” MarketWatch; https://www.marketwatch.com/press-release/emvco-publishes-draft-emv-secure-remote-commerce-specification-v09-for-public-comment-2018-10-19