Google to change payment API in Chrome iOS
The World Wide Web Consortium pushed for an answer two years ago to the mounting problem of mobile and online payment fraud in its release of the Payment Request API, designed to secure the exchange of payment requests and verifications on browsers.
This week, Google revealed that it is prepared to move beyond the Payment Request API and shift to an emerging web security model from W3C called Payment Handler API for its iOS Chrome users — and setting the stage for safer consumer use of one-click payment options.
Though use of the Payment Request ID for the past two years has helped Google understand "the challenges in building payment flows on the web," it has seen Chrome's built-in payment handler for "basic card" transactions fall short as payment technology advances, the company stated in a blog post.
After three years of work, W3C created the Payment Request API as a way to use browser-based payments to strengthen security for making and accepting e-commerce transactions. It worked with the Faster Identity Online Alliance and EMVCo's Secure Remote Commerce framework in advancing this identifier for payments on the web.
The most notable advancement of the Secure Remote Commerce framework has been the deployment of a single click-to-pay button, now appearing on various merchant e-commerce checkout pages.
Apple followed suit a year later in using the technology to introduce a Payment Request API for Apple Pay. At that time, it was to help Apple Pay benefit from Ripple's Interledger protocol with the focus on setting up interoperability for mobile wallets and diminish disconnected systems and protocols.
Developers generally use the Payment Request API to access several payment methods, including what it terms "basic card" for card transactions in Chrome on all platforms or Google Pay in Chrome on Android, or Apple Pay in Safari, according to Danyao Wang, web payments engineer at Google and author of the blog.
In gauging user experience, Google felt that Payment Request API in Chrome iOS was not building enough trust in developers and not enabling tokenization to its full potential. Instead, the company views Payment Handler API as one that can more readily "assure an interoperable ecosystem and moves users forward to complete the one-click payments anywhere on the web using their wallet of choice," the blog noted.
Ultimately, Chrome will stop using its built-in basic card payment handler and removing its support from iOS Chrome, where Google says it has had the least usage.
"In its place, we are investigating how to enable native apps on iOS to integrate with Payment Request API in Chrome," the blog said. "The basic-card payment method remains a W3C standard and developers can build compatible payment handlers using the Payment Handler API."