← Back to release summary

Secure payment confirmation

Category

Miscellaneous

Type

New or changed feature

Status

Enabled by default (Chrome 95)

Intent stage

Shipped

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new 'payment' extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the 'secure-payment-confirmation' payment method.

Motivation

This feature enables a consistent, low friction, strong authentication experience using platform authenticators. Strong authentication with the user's bank is becoming a requirement for online payments in many regions, including the European Union. The proposed feature provides better user experience and stronger security than existing solutions.

Standards & signals

• Specification: https://w3c.github.io/secure-payment-confirmation
• Firefox: No signal — Historically (>1 year old) positive signal from informal conversation in W3C Payment Handler meetings. However Firefox have since not been involved in the API development.
• Safari: No signal
• Web developers: Positive — Support and involvement in API development from multiple web developers and payment industry partners. Both Stripe and AirBnB have publicly stated that they have either completed or are in the process of prototyping/experimenting with SPC
• Tracking bug: https://crbug.com/1124927

Docs: https://github.com/w3c/secure-payment-confirmation/blob/main/developer-guide.md

Explainers: https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md

View on chromestatus.com