W3C announces standardization measure for the Secure Payment Confirmation

The World Wide Web Consortium has announced a new standardization measure for the Secure Payment Confirmation, which it says will help to streamline user authentication and enhance payment security during the web checkout process.

The World Wide Web Consortium (W3C) is a not-for-profit body that sets out technical web standards and approves the guidelines governing HTML and CSS.

The Secure Payment Confirmation (SPC) is a web API aimed at allowing merchants, banks, payment service providers, and card networks to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent.

SPC adds an extra step to the payment process it calls “user consent,” by prompting users to review and confirm the payment details via a dialog box provided by the browser.

The SPC can enable payments via biometrics. For example, after choosing to purchase goods, users will then be able to confirm the transactions via their iPhone’s FaceID, using the WebAuthn protocol provided by the FIDO Alliance.

This strong customer authentication and cryptographic evidence are regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

Released in 2017, PSD2 was an EU directive aimed at making payments safer and less prone to fraud, which began to see implementation in 2018.

As per the consortium, the publication of the Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review.

The W3C said it will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to the recommendation.

In 2019, the consortium first began work on Secure Payment Confirmation.

In terms of real-world applications, multinational payment processing giant Stripe conducted a pilot with an early implementation of SPC in March 2020.

Stripe reported that compared to one-time passcodes (OTP) SPC authentication led to an 8 percent increase in conversions and that checkout was 3 times faster.

The World Wide Web Consortium also highlighted the use case for the tech outside of just traditional card payments, saying it is discussing how SPC might be integrated into other payment ecosystems such as Open Banking and  PIX, Brazil’s payments network, as well as in proprietary payment flows.

The SPC is currently available in Chrome and Edge on MacOS, Windows, and Android, and the Web Payments Working Group says it will seek implementation in other browsers and environments during the Candidate Recommendation period.

Article Topics

biometric authentication  |  biometrics  |  ecommerce  |  payments  |  Secure Payment Confirmation (SPC)  |  secure transactions  |  standards  |  W3C  |  W3C standards