Skip to main content

W3C advances technology to streamline payment authentication: Secure Payment Confirmation (SPC) published as a Candidate Recommendation

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Secure Payment Confirmation (SPC) enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.

Designed to meet growing demand for strong customer authentication

For the past 15 years, e-commerce has increased as a percentage of all retail sales. The COVID pandemic appears to have slightly accelerated this trend. Improvements to in-person payment security and other factors have led to ongoing increases in online payment fraud.

To combat online payment fraud growth, Europe and other jurisdictions have begun to mandate multifactor authentication for some types of payments. Though multifactor authentication reduces fraud, it also tends to increase checkout friction, which can lead to cart abandonment (cf. for example, Microsoft merchant experiences with SCA under PSD2).

In 2019 the Web Payments Working Group began work on Secure Payment Confirmation to help fulfill Strong Customer Authentication requirements with low checkout friction. Stripe conducted a pilot with an early implementation of SPC and, in March 2020 reported that, compared to one-time passcodes (OTP), SPC authentication led to an 8% increase in conversions at the same time checkout was 3 times faster.

W3C continues to receive feedback about Secure Payment Confirmation through pilot programs, including a second experiment by Stripe. The Web Payments Working Group anticipates more experimental data will be available by September 2023.

SPC benefits from industry collaboration

In the Web Payment Security Interest Group, W3C, the FIDO Alliance, and EMVCo pursue improvements to online payment security through the development of interoperable technical specifications. Secure Payment Confirmation reflects this collaboration: it is built atop Web Authentication and is supported by both EMV® 3-D  Secure (version 2.3) and EMV® Secure Remote Commerce (version 1.3); see the Web Payment Security Interest Group’s publication How EMVCo, FIDO, and W3C Technologies Relate for more details.

Secure Payment Confirmation is not just for card payments. The Web Payments Working Group regularly discusses how SPC might be integrated into other payment ecosystems such as Open Banking, PIX (in Brazil), as well as in proprietary payment flows.

Making it easy for people to pay for things online while improving security has been the vision of our working group since we started in 2015,” said Working Group co-Chair Nick Telford-Reed. “Secure Payment Confirmation means that for the first time, there will be a common way of authenticating shoppers across payment methods, platforms, devices and browsers, and builds on the success of W3C’s Payment Request and the work of both the FIDO Alliance and EMVCo.

Secure Payment Confirmation shipping today

Secure Payment Confirmation adds a “user consent layer” above Web Authentication. At transaction time, Secure Payment Confirmation prompts the user to consent to the terms of a payment through a “transaction dialog” that is governed by the browser; the Chrome implementation of the transaction dialog is shown above. The transaction details are signed by the user’s FIDO authenticator, and the bank or other party can validate the authentication results cryptographically, and thus that the user has consented to the terms of the payment (a requirement under PSD2 called “dynamic linking”). EMV® 3-D Secure and other protocols can be used to communicate the authentication results to banks or other parties for this validation.

SPC is currently available in Chrome and Edge on MacOS, Windows, and Android. During the Candidate Recommendation period the Web Payments Working Group will seek implementation in other browsers and environments.

The post W3C advances technology to streamline payment authentication: Secure Payment Confirmation (SPC) published as a Candidate Recommendation appeared first on SD Times.



from SD Times https://ift.tt/eJCoWXd
Labels:

Comments

Post a Comment

Popular posts from this blog

Difference between Web Designer and Web Developer Neeraj Mishra The Crazy Programmer

Have you ever wondered about the distinctions between web developers’ and web designers’ duties and obligations? You’re not alone! Many people have trouble distinguishing between these two. Although they collaborate to publish new websites on the internet, web developers and web designers play very different roles. To put these job possibilities into perspective, consider the construction of a house. To create a vision for the house, including the visual components, the space planning and layout, the materials, and the overall appearance and sense of the space, you need an architect. That said, to translate an idea into a building, you need construction professionals to take those architectural drawings and put them into practice. Image Source In a similar vein, web development and design work together to create websites. Let’s examine the major responsibilities and distinctions between web developers and web designers. Let’s get going, shall we? What Does a Web Designer Do?
Post a Comment
Read more

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet
Post a Comment
Read more

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 20
Post a Comment
Read more