David Baron's Weblog

Payments on the Web

Friday, 2015-07-31, 11:02 -0700

Lately I've been involved in discussions in the W3C's Web Payments Interest Group about chartering a new working group to work on payment APIs for the Web. I certainly don't have the resources to implement this work in Firefox by myself, but I'm hoping to at least help the standardization activity get started in an effective way, and, if it does, to help others from Mozilla get involved.

From a high-level perspective, I'd like to see the working group produce a technology that allows payments in the browser, involving some trusted UI in the browser (like for in-app payments on mobile operating systems) that says what payment is going to happen, and involving tokenization in the browser or on a server or application with which the browser communicates, with only the tokens being sent from the browser to the website.

I think this has two big benefits. First, it improves security by avoiding sending the user's credit card details to every site that the user wants to pay. It sends tokens that contain the information needed to make a single payment of a particular amount, instead of information that can be reused to make additional payments in the future. This makes payments on the Web more secure.

Second, if we can design the user interface in a way that users understand these improvements in security, we can hopefully make users more comfortable making small payments on the Web, in some cases to parties that they don't know very well. This could make business models other than advertizing more realistic for some providers of Web content or applications.

There are certainly risks here. One is that the effort might fail, as other efforts to do payments have failed in the past. There are also others, some of which I want to discuss in a future blog post.