Secure Payment Confirmation

From MgmtWiki
Jump to: navigation, search

Full Title

W3C standard stating "Secure Payment Confirmation (SPC), available through the Payment Request API, provides a mechanism for strong customer authentication during checkout, thereby protecting against online payment fraud."

Context

  • Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.
  • Using Secure Payment Confirmation is a Mozilla page to protect against online payment fraud, where it is common to authenticate the account holder. Strong authentication lowers the risk of fraud, but increases the likelihood that friction during checkout will lead to shopping cart abandonment. Banks, merchants, payment services providers, and other entities in a payments ecosystem therefore consider a number of factors when deciding what type and strength of authentication to use for each transaction, including the amount, the items being purchased, the user's payment history, which party bears liability in the case of fraud, and regulatory requirements (such as European Payment Services Directive 2 requirements for strong customer authentication and evidence of user consent).

Problems

  • In 2022 versions of Chrome/Edge there is a Secure Payment Confirmation API which requires you to handover your card number in CLEAR to merchants. In addition to violating GDPR, it is based on a stupid idea: Merchants do not need card numbers, they need a payment confirmation which they only can get from the specific payment network.

Solutions

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Secure_Payment_Confirmation&oldid=20871"