Web Payments

Full Title or Meme

Web Payments as implemented by the W3C and browser manufacturers as opposed to Open Banking as implemented by the banks.

Context

• Payment Request API was originally focused on streamlining checkout ie. extracting money from the user was fast as possible. Security of user assets was not a goal.
• Payment Handler API designed to operate in the client.
• in late 2020 the focus switched to methods that are of "High Value to the industry", namely low friction user authentication. Security of user assets is still not a goal.
• Open Banking mean which has focused on Secure Customer Authentication, again focusing on the needs of the Financial Sector not on the consumer.
• Solving the "NASCAR Problem" of too many options was rejected by brands that wanted to be in the consumers face and merchants that wanted to control the order of brands on their site.
• User experience and merchant demands also diverged on where to store "card on file" data. It's clear that W3C is on the side of the merchants.
• The challenges of improving privacy in the browsers to block user tracking, also blocks use of tracking to support authentication of 3rd Party sites. (Also called federated sites.)
• User privacy generally makes risk assessment more difficult, but the W3C seems to think it can provide both. We already know which side the W3C supports.

References

• Web payments S4 2020 from W3C WPWG
• Google Web Payments