|W3C Announces New Web Payments Standard|
|Written by Kay Ewbank|
|Thursday, 22 June 2023|
The World Wide Web Consortium (W3C) has announced a new way to streamline user authentication and enhance payment security during web checkout.
Secure Payment Confirmation (SPC) is a proposed web standard that will allow customers to authenticate with a credit card issuer, bank, or other payment service provider using a platform authenticator.
The W3C says:
"SPC enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe."
Secure Payment Confirmation has been developed as a collaboration between W3C, the FIDO Alliance, and EMVCo. FIDO (Fast IDentity Online) is an open industry association aimed at developing and promoting alternatives to passwords for authentication. EMVCo (Europay, Mastercard and Visa Consortium) is a consortium of online payment providers that in addition to Europay, Mastercard and Visa also includes JCB, American Express, China UnionPay, and Discover.
Secure Payment Confirmation uses Web Authentication and is supported by both EMV 3-D Secure (version 2.3) and EMV Secure Remote Commerce (version 1.3).
W3C says Secure Payment Confirmation it isn't just for card payments:
"The Web Payments Working Group regularly discusses how SPC might be integrated into other payment ecosystems such as Open Banking, PIX (in Brazil), as well as in proprietary payment flows."
The documentation for Secure Payments Confirmation describes it as an API that enables the use of strong authentication methods in payment flows on the web. It aims to provide the same authentication benefits and user privacy focus as [webauthn-3] with enhancements to meet the needs of payment processing.
The goal is to reduce authentication friction during checkout, and one way this might be achieved is that the user could "register once" and authenticate on any merchant origin (and via payment service provider), not just the merchant origin where the user first registered.
W3C says that publication of the Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.
or email your comment to: email@example.com