Currently, the credit card details of must customers who purchase goods online are handled and stored by the platform which sells the item or service. Alternatively, a lot of transactions are handled by specialized web payment services such as PayPal or Amazon, for example. However, as of recent, a new W3C (World Wide Web Consortium) standard has started to get implemented. Namely the practice of having credit card data handled solely on and by the user’s browser. The idea is that the browser would store the details and have them ready for use at any time for any online shop platform which would in turn both increase the security of the user’s finances as well as ease-up the process of making online purchases.
How it works
With this new standard, as long as the customer is using a browser that supports it, when they try to purchase anything online, a browser pop-up would be displayed with details that need to be filled. The said details include credit card number, name of the card’s owner, expiration date. Additionally, a form with the shipment details must also be filled.
Once the aforementioned details are provided, they would get stored in the browser and would be ready for use each time the user needs to make another purchase. The next time the customer attempts to buy anything online, the pop-up would reappear and all that the user would need to do is confirm the details regardless of what site is being used for the purchase. This new standard eliminates the need to always feel the same details over and over again and also the need to have your credit card details stored all different online stores and shops that you might want to use.
Chrome and Edge have already introduced the new standard
Currently, browsers that support the aforementioned feature are Chrome and Microsoft Edge. Chrome introduced the change with its version 61 and Edge has had it since September last year. However, on Edge, a Microsoft Waller registration is required.
Other browsers that are currently working on developing an API for the feature are Safari and Firefox.
An in-depth look under the hood
For those interested, here is a more detailed explanation on how the whole operation is carried out where the browser actively takes part in the transaction.
Firstly, when a purchase order is made by the user, the website that sells the item/service makes a request to the customer’s browser with details regarding the order. Then, the browser displays the pop-up with the credit card and shipment details to the user and once those are confirmed, contacts the customer’s credit card provider (MasterCard, Visa, etc.) stating the payment. Once all this is done, the browser sends back a response to the website where the transaction gets recorded. Next, the site proceeds with carrying out the shipment of whatever has been purchased.
Web stores will no longer need your details
Apart from making online shopping easier, the new W3C standard is also supposed to improve the overall security of the web transactions that customers make. For example, having the browser serve as the middleman in those transactions, the websites that sell goods would no longer need to store any personal credit card details. This means that a potential hacker attack on such a site would not put the site’s users’ finances in danger.
However, on the other hand, online payment services such as PayPal might become obsolete as there might not be any need for them. However, currently, the situation isn’t really there yet as the browser-supported transactions are currently only one of several methods for making online purchases.
Privacy and security risks
Even though in theory, having your credit card and shipment details handled by your browser might be a safer and more secure alternative, there are still a number of concerns that arise with the introduction of the new standard.
One of the main issues that a lot of users and researchers point out when it comes to privacy is the fact that now your browser program would have full access to the aforementioned data. The browsing program that you use would have all the information regarding your finances and transactions that you make. Because of this, many would still prefer the more conventional payment methods instead of this new one.
In terms of security, though browsers tend to be safer, with better security standards (when compared to online stores), it is still possible that they could get hacked and if that happens, your credit card data would get exposed and made vulnerable. Considering the fact that the API (Application Program Interface) for the new feature is still under development, there would more than likely be bugs and vulnerabilities. In fact, Dr. Lukasz Olejnik, a web-security researcher already pointed out two potential issues that need to be taken care of.
If you wish to test the new feature, you can do so through this demo link.