Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Sets Up Web Payments Standards Group To Improve Check-Out Security

Posted by timothy on from the click-here-to-pay dept.

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

8 of 30 comments (clear)

  1. Fantastic! by Anonymous Coward · · Score: 3, Funny

    In 10 to 15 years we'll have a standard.

    1. Re: Fantastic! by Anonymous Coward · · Score: 2

      Nah, we'll have a standard in about 5, but Google and Mozilla will jump the gun and implement it (badly) in 2, just to show how progressive they are. Then they'll abandon it and put forward their own implementation, which is incompatible. Oh, and it doesn't work on Android yet. Well, it does, but only on the very latest version which you can't install on YOUR device. Again, just being progressive and all that.

      And in 5 years they'll end up adopting the standard anyway because that's what everyone will do.

      Meanwhile, nobody will touch it with a 10 foot pole until it is supported by IE*, which should happen by 2025, once they iron out the wrinkles on IE12. Oh, and Apple doesn't care either way, so they'll implement once everyone stops bickering...if they feel like it.

      Meanwhile, the people who's living actually depend on this shit will do what we've always done: use some third party JS and PHP, liberally sprinkled with some in-house hacks to handle this crap and hope that we don't get hacked too much.

      * yes, IE will still be around by then and you'll still have to support it. Despair.

    2. Re: Fantastic! by U2xhc2hkb3QgU3Vja3M · · Score: 2

      Or people will simply continue to use what works today, which are simple PayPal links and Bitcoin wallet addresses.

    3. Re: Fantastic! by itamihn · · Score: 2

      > Oh, and Apple doesn't care either way, so they'll implement once everyone stops bickering...if they feel like it.

      You forgot to mention that they will launch in a world event and sell billions of devices thanks to their innovation.

  2. Fix the real problem by CastrTroy · · Score: 5, Interesting

    I say that we should fix the real problem. The real problem is that I have to give my credit card number, or debit card number, or bank routing information to the store that I want to make a purchase from. I would much prefer to have a system, more like PayPal, where I can authorize a payment to an online store and not give them any information that would allow them to access my account to create further payments.

    As soon as I submit my credit card number to a store, there's any number of things that could go wrong after that time that would cause my account to become compromised. Doubly so for things like debit cards or account routing information that would cause me to lose money from my actual account.

    I'm not saying that PayPal should take over. However, there should be a standard way to make a one-time payment from any financial institution and it should work similarly to PayPal in that the money gets transferred to the seller without giving them any information that could be used to make another transaction that isn't verified by me.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    1. Re:Fix the real problem by omnichad · · Score: 2

      Get a CC from a bank that allows a one time use virtual CC number. You have a lot of choices, (e.g. Citi, BofA), but there are some downsides in the implementation.

      And yes - there are competitors to Paypal, such as Android Pay and Apple Pay. But those only really work for NFC.

    2. Re:Fix the real problem by radarskiy · · Score: 2

      If banks were required by law to refund any unauthorized withdrawals immediately, they would require everyone to use single-use account numbers.

    3. Re:Fix the real problem by thegarbz · · Score: 2

      The real problem is that I have to give my credit card number, or debit card number, or bank routing information to the store that I want to make a purchase from

      I just moved to the Netherlands and my first online purchase was met with "Pay with iDeal" as the only option. I freaked out and after I was done I was left thoroughly impressed. It's a bank agnostic payment system processed by the banks themselves with your account. I.e. just like paypal the actual payment is handed over to the financial institute and the store never sees your credit card (or in this direct-debit) details. Then the actual process of paying depends on you bank security (in my case I have the option of SMS verification or using a little card reader with my debit card along with my pin code in a challenge response type situation where I type my pin and their challenge number into a little device and then type the response into the bank's website.

      At first I thought it was a pain, but then I thought I really can't think of a more secure system.