W3C To Create Simple, Secure Web Payments API By End Of 2017

The World Wide Web Consortium (W3C), which oversees the creation of Web standards such as HTML5, announced that it put together a working group that will be in charge of creating a standardized Web API for payments. This should lead to a simpler, as well as a more secure, user experience on the Web and on mobile.

The new API will support a wide variety of payment options, from credit and debit cards to blockchain-based currencies, such as Bitcoin.

The way the group intends to make the new API more secure is by reducing the reliance on third-party code, which developers are often forced to adopt in their checkout systems. It also intends to add the ability to prove message integrity and authentication of all message originators.

One aspect the W3C group won't be covering is the authentication methods for the payment solutions. These will be left up to the payment providers, who could enable anything from two-factor SMS authentication to biometrics and hardware-based authentication.

The FIDO Alliance is already working on a version 2.0 of its specification that should allow using biometrics on the Web in a secure way through a public-key encryption mechanism (only a public key is shared with the server, not your fingerprint/face/etc.). However, it will be up to hardware makers and operating system platforms to support this type of authentication.

The new payment API from W3C has already seen support from companies such as Bloomberg, BPCE, Deutsche Telekom, Digital Bazaar, ETA, Federal Reserve Bank, Ingenico Labs, MAG, NACS, Qihoo360, Rabobank, Ripple and WorldPay.

The standardized API is expected to be finished and adopted by browsers by the end of 2017.


Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.