Web Payments

Web Payments have technically speaking only marginally evolved during the 20 years we have been able to use payment cards on line. PayPal and a few other “SuperProviders” have indeed improved Web payments, while the more traditional parties (banks) have generally failed creating convenient and secure card-based payments on the Web. Strange as it may sound, for purchases in physical shops the situation is close to the opposite, particularly in the EU, where chip-cards and secure payment terminals are standard features. So why haven't it happened on the Web? There are multiple reasons for that and one is that the Web platform currently lacks the functionality needed which have made the Android and iPhone “App” world the only place where genuine payment innovation is actually happening.

In order to rectify this situation the W3C (World Wide Web Consortium), recently started a project for creating a Web Payment API. Although a very welcome initiative, the specifications at the time of writing (December 2015), IMHO seem awkward to implement and deploy.

In order to keep everybody happy, the current strategy appears to be supporting just about “everything”, ranging from state-of-the-art native “Wallets” and “Cloud” schemes, to legacy payment systems, as well as maintaining compatibility with existing browsers through “Polyfill”.

It is worth noting that commercial efforts in this space typically only support a single payment system (e.g. Apple Pay).

As a long-time developer of various platforms, I early on advocated for an entirely different take on the matter which in short is investigating what kind of technical bits and pieces that may be missing (aka “Primitives”), while leaving the actual payment applications and possible standardization to other groups and the “Market” to cater for.

An equally significant difference is that I'm personally mainly concerned about third-parties' abilities building cool systems, because browser-vendors like Apple and Google can without major hurdles introduce essentially whatever they want, whenever they need it, including Web-versions of their respective mobile payment systems.

In fact, the more I look into this, the more convinced I get that adding specific payment support to browsers will most likely hamper payment innovation rather than foster it.

Since simply claiming that “All we need is a better Web platform!” would be pretty useless without any kind of evidence, I have been tinkering for a while with a set of “Possible Key Components”, using a nowadays publicly available demo application as a test-bench:
https://test.webpki.org/webpay-merchant

The demo implements a decentralized (“Bank-Friendly”) end-to-end-secured payment system featuring a local wallet holding virtual payment cards, as well as a minimalistic Web merchant.

The “potentially-to-be-standardized” components were designed to be application-neutral like the rest of the Web platform.