After reports of fraudulent transactions, Google has decided to suspend paid Chrome extensions and switch to an interoperable W3C standard that will roll out on iOS first.
These days if you make a payment for a product or service online, it's usually expected to be a seamless affair of a couple of clicks, especially on mobile devices.
While it’s a simple enough process for you to buy that inflatable giraffe costume – we won't judge – there's a lot of underlying security work that goes into payments processing, built on commonly understood APIs to ensure that kind of seamless transaction.
The data structure underlying this is a W3C standard called Basic Card, which specifies how browsers and servers can facilitate card-based payments online. However, as time progresses and our expectations around the ease of use and security of online payments evolves, Basic Card might not be enough.
That's the conclusion of the Chromium team that builds the core browser behind Google's Chrome browser; given Chrome's status in the online world (and notably Microsoft Edge's move to a Chromium base) that's the vast majority of web traffic, right there.
Writing on the Chromium Blog, Danyao Wang, Web Payments Engineer notes that the flow of web payments isn't quite as smooth as it should be.
"Shipping the Payment Request API over the last two years helped us better understand the challenges in building payment flows on the web. We learned that UX is critical for building user trust with a payment app, and new technology such as tokenization has made great strides in protecting users from online fraud by never exposing a user’s credit card number to a website."
There's a problem here, however.
" Unfortunately, Chrome’s built-in payment handler for “basic-card” falls short on both regards."
The solution, according to Wang is to build around the new, still-in-draft Payment Handler API. The big benefit here is that it should enable a fully interoperable web payments system regardless of your digital wallet of choice.
To do that, Chrome will need to shift away from the Basic Card standard, and the first platform likely to see that change will be the iOS version of Chrome.
Why iOS Chrome? Well, because it's the platform where Basic Card sees the least usage. That makes perfect sense when you consider that the vast majority of iOS users are almost certainly using a combination of Safari (which does already support Basic Card) and Apple Wallet instead.
That change will come in version M81 of iOS Chrome, with Wang noting that if you are a developer reliant on the Payment Request API in this way, you'll need to start developing alternative fallback methods for iOS users.