Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Security Bitcoin The Almighty Buck

W3C Sets Up Web Payments Standards Group To Improve Check-Out Security 30

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.
This discussion has been archived. No new comments can be posted.

W3C Sets Up Web Payments Standards Group To Improve Check-Out Security

Comments Filter:
  • Fantastic! (Score:3, Funny)

    by Anonymous Coward on Monday October 26, 2015 @10:30AM (#50802673)

    In 10 to 15 years we'll have a standard.

    • by Anonymous Coward

      Nah, we'll have a standard in about 5, but Google and Mozilla will jump the gun and implement it (badly) in 2, just to show how progressive they are. Then they'll abandon it and put forward their own implementation, which is incompatible. Oh, and it doesn't work on Android yet. Well, it does, but only on the very latest version which you can't install on YOUR device. Again, just being progressive and all that.

      And in 5 years they'll end up adopting the standard anyway because that's what everyone will do.


      • Or people will simply continue to use what works today, which are simple PayPal links and Bitcoin wallet addresses.
      • > Oh, and Apple doesn't care either way, so they'll implement once everyone stops bickering...if they feel like it.

        You forgot to mention that they will launch in a world event and sell billions of devices thanks to their innovation.

      • Looks like a strong overlap with RFC 2801 - []

        That would be "Internet Open Trading Protocol - IOTP Version 1.0, April 2000"

  • Fix the real problem (Score:5, Interesting)

    by CastrTroy ( 595695 ) on Monday October 26, 2015 @11:09AM (#50802937) Homepage

    I say that we should fix the real problem. The real problem is that I have to give my credit card number, or debit card number, or bank routing information to the store that I want to make a purchase from. I would much prefer to have a system, more like PayPal, where I can authorize a payment to an online store and not give them any information that would allow them to access my account to create further payments.

    As soon as I submit my credit card number to a store, there's any number of things that could go wrong after that time that would cause my account to become compromised. Doubly so for things like debit cards or account routing information that would cause me to lose money from my actual account.

    I'm not saying that PayPal should take over. However, there should be a standard way to make a one-time payment from any financial institution and it should work similarly to PayPal in that the money gets transferred to the seller without giving them any information that could be used to make another transaction that isn't verified by me.

    • I like Bitcoin as my solution to this problem. I just recently bought some stuff and the site emailed me back my password in clear text. Idiots! That's the point where I was really glad I had paid in Bitcoin.
    • Get a CC from a bank that allows a one time use virtual CC number. You have a lot of choices, (e.g. Citi, BofA), but there are some downsides in the implementation.

      And yes - there are competitors to Paypal, such as Android Pay and Apple Pay. But those only really work for NFC.

      • by KGIII ( 973947 )

        Not a bank - a credit union. I find that some of them are ahead of the curve. It's also a lot nicer when you've got some skin in the game and own shares instead of just being a tool to be wielded or customer.

        Full disclosure: I've numerous accounts and sit on the board at my local credit union.

    • by Anonymous Coward

      Indeed, the payment info should go the the customer (payment of $X to at ), who then signs it with their private key, sends it on to their bank.

      Bank verifies that the signature is valid with the public key, and that the payment isn't a replay (the exact same payment), and that the funds are available; they sign it with their private key, sends it back so it gets to the merchant.

      Merchant gets the payment information, verifies the bank's signature with the public key, sends merchandise.

    • The path as shown in the WG's wiki [] suggests the possibility of this. It provides the option for payment processing to happen on the payee side or on the payor side. Once it gets to "Send Payment Response," the payee has the option of performing processing, and if not, it goes to the payor to be processed, perhaps using a signed, token-based architecture. A payment-complete notification is then sent to the payee, completing the transaction.

      This seems like it would fulfill your requirements.

    • by Anonymous Coward

      That's not the real problem. You demand a technical solution to a legal problem. If banks were required by law to refund any unauthorized withdrawals immediately, including all fees, interest etc. incurred (including any you may have had to pay to third parties if the bank declined any cheques / transfers), you just wouldn't have to care. Why should it ever be your problem if your bank permits unauthorized parties to access you account?

      • If banks were required by law to refund any unauthorized withdrawals immediately, they would require everyone to use single-use account numbers.

    • The real problem is that I have to give my credit card number, or debit card number, or bank routing information to the store that I want to make a purchase from

      I just moved to the Netherlands and my first online purchase was met with "Pay with iDeal" as the only option. I freaked out and after I was done I was left thoroughly impressed. It's a bank agnostic payment system processed by the banks themselves with your account. I.e. just like paypal the actual payment is handed over to the financial institute and the store never sees your credit card (or in this direct-debit) details. Then the actual process of paying depends on you bank security (in my case I have th

      • Yeah, it really does seem to be the best solution. Other commenters said that people should just get an account that allows them to generate 1 time use credit card numbers. But that is usually a cumbersome task and requires a lot more effort than most people are willing to go through to make an online payment.

        A properly designed customer initiated payment can be almost as simple as using a credit card, and much more secure. Plus there are ways you could allow ongoing/subscription payments, which one time c

      • by Lennie ( 16154 )

        I've never had the need to (because I'm careful where I use it online) so I don't know if this is true.

        But iDeal has no refund, at all.

        The band transfers the money and it's gone.

        If you don't get what you asked for, you might be out of luck.

        Something like Bitcoin would allow for a mutually agreed up on third party to do arbitration with a contract.

        • That could be very true but is true of every direct debit / cash / check transaction. Online protection is something provided by individual credit card companies complying with LOCAL credit card laws.

          iDeal is generally protected at present since it is unique to the Netherlands, registered businesses, and thus subject to consumer protection laws. This would be quite different if the system is expanded internationally, but again while we're postulating possible solutions a similar such solution could simply b

    • Sure, but you haven't explained how MC & Visa will make 2% of every transaction. If your new, technologically superior payment system doesn't include that feature, they will use their not inconsiderable resources to see to it that anything that pays them more gets used instead.

Things equal to nothing else are equal to each other.