Browsers Will Store Credit Card Details Similar To How They Save Passwords
An anonymous reader quotes a report from Bleeping Computer: A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. Called the Payment Request API, this new standard relies on users entering and storing payment card details inside browsers, just like they currently do with passwords. The API is also a godsend for the security and e-commerce industry since it spares store owners from having to store payment card data on their servers. This means less regulation and no more fears that an online store might expose card data when getting hacked. By moving the storage of payment card details in the browser, the responsibility of keeping these details safe is moved to the browser and the user. Browsers that support the Payment Request API include Google Chrome, who first added support for it in Chrome for Android 53 in August 2016, and added desktop support last month with the release of Chrome 61. Microsoft Edge also supports the Payment Request API since September 2016, but the feature requires that users register a Microsoft Wallet account before using it. Firefox and Safari are still working on supporting the API, and so are browser implementations from Facebook and Samsung, both eager to provide a simpler payment mechanism than the one in use today.
How about no.
How about YES. It is implausible that this will be any worse than the existing system.
Not for anybody who cares for privacy/security (Score:4, Interesting)
... just like they currently do with passwords
I don't trust any browser to store even my Slashdot login password. Why in the world would I trust it with my credit card? In fact, I don't even let merchants store my credit card if at all possible (I either choose the option not to save the card or manually delete the card after the purchase).
It seems like nobody who understands and actually values privacy and security would do this.
I don't trust any browser to store even my Slashdot login password. Why in the world would I trust it with my credit card?
Because the alternative to sharing your password is to keep it secret and type it each time you need it. But the alternative to your browser storing your CC# is that it is stored by every online merchant you buy from.
Not My Browser (Score:2)
Wow, the first quantum computer (Score:2)
will enable its user(s) to rule the world.
Seriously, is everything in these encryption algorithms protected by hoping that the product of two large prime numbers can't be easily factored? If so, then I would assume all the world's secrets (and ability to conduct financial transactions) are theirs.
It's sad that the first network using quantum encryption was put up (literally) by the Chinese (it's using satellites).
Seriously, is everything in these encryption algorithms protected by hoping that the product of two large prime numbers can't be easily factored?
No. State-of-the-art encryption algorithms haven't been based on "factoring prime numbers" for decades.
HELL NO! (Score:2)
In NO way should ANY browser store Credit Cards!
And for payments outside the browser. (Score:2)
Payment providers like PayPal or Amazon might not be on board with this new API since it makes them obsolete, but almost everyone else is.
Or because, in the case of something like Amazon Payments or "Pay with Amazon" they actually need to store your payment information to process transactions that occur outside the browser. If I'm using that, I don't need my browser to handle it too.
In many ways, the Payment Request API is a much secure method of handling online transactions, but it's not perfect either.
For starters, browser makers now have a full view of your finances and transactions, a situation that some people might not like, and will refuse to store any such information in their browser.
Ya think? I imagine the above will be a non-starter for many. Like I want Mozilla, Microsoft or Google accessing my CC transactions.
Sniffing the browser for CC info. (Score:2)
The researcher notes that sites that don't sell any products or advertisers could abuse the API to fingerprint and profile users (detect what payment options each user/browser has stored in its settings), or detect when the user is paying from a normal or incognito mode session.
Just great. Then any website could query your browser for available payment information.