Skip to content

w3c/secure-payment-confirmation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

442 Commits

.github/workflows

.github/workflows

 
 

sequence-diagrams

sequence-diagrams

 
 

.gitignore

.gitignore

 
 

.pr-preview.json

.pr-preview.json

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE.md

LICENSE.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

accessibility-checklist.md

accessibility-checklist.md

 
 

developer-guide-authentication.png

developer-guide-authentication.png

 
 

developer-guide.md

developer-guide.md

 
 

explainer-diagram.png

explainer-diagram.png

 
 

explainer.md

explainer.md

 
 

payment.png

payment.png

 
 

requirements.md

requirements.md

 
 

scope.md

scope.md

 
 

security-privacy-questionnaire.md

security-privacy-questionnaire.md

 
 

spec.bs

spec.bs

 
 

status-CRD.include

status-CRD.include

 
 

status-ED.include

status-ED.include

 
 

status-FPWD.include

status-FPWD.include

 
 

status-WD.include

status-WD.include

 
 

w3c.json

w3c.json

 
 

Repository files navigation

Secure Payment Confirmation

Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details. The W3C Web Payments Working Group is developing SPC.

Links:

Screenshot

FAQ

Q. Who can validate the SPC response besides the actual Relying Party (RP)?

An SPC challenge bundles transaction details with transaction-specific dynamic data from the Relying Party. An SPC response includes a signature over that challenge. Validation in SPC refers to the verification of that signature using the credential public key. A Relying Party can choose to share the credential public key with another party (e.g., a card network or payment service provider) via out-of-band communication to enable that party to validate the SPC assertion.

Acknowledgements

Contributors:

  • Adrian Hope-Bailie (Coil)
  • Benjamin Tidor (Stripe)
  • Danyao Wang (Google)
  • Christiaan Brand (Google)
  • Rouslan Solomakhin (Google)
  • Nick Burris (Google)
  • Gerhard Oosthuizen (Entersekt)

About

Secure Payment Confirmation (SPC)

w3c.github.io/secure-payment-confirmation/

Topics

public-key payment-request 3ds webauthn payment-handler

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

106 stars

Watchers

33 watching

Forks

48 forks
Report repository

Contributors 16

+ 2 contributors

Languages