Google is working with payment processor Stripe to bring TouchID-authenticated payments to the web.
The feature, which would prompt users to enrol their credit cards after they completed a normal purchase, is currently in Original Trail testing.
After users are enrolled, they will be able to complete payments faster in the future by authenticating with TouchID rather than their 3-digit CVV.
In the background, the service uses 3D Secure 2.0 authentication for credit card payments through Stripe and Google’s WebAuthn to Pay.
“Today, 3D Secure (3DS) authentication for card payments relies on fingerprinting techniques that browsers are actively trying to remove because they are prone to abuse by malicious trackers that harm a user’s privacy. The alternative of upfront authentication has not been feasible thus far due to high user friction involved. The WebAuthn to Pay proposal puts forth a vision of a one tap to pay flow that can provide the ideal combination of secure and low-friction authentication needed to replace fingerprinting in 3DS. In the long run, this enables secure tap-to-pay everywhere on the web,” the pilot proposal seen by TechTSP reads.
At present, the feature still requires users to enter their credit card number before authentication is requested, which is not quite as smooth and simple as buying at Amazon for example. Hopefully, this implementation can be improved in the future.
The feature is currently limited to Chrome for macOS behind a secure-payment-confirmation feature flag, but Google plans to bring it to Windows and Android, presumably via native biometric security implementations, by Q2 2021.