The Basic Card Payment specification describes the data formats used by the PaymentRequest API [[!PAYMENT-REQUEST-API]] to support payment by payment cards such as credit or debit cards.
The working group maintains a list of all bug reports that the group has not yet addressed. Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This specification was derived from a report published previously by the Web Platform Incubator Community Group.
Sending comments on this document
If you wish to make comments regarding this document, please raise them as GitHub issues. Only send comments by email if you are unable to raise issues on GitHub (see links below). All comments are welcome.
This specification is a Payment Method specification for use with the PaymentRequest API [[!PAYMENT-REQUEST-API]]. With it, merchants can collect the basic card details (card holder name, card number, etc.) through the PaymentRequest API that they have traditionally collected through Web forms, but with an improved user experience.
The Web Payments Working Group is also investigating payment methods that offer greater security (e.g., through tokenization).
This specification relies on several other underlying specifications.
The payment method identifier string for the Basic Card Payment method is basic-card.
This section describes payment method specific data that is supplied as part of the data
argument to the PaymentRequest constructor.
enum BasicCardType { "credit", "debit", "prepaid" };
dictionary BasicCardRequest {
sequence<DOMString> supportedNetworks;
sequence<BasicCardType> supportedTypes;
};
The BasicCardResponse dictionary contains the following fields:
supportedNetworkssupportedNetworks field contains a sequence of identifiers for card networks
that the merchant accepts.supportedTypessupportedTypes field contains a sequence of card types that the merchant
accepts. Implementations will determine how to match the type values credit,
debit, and prepaid.
The supportedNetworks and supportedTypes fields are both optional.
If neither is provided then any card may be returned. If only supportedNetworks
is provided then any card type may be returned provided it matches one of the networks.
If only supportedTypes is provided then a card may be returned from any network
provided it matches one of the types.
The BasicCardResponse dictionary contains the response from the
PaymentRequest API when a user accepts payment with a Basic Payment Card payment method.
dictionary BasicCardResponse {
DOMString cardholderName;
required DOMString cardNumber;
DOMString expiryMonth;
DOMString expiryYear;
DOMString cardSecurityCode;
PaymentAddress? billingAddress;
};
The BasicCardResponse dictionary contains the following fields:
cardholderNamecardholderName field contains the cardholder's name as it appears on the card.cardNumbercardNumber field contains the primary account number (PAN) for the payment card.expiryMonthexpiryMonth field contains a two-digit string for the expiry month
of the card in the range 01 to 12.expiryYearexpiryYear field contains a two-digit string for the expiry year
of the card in the range 00 to 99.cardSecurityCodecardSecurityCode field contains a three or four digit string for the
security code of the card (sometimes known as the CVV, CVC, CVN, CVE or CID).Owners of web sites SHOULD NOT store the payer's card information except where warranted, such as storage for future and recurring payments. When card information is stored, web site owners SHOULD take measures to prevent its disclosure.
Note: Implementers may be subject to PCI DSS or other regulations, but discussion of those considerations lies outside the scope of this document.