The Basic Card Payment specification describes the data formats used by the PaymentRequest API [[!PAYMENTREQUESTAPI]] to support payment by payment cards such as credit or debit cards.
The working group maintains a list of all bug reports that the group has not yet addressed. This draft highlights some of the pending issues that are still to be discussed in the working group. No decision has been taken on the outcome of these issues including whether they are valid. Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This specification was derived from a report published previously by the Web Platform Incubator Community Group.
This specification is a Payment Transaction Message Specification used by the PaymentRequest API [[!PAYMENTREQUESTAPI]] to support payment by payment cards such as credit or debit cards. It is intended to provide compatibility for merchants who currently request card details from customers to ease adoption of the PaymentRequest API.
In the future, merchants should favor payment methods that provide a tokenized response rather than clear text credit card details.
This specification relies on several other underlying specifications.
The following payment method identifier strings are supported by the Basic Card Payment data formats.
| Identifier String | Description |
|---|---|
| visa | Visa (Credit, Debit and Electron) |
| visa/credit | Visa Credit |
| visa/debit | Visa Debit |
| visa/electron | Visa Electron |
| mastercard | MasterCard (and EuroCard) |
| mastercard/credit | MasterCard Credit |
| mastercard/debit | MasterCard Debit |
| amex | American Express |
| discover | Discover |
| maestro | Maestro |
| diners | Diners Club |
| jcb | JCB |
| unionpay | UnionPay |
| unionpay/credit | UnionPay Credit |
| unionpay/debit | UnionPay Debit |
This section describes payment method specific data that is supplied as part of the data
argument to the PaymentRequest constructor.
There is no payment method specific data used by the PaymentRequest constructor when processing Basic Card Payment methods.
The BasicCardResponse dictionary contains the response from the
PaymentRequest API when a user accepts payment with a Basic Payment Card payment method.
dictionary BasicCardResponse {
required DOMString cardholderName;
required DOMString cardNumber;
required DOMString expiryMonth;
required DOMString expiryYear;
DOMString cardSecurityCode;
BillingAddress? billingAddress;
};
The BasicCardResponse dictionary contains the following fields:
cardholderNamecardholderName field contains the cardholder's name as it appears on the card.cardNumbercardNumber field contains the primary account number (PAN) for the payment card.expiryMonthexpiryMonth field contains a two-digit string for the expiry month
of the card in the range 01 to 12.expiryYearexpiryYear field contains a two-digit string for the expiry year
of the card in the range 00 to 99.cardSecurityCodecardSecurityCode field contains a three or four digit string for the
security code of the card (sometimes known as the CVV, CVC, CVN, CVE or CID).There is a requirement for payment apps to be able to return data that is hidden from the payee themselves (perhaps for PCI scope reasons) as they will pass it on to their payment service processor who can then decrypt it and use it.
dictionary BillingAddress {
// [...] fields TBC - most likely the same as shipping address
};
The BillingAddress dictionary contains the billing address
information associated with the payment card.
The fields of the BillingAddress will most likely match those in the
shipping address of the PaymentRequest API once those are defined.