The secure payment confirmation feature, incorporated into Chrome 95 beta, hooks into the Web Authentication API to offer another layer of web-based authentication.
The feature adds a new ‘payment’ extension to that API, allowing organizations such as banks to optionally offer a PublicKeyCredential . This credential can be queried by merchants during payment transactions via the Payment Request API using the ‘secure-payment-confirmation ’ payment method.
Users enrol a payment instrument using on-device biometrics, creating a FIDO credential that can be held by a payment service provider, such as Stripe (a partner with Google in trials of the technology). This credential can be used in later transactions to authenticate the user.
The technology can also be used to produce a signed challenge that includes the transaction value. During trials, secure payment confirmation "provided a higher conversion rate and faster authentication time" thanthe latest version of 3-D Secure authentication flows, according to Google.
The authentication approach, comparable but more advanced than WebAuthn, is touted as faster and more secure than web-based authentication alternatives.