Chrome 68 Payment Handler API – is it storing Payment Methods?

Disable if you want
Chrome 68 Payment Methods – enabled by default.

Chrome 68 Payment Methods – it’s on without you knowing it’s on

Googles latest update of the worlds most popular browser just released is Chrome 68. There are several additions in Chrome 68 and the labelling of non-https websites as “Insecure” is rightly getting plenty of attention. But another important addition in this update is the inclusion of Chrome 68 Payment Handler API, and notably the fact it is ENABLED by default. You may like that, or you may not.

If you don’t want Chrome giving permission to websites you visit to “check if you have payment methods saved” then head to your Chrome settings [see instructions below] now and DISABLE the option – because Google have already enabled it in the Chrome 68 update.

What are Payment Methods, are they good or bad?

Payment Methods are all about making it easier to make online purchases. In principle that’s a good thing, however you may not like it due to the privacy, security or other considerations. The good thing is that you have a choice, and it’s up to you to make an informed choice. The bad thing is that Google have decided for you and you’re not informed, they could have at least given a pop-up to ask how you would like to configure the new option. If you don’t want the slightly more technical details – no problem, just skip the next section and jump to “How Do I Disable Payment Methods in Chrome?”.

The W3C and Payment APIs

The World Wide Web Consortium (W3C) describes itself as an “international community where Member organizations, a full-time staff, and the public work together to develop Web standards.“.  There are two particular standards that relate to Payment Methods:

1. The Payment Request API

“This specification standardizes an API to allow merchants (i.e. web sites selling physical or digital goods) to utilize one or more payment methods with minimal integration. User agents (e.g., browsers) facilitate the payment flow between merchant and user.”

2. The Payment Handler API

“This specification defines capabilities that enable Web applications to handle requests for payment.”

The two links above give the full specs, including further links to the repos on github for both Payment Request API source code, and Payment Handler API source code. That means you can contribute to the APIs – remember the W3C plus others “and the public work together to develop Web standards.“. That’s pretty cool. In addition, or alternatively, you could contribute to your favourite open source browser. If your favourite browser isn’t open source then you can’t contribute to it. That sucks. Of course you could make an open source browser your new favourite, or start your own open source browser…

How Do I Disable Payment Methods in Chrome?

If you’ve decided you don’t want to allow websites to view your saved payment methods then in Chrome it’s pretty simple to disable it in Chrome 68 Payment Methods.

  1. Go to Settings
    1. Link to chrome://settings [linking seems not to work], or
    2. In Chrome address bar navigate to: chrome://settings/, or
    3. Click the 3 vertical dots to the right of the address bar, then select Settings
  2. Scroll to the bottom of the page and click Advanced.
  3. Go the the Privacy and Security section.
  4. Go to Allow sites to check if you have payment methods saved and Disable.
  5. That’s it you’re done!

How did I noticed the change?

You might be wondering how I noticed such a subtle addition to the Chrome settings. Well as it happens following writing my first 2 Chrome Extensions recently and blogging about them (Hacking Google Chrome – Custom Chrome New Tab Extension, and ReHacking Google Chrome – Customisable New Tab Extension ) I became quite familiar with the Chrome Settings and Extensions. So when the new update came out I noticed the new addition straight away.

It is a good idea to periodically go through the Settings of your Browser and other applications and check you’re happy with them, this is especially important after an update – as in the case of Chrome 68 Payments.

Safe Surfing

In reality nothing is “safe”, all you can really do is attempt to identify and minimise risk. The best way to do that by being informed – don’t click on links unless you know exactly where the link goes to – as opposed to where is says it goes; keep your software up to date and patched – OS, firewall, antivirus, browser, etc. Periodically review the settings on all the software you use. Only install software from reputable sources. Run regular scans with your preferred anti-malware software.

Any questions or comments use the section below. Now, I’m thinking about a blog for a robot I just finished building, and then there’s that AI thing I’m working on, and the IOT project …

Leave a comment

Your email address will not be published.