Cryptology ePrint Archive: Report 2021/1012

A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification

Quoc Huy Do and Pedram Hosseyni and Ralf Kuesters and Guido Schmitz and Nils Wenzler and Tim Wuertele

Abstract: Payment is an essential part of e-commerce. Merchants usually rely on third-parties, so-called payment processors, who take care of transferring the payment from the customer to the merchant. How a payment processor interacts with the customer and the merchant varies a lot. Each payment processor typically invents its own protocol that has to be integrated into the merchant’s application and provides the user with a new, potentially unknown and confusing user experience.

Pushed by major companies, including Apple, Google, Mastercard, and Visa, the W3C is currently developing a new set of standards to unify the online checkout process and “streamline the user’s payment experience”. The main idea is to integrate payment as a native functionality into web browsers, referred to as the Web Payment APIs. While this new checkout process will indeed be simple and convenient from an end-user perspective, the technical realization requires rather significant changes to browsers.

Many major browsers, such as Chrome, Firefox, Edge, Safari, and Opera, already implement these new standards, and many payment processors, such as Google Pay, Apple Pay, or Stripe, support the use of Web Payment APIs for payments. The ecosystem is constantly growing, meaning that the Web Payment APIs will likely be used by millions of people worldwide.

So far, there has been no in-depth security analysis of these new standards. In this paper, we present the first such analysis of the Web Payment APIs standards, a rigorous formal analysis. It is based on the Web Infrastructure Model (WIM), the most comprehensive model of the web infrastructure to date, which, among others, we extend to integrate the new payment functionality into the generic browser model.

Our analysis reveals two new critical vulnerabilities that allow a malicious merchant to over-charge an unsuspecting customer. We have verified our attacks using the Chrome implementation and reported these problems to the W3C as well as the Chrome developers, who have acknowledged these problems. Moreover, we propose fixes to the standard, which by now have been adopted by the W3C and Chrome, and prove that the fixed Web Payment APIs indeed satisfy strong security properties.

Category / Keywords: cryptographic protocols / electronic commerce and payment, formal analysis, web security

Original Publication (with major differences): IEEE Symposium on Security and Privacy 2022

Date: received 30 Jul 2021

Contact author: ralf kuesters at sec uni-stuttgart de, pedram hosseyni at sec uni-stuttgart de, guido schmitz at sec uni-stuttgart de

Available format(s): PDF | BibTeX Citation

Version: 20210806:072218 (All versions of this report)

Short URL: ia.cr/2021/1012


[ Cryptology ePrint archive ]