Newsletter 
Google has now introduced a brand new flag experiment to Chrome that will allow payment autofill authentication to utilize biometrics and other screen unlocking methods.
The feature, reported by Android Police, isn’t presently active in its entirety on any Android Chrome platform. But it seems destined for the mobile operating system all the same. And there’s a possibility that it could be brought to other platforms since those platforms are noted in the flag.
If Google decides to release the feature, users won’t need to enter their card’s CVC number for online purchases. Currently, that number is used to verify ownership of the credit or debit card in question. So, on each purchase, users are required to enter the code, which is typically three digits long. Instead, they’ll simply enter the code once and check a box in the UI that allows them to use their screen unlocking method “from now on.”
That means that devices with biometrics-based locking would be a viable option. So, for instance, users could simply scan their fingerprint to verify their card. Or enter their lock screen pin or password. Google would then use the CVC information stored in Chrome’s autofill settings and allow the purchase.
Details about this Chrome Autofill Authentication feature are still slim
As of this writing, it doesn’t appear as though checking the box in the UI actually does anything in Chrome for Android. And even less of the UI shows up when the flag — found at ‘chrome://flags’ under a search for ‘#enable-autofill-credit-card-authentication’ — is enabled on other platforms. So this feature may turn out to work somewhat differently in its final form. But similar integrations have already happened elsewhere, giving some clue as to how this will work.
One such implementation is another experiment being run explicitly for Windows machines. Hinging on Windows Hello, that lets users utilize biometrics authentication in Chrome for payment autofill features. Windows Hello is already a prominent feature of associated hardware. So it makes sense for Google to have started there before working on its own cross-platform solution.
The underlying goal, however, is the same. It allows users to verify their cards, pulled down from Google Payments more quickly. And for that information, in its entirety, to be entered in by the browser. So in either case, this is building on autofill features that are already in place. But without the need for users to memorize or pull out and check their CVC code.
This is not coming anytime soon
As hinted above, the flag for this feature is still extremely experimental. It doesn’t do anything on just about any platform and, even on Android where it changes the UI, the new interface doesn’t actually change anything. Since that remains true across all Chrome Channels from Canary through Stable, it’s obvious this feature isn’t ready for primetime.
Google may not be ready in the near future either and this feature could ultimately be abandoned. Especially if any bugs or vulnerabilities are exposed in its continued development. So users shouldn’t bet on the Chrome browser receiving the new feature any time soon.
