Pretty sure Chrome autofill will store CVV. I think for most people using Chrome autofill for CCs, Chrome is already the System of Truth for CC, to quite the same extent it would be under this new system. No banks or retailers seem to be complaining about it at present.
I don't see the difference between browser filling in these details with auto-fill, or browser filling in these details with a Payment Request API. Are you suggesting there is a significant one?
... Chrome is already the System of Truth for CC ...
Chrome, or any program running on a client device, is not a System of Truth due to the definition of same. A System of Truth is a trusted, authoritative, source of information in which services can rely on the information provided as being correct. In this context, a System of Truth is one which has exclusively its data from channels either controlled by the processor or secure feeds from partners.
I don't see the difference between browser
filling in these details with auto-fill,
or browser filling in these details with a
Payment Request API. Are you suggesting
there is a significant one?
From the perspective of the browser, no, there is none.
From the perspective of a transaction processor, they will see the client request the same and treat it as being untrusted until verified against their System(s) of Truth as well as satisfying ancillary verifications.
As such, a client device can never qualify as being authoritative due to its assumed compromised state (from the perspective of a processor).
I don't see the difference between browser filling in these details with auto-fill, or browser filling in these details with a Payment Request API. Are you suggesting there is a significant one?