Back to blog
Engineering

Chrome 142 update: ISP payments no longer working?

How Chrome's Local Network Access (LNA) policy change affects payment systems and what to do about it

Hecto Financial Engineering
2026-01-06
5 min read
#Chrome#Security#ISP Payment#Browser
Chrome 142 update: ISP payments no longer working? 썸네일 이미지

"ISP authentication payments stopped working out of nowhere"

If you operate a payment integration, you may have run into this. Since October 2025, ISP (AnsimClick) authentication payments for KB Kookmin Card, Kakao Bank Card, and BC Card have been failing in Chrome.

The cause is the Local Network Access (LNA) policy introduced in Chrome 142. Chrome now blocks local network access for security reasons.

This article explains what the LNA policy is and how it affects payment systems.

What is Local Network Access (LNA)?

Local Network Access refers to a web browser making requests to the user's local network — think routers, printers, and other devices on the same network.

Chrome started restricting this access as a security hardening measure. The goal is to prevent public websites from sending requests to the local network without the user's consent.

Why is it being blocked?

ThreatDescription
CSRF attacksMalicious sites silently changing a user's router settings
Network scanningSites mapping the local network topology for use in attacks
Internal service accessRequests reaching internal services that should be inaccessible from outside
NOTE

What LNA policy covers

Any request from a public website to a private IP (192.168.x.x, 10.x.x.x), loopback address (127.0.0.1, localhost), or .local domain is covered.

How does this affect payment systems?

ISP (AnsimClick) authentication works by communicating with a locally installed security program. The browser sends requests to localhost or 127.0.0.1 to complete identity verification.

Starting with Chrome 142, those requests are blocked without explicit user permission.

Affected payment methods

Card issuerAuthentication methodImpact
KB Kookmin CardISP authenticationBlocked
Kakao Bank CardISP authenticationBlocked
BC CardISP authenticationBlocked

Note

Standard card payments (MPI authentication) are not affected. Only ISP-based AnsimClick payments are impacted.

Rollout timeline

VersionRelease dateWhat changed
Chrome 138June 2025Testable via flag
Chrome 141September 2025Permission prompt introduced
Chrome 142October 28, 2025LNA policy fully enforced

This also applies to Chromium-based browsers including Edge, Brave, and Opera.

How to handle it

When the Allow local network access prompt appears during checkout, instruct users to click "Allow."

Chrome local network access permission prompt

[Example guidance text for your payment page]

Using Chrome?
An "Allow local network access" prompt will appear for ISP authentication.
Please click "Allow" to proceed.

Changing browser settings manually

If a user dismissed or blocked the prompt, they can change the setting manually:

  1. Click the lock icon on the left side of the address bar
  2. Select Site settings
  3. Set Local network access to "Allow"

Or navigate directly in the browser:

chrome://settings/content/siteDetails?site=[your-payment-page-URL]

Offer alternative payment methods

If ISP authentication continues to fail, suggest these alternatives:

  • Use a different browser (Safari, Firefox)
  • Switch to mobile payment
  • Choose standard card payment (MPI authentication)

Developer checklist

Setting up a test environment

You can test the LNA policy behavior on Chrome 138 or later before it goes live.

chrome://flags/#local-network-access-check

Set this flag to "Enabled (Blocked)" to simulate the LNA policy in your environment.

Setting iframe attributes

When embedding a payment window or external content in an iframe, you must explicitly include local-network-access in the allow attribute.

<iframe
  src="https://payment.example.com/checkout"
  allow="encrypted-media; local-network-access"
  allowfullscreen
  webkitallowfullscreen
  mozallowfullscreen>
</iframe>
AttributeDescription
allow="local-network-access"Allows local network access from within the iframe
allow="encrypted-media"Allows DRM / protected content playback
allowfullscreenAllows full-screen mode

Important

Without the allow attribute on your iframe, the payment module inside it cannot communicate with the local security program.
NOTE

Tip

WebSocket and WebRTC are not yet subject to LNA policy. They are expected to be covered in a future update.

What to do now

Chrome 142's local network access policy is a security improvement, but it has real impact on services that depend on local communication, like ISP authentication.

  1. ISP authentication (KB Kookmin, Kakao Bank, BC Card) may be blocked in Chrome
  2. The fix for users is simple: click "Allow" on the permission prompt
  3. Developers must add allow="local-network-access" to any iframe wrapping a payment window
  4. Use chrome://flags to test the behavior in advance

Add guidance text to your payment page and audit your iframe attributes now.

Reference

💬

Need technical support?