Web Payments Workshop Report

Table of Contents

• Introduction
• Format
• Sessions
• Participants
• Minutes
• Key Outputs
• Conclusion & Next Steps

Introduction

This document summarizes the activities and results of the first W3C Workshop on Web Payments. The event was held in Paris, France on the 24^th and 25^th March 2014 and was part of the EU FP7 HTML5Apps project, hosted by Ingenico, and generously sponsored by Gemalto and BBVA.

Format

The workshop spanned two days and consisted of 6 substantive sessions, plus an opening and a wrap-up session (see the agenda with slides). The opening session had a keynote speaker, Alexander Gee, Deputy Head of the Payments Unit for the European Commission's DG Competition.

Speaker selection was intended to provide maximum participation from all attendees. It was conducted based on the papers submitted and an overall goal to provide necessary information and balanced discussion among the varied stakeholders. The list of papers selected for presentation is available online. A detailed analysis of common themes across all the papers has been also published by Manu Sporny, Chair of the Web Payments Community Group.

Each session had a moderator, a minute taker, and a person that recorded use cases as they were raised by the attendees. The 6 sessions were:

1. Overview of Current and Future Payment Ecosystems
2. Toward an Ideal Web Payment Experience
3. Back End: Banks, Regulation, and Future Clearing
4. Enhancing the Customer and Merchant Experience
5. Front End: Wallets - Initiating Payment and Digital Receipts
6. Identity, Security, and Privacy

Note: each paragraph below summarizes the content of each section. The details of each session are  in the minutes which are available to the public.

Sessions

Keynote

The keynote presentation was delivered by Alexander Gee, Deputy Head of the Payments Unit for the European Commission's DG Competition. In his talk, Mr Gee promoted the development of initiatives working toward making payment on the Web work better, based on open non-discriminatory standards. He described in details the approach of the EU commission focusing on interchange fees that are considered as one of the biggest barriers to competition in payments market. Today the fees are around 1%, and the EU objectives is to bring them down to 0.2 to 0.3%. The major issue for interchange fees is that they are hidden to the customer. Mr Gee highlighted the fact that the current e-payment market is not competitive and not open to non-bank players, and the EU is fighting for the ecosystem to change. The core focus on the EU is to ensure that the competition is open and based on transparency, particularly on fees. This would lead to more opportunities for non-bank parties to compete in the market.

Overview of Current and Future Payment Ecosystems

In this session, 6 panelists representing different types of stakeholders presented their views on the current and future payments ecosystem. Different points of view, challenges, and opportunities were presented covering the case for digital currencies (Ven), the case for non-bank payments, the need for standards, invoking payments from a web page, the difference between web and non-web payments, the requirements from the poorest 2.5B people who do not have access to payments services, and the importance of international remittances and associated costs.

The discussions then developed around a few topics such as P2P transfer and the role of regulations (particularly for cross-border exchanges), completion of one single payment transaction with multiple sources of funds and payments systems, the selection of payment solutions based on the speed of money transfer, the importance of the user experience and integration of different payment systems within the same interface on the Web, and the importance of identity versus anonymity.

Toward an Ideal Web Payment Experience

This session focused on exploring use cases for Web payments, analyzing issues and associated questions, identifying requirements for user experience, and user interaction and interface design related to Web payments.

The session had 4 presenters that presented their view on the need (or not) of specific approach to Web payments and where standardization was needed or not needed. The discussion centered around identifying the need for core payment primitives for the Web. An analysis of common “payment problem” themes in the papers outlined a number of potential standardization targets related to identity, payment initiation, and digital receipts.

The discussion then moved on to whether or not to develop a standardized user interface and whether this would improve the user experience. A number of pros and cons related to a “Trusted UI” were discussed. These discussions centered around the question of whether payments should be placed into the same window as any other web application, or if a user should be able to recognize that they’re taking part in a secure payment process through the UI. A number of attendees highlighted the importance of providing an ideal experience to not only customers but also merchants. The need to have a homogeneous way to support multiple payment solutions was also identified. A virtual wallet might be a way to support this abstraction. The importance of standardizing payment tokens to ease transactions and make them more secure was discussed. The need for a standard digital receipt format was also raised as a potential standardization target.

Back End: Banks, Regulation, and Future Clearing

This session focused on the back-end of payments, i.e. what is happening behind the scenes to clear payments and, in particular, the role of regulators and the role of the banks. The session had 3 core presenters and 2 panellists. The presenters provided different points of view related to traditional bank networks, the ISO-20022 protocol, and new clearing networks (e.g. Ripple and new crypto currencies). Some of the presenters also identified the need for new payment solutions to be aware of national regulations related to anti-money-laundering and know your customer regulations.

The discussion centered around the role of the banks, decentralized clearing approaches, the current evolution of cryptocurrencies within countries’ regulations, and options to improve credit card information entering through auto-complete requests.

We were told that banks are seeking ways to reduce the costs for servicing personal accounts as these contribute 25% of revenue, but 33% of costs. One trend is the increasing use of direct debit transfers for settling bills due to the lower overheads compared with card based payments. At the same time card payments are under pressure, e.g. action by the European Commission’s DG Competition. It was noted that non-banking solutions offer greater risk for users as they have lower consumer protection under current regulation.

Enhancing the Customer and Merchant Experience

The objective of this session was to highlight the possible shape of an online payments architecture that could fit well with both consumer and merchant requirements. The session commenced with a principal speaker that presented the challenges of electronic payments from the merchants’ perspective. Following this, four panellists presented complementary views on topics such as multi-currency payments, how to abstract payment options and allow users to use his/her prefered solution, how to create an architecture covering trusted parties, and finally the requirements for those living with only few dollars a day in remote parts of developing countries.

The discussion centered around the themes of how to negotiate payment solutions between merchants and customers, the role of intermediaries, and how to build a network of trusted parties.

Front End: Wallets - Initiating Payment and Digital Receipts

The objective of this session was to focus specifically on the front-end and the overall flow to initiate a payment transaction on the customer side in a B2C transaction. The session had a principal speaker that highlighted the possible places for standardization in an architecture that integrates a virtual wallet as a way to support multiple payments solutions. The 5 panellists then presented complementary views on the topic, including a more detailed prototype of a wallet implementation, the requirements for a more general adoption of such wallets in terms of support of payment schemes, cross-device portability, user interface, etc., the existing implementations and impact of mobile money platforms in the developing world and the opportunity to transform mobile money in an online payment option, and finally the privacy concerns related to information managed between merchants and payment system providers.

The resulting discussion centered around wallets, the type of wallets, the need for them, where the wallet should be implemented (on device, in the cloud, in future other objects as part of IoT etc.), and the options to manage P2P transactions. The discussions also covered the notion of authentication linked to wallets: can the authentication be delegated to the wallet provider? Would the payment system provider be happy and would they be willing to delegate authentication? Can authentication be on the device? What should be the identifier (IMEI, mobile number, biometrics, etc.)?

The majority of accepted workshop papers (57%) mentioned wallets, so this is clearly a topic of considerable interest. Further discussions in later sessions raised the potential for smart wallets that could consider a range of available payment solutions and identify the one that best meets the customer’s needs. This process could include examining options that would be far too complex for most customers, like looking at a combination of the total payment network fees and foreign exchange fees to determine the appropriate payment network to route the transaction over.

Another topic relating to wallets that was raised in the discussion was the potential for supporting loyalty schemes (e.g. loyalty cards, prepaid vouchers, and discount coupons). There was also mention of the potential for third party value added services for wallets (e.g. analysing your spending patterns, and offering advice).

Identity, Security, and Privacy

This session had 7 panelists that presented different options for authentication and identity. They presented the different challenges that exist and some potential ways of addressing them. Two of the speakers presented standardized technologies at IETF and W3C while others presented some of the more proprietary solutions they are using.

Discussions centered around the concept of one single identity versus multiple identities based on usage (professional identity, personal etc.), who should store the identity information, how to implement identity in a decentralized network, how to link authentication, identity, and payment transactions, how to link reputation and identities, how to ensure privacy while using identity, and the need to decouple trust, security, privacy, and traceability.

A recurring theme was establishing trust with people that you have never met. Many of the workshop presentations touched upon this using the term "know your customer" or KYC. It is not enough to disclose personal information, as there needs to be evidence to back it up, e.g. an attestation by a mutually trusted third party.

Participants

There were a total of 101 registered participants. The audience background was very diverse:

• Bank Industry
• Payment Service Providers
• Virtual Currencies provider
• Financial Institutions
• Mobile industry
• Browser Vendors
• Payment Standardization Bodies
• Merchants associations
• Academics

 

The venue seating capacity limited the number of participants.We were unable to accept everyone who sent in an expression of interest. The list of participants is available online.

The workshop was co-chaired by Daniel Appelquist (Telefonica) and Jean-Claude Barbezange (Worldline).

Minutes

The minutes of every session that occured during the workshop are available online. 

Key outputs 

The outputs below are a summary of the wrap-up session driven by Dan Appelquist (Telefonica) plus the highlights of key points that were developed during the sessions and the discussions among participants. Four key points emerged:

• There was consensus that in the Web Payments area, the current status-quo presents a set of challenges that may negatively impact the growth of the sector and negatively impact effective competition between established players and new entrants. A number of Web payment challenges and problems were identified: authentication, identity, security, establishing trust online, interoperability of different payment solutions, the need to improve user experience, the user interaction approach for payments on the Web, and the challenges for merchants to support multiple payment solutions.
• There was consensus that payments involve a large set of stakeholders that are interlinked. It is important to ensure that any work in the domain involves the majority of the actors, including banks, regulatory authorities, standardization bodies, mobile operators, new payment providers, browser vendors, etc. However, it is important to note that specific work items may require different subsets of stakeholders to contribute.
• While talking about Web payments, different actors have different scenarios in mind. At least four scenarios were identified:
  • Using a payment card at a online point of sales terminal in a physical (brick and mortar) store.
  • Using an online mobile device (e.g. a smart phone) to pay for goods at a physical store.
  • Online user paying for goods or services at an online store.
  • Person to person payment, where the associated devices may be online or offline.
  Each scenario seems at a first glance very different and may have different requirements and technologies, and may potentially require different architectures. However, there were discussions during the event whether the distinction between web and non-web payments is still relevant today. The identification of different scenarios may therefore be important to structure the investigations and the identification of different building blocks and primitives required to address the domain at large.
• The domain of payments is very complex, and it covers many themes such as identity and authentication, payment abstraction and virtual wallets, digital receipts and proof of purchase, payment requests and tokenization, user interaction and initiation of payment session, browser-based APIs, cross-device payments, payment related schemes such as discount coupons, loyalty cards and prepaid vouchers, multi-currency support, etc. It is essential to approach these challenges in an holistic way and design an architecture in which all these dimensions can fit together, while also addressing each separately to ensure scalability and progress in the short term. It is unlikely that a single end-to-end approach to payments on the Web would allow all players to compete at different entry points, and would create a level playing field for the industry. It is therefore essential to consider a modular architecture, and identify the area(s) where standardizations would help different players to interoperate.

The four points above highlight the very complex set of issues that need to be addressed in order to drive further innovation and competition on a level-playing field. However, there was a general agreement that trying to address all challenges at once is likely to fail given the time that would be required. The list of challenges mentioned during the event includes:

• The complexity of completing transactions on the Web due to poor and non-homogeneous user interface leading to an incredible level of transaction abandonment.
• The inconsistent and often insufficient security offered by on-line credit card payment today.
• The current missed opportunities offered by mobile in terms of user experience
• The complexity for merchant to manage multiple payment options, and in particular new payment solutions such as e.g. coupons or loyalty cards
• The challenges of identifying merchants and users in a secure way, and supporting a strong authentication and security on transaction
• The challenges of transaction fees with traditional payment solutions for micro-payments, including remittances.
• The challenges of the support of multiple currencies for payments.
• The hidden nature of lots of rtansaction fees, preventing a more transparent competition between different payment solution providers.
• ...

In order to make progress and engage in a process to improve the domain in the long term, it is essential to prioritize and identify low-hanging fruit that can have an impact in the short-term. There was general agreement among participants in the wrap-up session that the right strategy to adopt in the near future would be to structure the work into two basic categories:

• Short-term Leveraging of Existing Working Groups: Identifying work items that are likely to be in the scope of existing W3C Working groups, and ensuring that these groups will cover and take into account the payment use-cases and requirements. These groups include at least the Webapps, SysApps, WebCrypto, and NFC Working Groups. Within these groups, it would be possible to immediately start work on making the Web a better platform for payments. Many of these groups are currently re-chartering, thereby offering a timely opportunity for adding payment related work items as part of the new charter.
• Long-term Strategic work: There was general agreement to create a new W3C group (Interest Group or Business Group), in complement to the current Web Payments Community Group (see definition of W3C Community Group), to determine the long-term strategy and the roadmap for the Web Payments work. The role of this group would be to collect use-cases and requirements, identify low hanging-fruit, and launch one or more new technical working group(s) on key topics identified during the workshop. The wrap-up session identified a set of possible topics to consider. There was a rough consensus on the need to work on these topics as well as on W3C as a good place for this work. This includes:
  • Payment requests and token format
  • Digital receipts and proof of purchase
  • Decoupling web applications from wallets and payment solutions
  • Improving auto-complete to ease credit card payments
  • Elaborating what it means to create a level playing field
  • B2C, person to person, and offline payments
  • Trusted User Interface for payments
  • NFC and Bluetooth based payments
  • Mobile payment scenarios
  • Loyalty schemes and 3rd party value added services
  • Improving the user experience for payments

Conclusion and Next Steps

It is essential that the industry momentum created by the Web Payments Workshop is leveraged to address payment problems on the Web. W3C will continue to engage workshop attendees, many of whom are not yet W3C members, to identify the role and scope for the payments steering group. We will work on the charter for the group, and recruit participants to ensure that all stakeholders are represented. A particular focus will be placed on ensuring that payment players that did not attend the event are represented as well. W3C will also connect newcomers to W3C with existing groups and ensure that the Web payments use-cases will be disseminated to existing W3C groups.

In order to pursue the activities discussed during the workshop and create an official steering committee that will discuss and adopt a roadmap for Web Payments, W3C has a set of possible instruments described in its process document. In the next few weeks, W3C management will evaluate the different options, interests, and possible commitments of different stakeholders before launching a new group.

The decision on whether or not to create a new web payments steering group will be made as soon as possible. If the creation of the group is authorized, it will form during second quarter of 2014. During the next two to three months, the opportunities to also launch a new technical group (W3C Working Group) will be evaluated and if there is a clear consensus and a critical mass of organizations interested to join such technical activities, a technical working group might be launched. Such technical group(s) may also be launched after the steering group has been assembled and has reached consensus on the set of technical activities to engage in. The proposed group(s) discussed in this section are intended to complement the current Web Payments Community Group which is not an official W3C standardization group, but rather an umbrella for the payments community to discuss possible future work and incubate nascent technologies in the domain.

Date	Actions	Audience
25 april 2014	Publication of Workshop Report	Workshop Participants, Public
As soon as possible	Notification to the W3C membership of the work in progress and Development of the charter of the future Web Payments Steering Group (W3C Interest Group most probably)	W3C Membership, Workshop participants, Web Payments community
June 2014	Launch of the Web Payments Steering Group (W3C IG)	All Web Payments Ecosystem and W3C members

Table 1: Possible next steps calendar