Web Payments Workshop - Session 3

Minutes for 2014-03-24

Agenda
http://www.w3.org/2013/10/payments/agenda.html
Topics
  1. Session 3: Back End: Banks, Regulation, and Future Clearing
  2. Card Processing - Worldline
  3. Global Payments - World Bank
  4. Future Clearing - Ripple Labs
  5. Alternative Currencies - CoinApex
  6. National Infrastructure - US Federal Reserve
  7. General Discussion on Back-end Systems
Chair
Daniel Appelquist
Scribe
Prakash Hariramani and Dave Raggett
Present
Daniel Appelquist, Prakash Hariramani, Erik Anderson, Jean-Claude Barbezange, Harish Natarajan, Bryan Sullivan, Dave Birch, Charles McCathie Nevile, Evan Schwartz, Dave Raggett, Max Raskin, Connie Theien, Manu Sporny, D. Jaromil Roio, Stan Stalnaker, Gray Taylor, Stéphane Boyera, Ricardo Varela, Bailey Reutzel, Jörg Heuer, Giridhar Mandyam, Wendy Seltzer, Jeremy King, and 80 others for a total of 103+ people
Prakash Hariramani is scribing.

This page contains minutes for an official W3C workshop event that have been cleaned up and reformatted by the Web Payments Community Group. The W3C and the Web Payments Community Group are two separate organizations. Readers should understand that while the workshop was an official W3C event, the operation of the Web Payments Community Group is not officially sanctioned by W3C's membership. More information on joining W3C (membership fees) and/or the Web Payments Community Group (free) can be found on the respective websites.

Topic: Session 3: Back End: Banks, Regulation, and Future Clearing

Stephane introduces the session moderator, Erik Anderson from Bloomberg
Erik Anderson: This session will be more about the backend and the banking side.
Erik introduces Jean Claude Barbezange from Worldline

Topic: Card Processing - Worldline

Slide 1: Legacy web payment mode
Jean-Claude Barbezange: Front end: web form: declarative data: E.g. PAN, CVV
PAN = Personal Account Number
CVV = security code at back of card
Jean-Claude Barbezange: Secure mechanisms: 3dS, tokenization, dynamic CVX
... front end with a web form, declarative data, e.g. card info. Security with 3DSecure, and more recently tokenization.
... Dynamic CVX provides better secuirty
Slide 3: Legacy Web Payment - Back end
Jean-Claude Barbezange: Also dynamic CVS for improved security. Also convenience for user, e.g. form auto completion and one click purchases.
... Banking card: universal, fee for payee, some level guarantees
... In some countries like Germany, credit transfer is used for nilling, home banking..
... Ideal is used in Netherlands
... Direct debit is used for regular recurring payments
Slide 4: Legacy web payment mode
Jean-Claude Barbezange: Depends on cultural user behavior per country/usage/trusted level
... different rules for some functions: transaction collection, clearing/settlement, cancellation/refund, dispute, risk management, fraud detection
... If token is used for txn lifecycle management then toke needs to be preserved for long period
... Backed protocol is moving to ISO 20002
Slide 5: New web payment mode (crypto currencies)
Jean-Claude Barbezange: Crypto tools: hash, asymmetric signatures, mathematical functions like pairing
... currency virtualization: dynamic change currency
... autonomous cryptogram contains all the data for the transaction as bank notes or coin.
... Interest in reducing cross border transaction costs
... in some cases can keep anonymous information on user
Slide 6: New web payment mode
Jean-Claude Barbezange: Front end: P2P: Based on open source software wallet
... Front end: Also based on new internet technologies like IP (TCP/UDOP), IP Address
Slide 7: New Web Payment mode: Back end
Jean-Claude Barbezange: Real time with instant balance
... distributed functions for txn validation
Slide 8: Conclusion
Jean-Claude Barbezange: For both ecosystems, trust and security are mandatory
... PSPs also have to develop authentication, risk analysis and fraud detection
... Some standardization on web browser could be helpful like fingerprinting, secure inputs, API to secure client device resources
Jean-Claude Barbezange: And privacy requirement on vendor
Erik Anderson: W3C is encapsulation layer beyond a low level protocol; need to consider legacy systems while considering standards

Topic: Global Payments - World Bank

Erik Anderson: Introducing World Bank/Harish Natarajan
Harish Natarajan: Build on topics introduced from this morning
... Key findings from WB global payments survey...
... Innovative = anything not based on traditional bank accounts
... 11% of innovative product transactions accounted for more than 5% of electronic payments volume
... 69% of innovative product transactions were growing
Slide 4: Findings & policy implications ..
Harish Natarajan: Right hand corner of pie chart - innovations could serve affordability & accessibility of payment services
Slide 5: interoperability
Harish Natarajan: Interoperability generally associated with card products
... Interoperability fosters competition and consumer convenience
... Several levels of interoperability. Infrastructure, system wide & cross system
... E.g. card level interoperability - POS terminal in US can support cards issued by any bank as long as card adheres to standards
... E.g. system wide interoperability - Visa system
... Cross system interoperability not as easily achieved
...However cross membership across systems (Visa / MasterCard) could achieve cross system interoperability
... Money transfer example: In some geographies money transfer operators like Western Union, Money Gram etc. prohibit sharing of agents; restricts interoperability
Slide 7: Infrastructure and access interoperability//use of clearing & settlement
Harish Natarajan: More than 50% of innovative products settled in books of issuer and only around 24% with central bank
Slide 9: Legal and Regulatory Considerations
Bryan Sullivan: AML/CFT = Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT)
Harish Natarajan: 4 Main issues - safety of customer funds; typical bank has deposit insurance however this may not apply for a non bank institution
Bryan Sullivan: Link for AML/CFT stuff: http://www.imf.org/external/np/leg/amlcft/eng/
Harish Natarajan: Heightened AML/CTF risks: The way non bank accounts are setup created higher AML/CTF risks but can be addressed thru velocity limits, txn sizes
... Weaker authentication could lead to higher fraud risks. E.g. SMS used by some for operator billing
... Consumer protection: when a customer signs up for credit/debit card there are very clear requirements however that is not the case with many prepaid products so customer may not be aware of what they are getting into
Bryan Sullivan: How to know if a customer really knows what they are getting into? $64K question
Harish Natarajan: Need to ensure competitive market conditions: Avoid regulatory arbitrage. Banks subject to higher constraints but non banks may have more relaxed requirements
... Oversight arrangements: Typically supervision is the term used; oversight looks at impacts to system as a whole and typically function of central bank. Non banks typically fall outside of this central bank purview
Harish Natarajan: Conclusion: Innovative payment mechanisms expand access, efficiency but form a regulatory perspective they need to be seen as an integral part of the national payment system of the country
USE CASE: Payment process includes user informed consent requirements about "what they are getting into".
Dave Birch: 2 Of the most successful schemes (MPESA in Kenya and SMART Philippines) do not involve banks. Is that a coincidence?
Laughter from audience.
Harish Natarajan: They adopted a model that banks typically do not use (agent model) and a consumer pays model
... MPESA cash withdrawal transactions have a transaction fee of about on an average 1% but many banks are not allowed to charge users for withdrawing cash form their own account
Charles McCathie Nevile: I wonder how much of the reason MPESA/Smart didn't come from banks is due to banks thinking "payment already works"

Topic: Future Clearing - Ripple Labs

Erik Anderson: Introducing Evan from Ripple
Evan Schwartz: Ripple is a global, open source decentralized payment network that connects other payment networks.
Evan Schwartz: Let's talk about how Ripple can make payments faster, easier and cheaper for everyone.
... Ripple = Global decentralized open source network
... Ripple Labs = company dedicated to supporting Ripple's development
Next slide (no slide numbers unfortunately) : Ripple payments are . . .
Evan Schwartz: Ripple payments are fast, free, in any currency, global and secure. Can be done in any currency, gold or any stored value
Slide: Payments technologies are not interoperable ..
Evan Schwartz: Payment technologies do not work together because inter network transfers are slow and expensive. Very difficult to move money cross border
Slide: Web payments need decentralized clearing and settlement
Evan Schwartz: There will never be buy in for a centralized clearing house
Slide: Ripple connects payments technologies
Evan Schwartz: Ripple takes 2-5 seconds to settle and is essentially free
Slide: Ripple connects payment networks (slide with Paypal, Bank of America logo)
Slide: Ripple has 4 broad categories of users
Evan Schwartz: Basic user example is someone trying to send a payment
... Merchant, market makers and gateways are the other 3 users
Slide: Send from any currency to any currency ..
Evan Schwartz: Network takes care of all the exchange and this is seamless for the end user
Slide: Receive only the currency you want
USE CASE: Send money in any currency, have the network automatically do currency conversion, give currency at the other end in the receivers native currency.
Evan Schwartz: This is great for merchants because they can accept only the currencies they desire. No currency risk with Ripple
Slide: Market makers facilitate exchange
Evan Schwartz: Market maker facilitates exchange. E.g. someone buying USD and selling Euros. Transparent to user since market maker handles this
Slide: Market makers compete on a distributed exchange
Evan Schwartz: 1St open decentralized currency exchange... user does not have to worry about FX
USE CASE: Market makers acting as a transfer agent (foreign exchange happens automatically)
Slide: Financial institutions act as entry/exit points on Ripple
Evan Schwartz: These could be Paypal, MPESA, etc
... As long as the institutions are connected to the Ripple network this is transparent to the user.
Slide: Deal only with institutions you trust
Evan Schwartz: No individual integrations required; you sign up with only one service you trust
... Unlike other systems where both sender/receiver to have say signed up with Visa/MC this is more interoperable
Slide: Connected without needing any prior business arrangements
Picture of 2 Ripple gateways and market makers are between them doing currency conversion.
USE CASE: Transfer money through gateway providers of financial networks.
Evan Schwartz: Market makers compete to offer the best exchange between these gateways
... Does not require financial institutions and merchants to have individual negotiations.
USE CASE: Knowing through which financial network your transaction will be delivered (you might care?).
Slide: Summary
Evan Schwartz: Ripple connects other payment technologies, fast easy to integrate.
Dave Raggett is scribing.

Topic: Alternative Currencies - CoinApex

Erik introducing Max from CoinAPex.
Max Raskin: Introducing Bitcoin incubator
... Interesting to talk about standardization in context of decentralized community like Bitcoin.
... What's interesting is that there are lot of solutions in the Bitcoin world which can move quickly, but are not necessarily what the regulators will want to see.
...We're seeing a split in the Bitcoin community with some who want to create an identity layer on top of Bitcoin and others who want to avoid any kind of centralization.
Bryan Sullivan: The "interesting interplay" and knowing this is a concern (or may be) is one rationale for the use case of knowing how your money is being transfered (what if an international network used Bitcoin internally?)
Max Raskin: What US banks and regulators will be able to do is still in progress and it will be interesting to see how it plays out. Happy to be here and be a part of the conversation.

Topic: National Infrastructure - US Federal Reserve

Erik introduces Connie Theien from the US Federal Reserve
Connie Theien: I want to take us back to legacy system and the feedback we got from stakeholders.
...We've identified about 11 major kinds of use cases
... We've document the requirements and are looking at the gaps from what is doable now.
... We want to understand where we should be focusing our efforts -- shoring up the existing systems or supporting new kinds of systems.
... We would like to make payment systems more accessible. We look at ACH as an efficient system, but we want to make it more open.
... We've seen interest from some sources for a means to initiate cheque based payments electronically.
USE CASE: Electronically originated checks
Connie Theien: We're also looking at the unique needs of businesses, and their specific requirements as compared to B2C.
USE CASE: Knowing what info will be required to supplement a transaction.
Connie Theien: On the international side, we're looking at an ACH service that is fairly fast relative to other international payment solutions. Today this reaches 35 countries and we are looking to expand this further.
Bryan Sullivan: X9 = http://x9.org/
Bryan Sullivan: NACHA = https://www.nacha.org/
Connie Theien: We're interested in enabling improved security, information sharing and fraud detection.
Connie Theien: This is what we're hearing from our qualitative assessment of our consultation.
Prakash Hariramani: ISO 20022 = http://www.iso20022.org
USE CASE: Knowing that data minimization principles are followed by systems in a payment chain
Erik Anderson: I would like to open the floor to questions.

Topic: General Discussion on Back-end Systems

Manu Sporny: An observation, it is great that all of the panelists have been focusing on their individual areas.
... I am seeing that there is a very large divide between what is said in public and what people will say privately.
... For example in respect to Bitcoin and risk of legal litigation. You hear banks and regulators say that they're interested in seeing the best parts of Bitcoin make it into the banking system, but when you talk to the banks/regulators behind the scenes, they don't want to touch the stuff because of the perceived risk (sometimes warranted) associated with it. If we're going to make progress, banks/regulators are going to have to take a more proactive role.
... As far as I can see, banks don't have a motivation to switch to truly decentralized clearing solutions - financial incentive isn't there (no fees is a bad business proposition for them... great for the customer, though). Add to that that there is very little cross pollination with the Bitcoin communities, and I don't see how we're going to make progress in that area.
... That said, it's is great to see representatives from both communities sitting down together here. I'd like to know how we're going to get the traditional finance industry to work with the alternative currency community.
Max Raskin: You are going to see caution at least from a high level. Things are happening, maybe not at the pace Bitcoin folks want, but progress nonetheless.
... If states start seeing tax dollars from bitcoin transactions, this will ease things forward.
Connie Theien: I do see the dialog starting with people keen to reach out and talk. I think there is interest in learning and understanding where the future of payment systems might evolve.
... Much of our focus and effort is on how we can improve.
D. Jaromil Roio: I would like to second Manu, it is readlly good to discuss the potential changes.
... games are now bigger than movies, and kids are trading their World of Warcraft goods.
... we are talking too much about fraud/risk and not enough at the opportunities for supporting new markets.
Erik Anderson: Not significant traffic as now on these alternative networks for governments to worry too much.
Someone from the audience says -"Is fixing the broken Card Not Present system in scope?"
Stan Stalnaker: Our experience with governments has been surprisingly open. It is difficult for small startups to fly and meet people.
... We need to see greater effort on non-incumbent organizations to reach out and make their case on behalf of their communities.
... Anonymity is a real concern in some areas of the world.
... we need to avoid setting up conflict.
Bryan Sullivan: In an environment which a variety of decentralized / "innovative" systems may be used by money transfer networks, how important is it for users to know which types of networks may be involved, and to set preferences or express consent for their money to be transferred via such networks?
Bryan Sullivan: In the environment, how important is it for standards and metadata about transactions, e.g. to enable people to know whether a given solution is more likely to be subject to scrutiny.
Evan Schwartz: As long as the payment solutions are trusted and secure, that's probably sufficient.
Dave Birch: As a consumer I am protected against fraud on credit cards. This is different from regulating money. Can you be a little clearer about consumer protection vs regulatory requirements
Harish Natarajan: A customer may not know, but the bank will. There needs to be a framework governing how exceptions are handled.
Bryan Sullivan: The notion of trustworthiness and the current user transparency to how their money is transferred point to an issue of (a) who is asserting the trustworthiness (regulators?), and (2) the fact that users can currently rely upon a safe/reliable transfer system i.e. they have never had to worry about such things, so far.
Evan Schwartz: On Ripple, all transactions are irreversible, so there is no mechanism for charge back.
... Ripple is much more like a debit system than a credit system, payments only proceed if you account has the necessary funds.
Harish Natarajan: It is more about when a service needs to be refunded, e.g. on cancelling a flight.
Evan Schwartz: You could have an escrow service that only transfers the funds when the service is delivered.
... The merchant would have a rock solid guarantee of receiving the funds.
Erik Anderson: We've seen stories of people paying with Bitcoin on ebay and never getting a refund on non-delivery of the product. Escrow is important.
Evan Schwartz: Ripple would allow card issuers to reduce their fees and it is likely that market pressure would force that.
Unknown person from audience - will crypto currencies become important for wallet to wallet transactions?
Gray Taylor: VISA and MasterCard are profit driven. Merchants are tee'd up to go, but are concerned about volatility.
... smaller payments are subject to a different risk model
Bryan Sullivan: Way long ago, I used Tradenable to sell a high-value guitar to a buyer in the UK, with international shipping required - a complex sale. the role of the escrow company was an essential one. Speed of transaction or the lowest fees are often (if not always, to me) secondary to trust in the transaction.
Manu Sporny: I just heard something really scary... Evan, you've just explained why MasterCard and VISA are unlikely to adopt Ripple - there is no profit in it for them.
Stan Stalnaker: Manu, don't forget that 50% of the interchange fee goes to the banks, so they are in the same boat as Visa/Mastercard
... We're talking about standardization process that could drive fees down, and this may deter adption, unless it is forced by governments.
Max Raskin: If enough merchants switch, the market will force a transition to reduced fees. This is likely to happen in an incremental and initially small way.
... If the banks become more comfortable and regulators give a nod, we can expect to see change.
Bryan Sullivan: I think enabling payments on the web through APIs is orthogonal to the desire to reduce fees which I would think in user's minds is secondary to trust in the payment provider/system
Evan Schwartz: I expect an inevitable decline in fees as the market evolves.
Stéphane Boyera: +1 To what Bryan said.
Bryan Sullivan: In summary we don't have to solve the international transfer problems to enable payments on the web
Ricardo Varela: The only thing that is likely to be regulated is the entry point to the system.
Bailey Reutzel: Regulation of virtual currency to virtual currency will happen when the volume is sufficiently high to take notice.
Chaals wanted to you wanted to say there is a market for VISA/Mastercard apart from interchange, and there are plenty of people living in wildly fluctuating currencies.
Charles McCathie Nevile: We've heard about exorbitant fees especially in less regulated markets.
Bryan Sullivan: And a lot of people are paying 300% for payday loans... web payments enabling similar loans could operate a much more efficient/low-cost system for the masses of people that currently depend upon payday loan services.
... Bitcoins might be attractive simply on the grounds of transaction cost and relative stability. Credit cards on the other hand are attractive because they offer credit.
Evan Schwartz: Some of those fees are due to unnecessary issues and we may be able to get rid of them.
Max Raskin: Once we see a stable future's market for bitcoin, this should address volatility concerns.
Dave Birch: Are there any ideas for merchant run payment systems?
Jörg Heuer: As long as the issuing banks are receiving the interchange fees, they are motivated to continue this.
Max Raskin: If there is no intermediary then bitcoin transfers incur no fees.
Giridhar Mandyam: Can standardization realistically address the problem of bad debts for merchants of apps?
Giridhar Mandyam: Re: bad debt. Many of the speakers have focused on consumer protections, but not so much on merchant protection. There are many well-known methods where operator-direct billing can be exploited by end users to obtain electronic goods (e.g. apps). Merchants either bear the cost through worse rev-shares or eating the costs. Can standardization realistically address this problem (e.g. standardized receipts)? Will they ever achieve adoption worldwide?
Evan Schwartz: I don't know how standards could dictate terms.
Giridhar Mandyam: Regarding my question , I didn't expect standards could address business terms. I was asking whether standardization (e.g. standardized receipts) could be used to address bad debt.
Wendy Seltzer: W3C can make recommendations, at the behest of its members' consensus.
Ricardo Varela: If visa and mastercard removed their fees, what other reasons would merchants have for using Ripple?
Evan Schwartz: We're more likely to see competition across a wide range of payment solutions. We want to see standards that make it easier for users to have a free choice.
Stan Stalnaker: Metadata could be one answer given the opportunities for the Ripple ledger.
Evan Schwartz: Metadata could be attached to any transaction and made public or subject to some form of access control.
... we've been thinking of SWIFT style clearing
Bryan Sullivan: "Intelligent data" (or metadata) sounds to me like a double-edged sword, especially one that comes with access control / privacy implications
Max Raskin: The sky could be the limit for what could be built on top of the bitcoin technologies, but on the other hand it could be nothing.
Laughter from the audience.
Bryan Sullivan: +1 To avoiding all discussion of fees in a standards context.
Jeremy King: Visa and MasterCard aren't here, so let's not refer to unjustified claims about fees
Evan Schwartz: I was only referring to what we heard earlier.
Stan Stalnaker: Regarding fees and Visa/MC my comment on bank take - that information is public from Mastercard
Bryan Sullivan: ... Except that disclosure of such fees might be useful metadata for a payment transaction, something that might drive user choice
Harish Natarajan: There is a question of whose metadata is involved in transactions, there is a privacy issue here.
Evan Schwartz: We're very interested in digital receipts and where these are stored.
Erik Anderson: Let me close up the session! This is the first time I've seen all of these players in the room, but it is disappointing that Mastercard and Visa aren't here.
End of session 3.