W3C

Web Payments Interest Group Charter

Status: On 15 September 2017, this group was superseded by the Web Commerce Interest Group. This charter is no longer operative.

The mission of the Web Payments Interest Group, part of the Web Payments Activity, is to provide a forum for Web Payments technical discussions to identify use cases and requirements for existing and/or new specifications to ease payments on the Web for users (payers) and merchants (payees), and to establish a common ground for payment service providers on the Web Platform. The overall objective of this group is to identify and leverage the conditions for greater uptake and wider use of Web Payments through the identification of standardization needs to increase interoperability between the different stakeholders and the different payment methods. The objective of the group is also to enable more competition and innovation in the area of Web payments and to prevent possible payment vendor monopoly and vendor lock-in.

Join the Web Payments Interest Group.

End date 30 September 2017
Confidentiality Proceedings are Public.
Chairs
  • David Ezell, NACS
  • Dapeng Liu, Alibaba Group
  • Ken Mealey, American Express
Initial Team Contacts
(FTE %: 50)
Ian Jacobs
Usual Meeting Schedule Teleconferences: Teleconferences to be held as required. Task Forces may have separate calls that will not overlap with others.
Face-to-face: Up to 3 per year as required

Scope

The Web Payments Interest Group's scope covers payment transactions using Web technologies on all computer devices (desktop, laptop, mobile, tablet, etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed Web application) and using all possible legal payments methods. For instance, this includes:

The Web Payments IG will cover a variety of scenarios including Web-mediated Business-to-Consumer (B2C), Business-to-Business (B2B), Business-to-Business to Consumer (B2B2C), and Person-to-Person (P2P) transactions in the case of physical (payment at physical shops) and online payments for physical or digital goods, including in-app payments. It will also cover one-time payments as well as e.g. recurring bill payments. Finally it will also cover micro-payments (low value payments) in different cases (P2P in international remittances or B2C/B2B for very small value goods such as press articles).

The tasks that the Interest Group will undertake include:

Note:

Success Criteria

We have succeeded if we can achieve the following:

Deliverables

The primary deliverables of the Web Payments Interest Group are IG notes that identify requirements for existing and/or new technical specifications, gaps in Web technologies, and a roadmap for the Web Payments activity. In more details:

  1. The IG would identify specific use cases and requirements which impact existing Working Groups and bring those requirements to those Working Groups (e.g. WebApps, WebCrypto).
  2. The IG would identify where W3C needs to create new Working Groups to address payment specific needs of the Open Web Platform and on core Web technologies. Some example areas might include Web Wallet APIs or digital signature. New WGs might be needed either because of scope expansions beyond existing WGs, or if fundamentally different communities of participants are required.

In addition, the group will review and comment on documents generated by the other W3C groups and may review documents coming from external organizations.

A preliminary list of topics and goals that members want to work on:

  1. Web Payments Roadmap
    • Identify and review existing, relevant technical standards for payment systems in terms of e.g. risk management and governance.
    • Identify existing and possibly future issues and challenges of Web payments, from technical, business and legal perspectives. This includes the identification of the different actors in the payments chain, their position, their business models, their responsibilities, their incentives, etc. This also includes the identification of the roles of regulations in the payment chains, and how it can affect the payment flow.
    • Identify a set of scenarios that are in the scope of Web Payments work, including payments in brick and mortar stores with mobile devices, off-line payments, micro-payments, mobile money, integration of issues such as "floor-limits" and "stand-in" for specific transaction scenarios should be considered. etc.. These scenario should highlights the interfaces between payment systems, including users' account, and applications as well as the complete transaction flow. They should also highlights interactions with essential external services such as identity providers. It may be appropriate to design a typology of Uses-cases where a set of cases illustrate in different ways the same element. Such a typology will help separating the overall space in smaller units that could be handled separately.
    • Identify where standards are needed to ease the transparent interaction and integration of existing and future payment methods and Web applications. This includes investigating how to:
      • Enable a level-playing field for payers, payees and payment service providers, opening the market for more innovation and competition.
      • Reduce the burden on payers and payees to support multiple payment providers and their selections for a given transaction, along with improved security and customer confidence.
      • Provide more flexibility for payers and payees to use multiple payment instruments.
      • Increase user protection (privacy, fraud, etc.) when paying on the Web as well as reduce payee exposure to risk from fraud
      • Provide more transparency of choice to the user to understand the roles of involved parties, assess the effects of possible fees, and understand the data flow and its implications (e.g. for privacy, governance, etc.)
    • Identify where standards are needed to ease the management and interoperability of bill/utility payments
    • Identity other services that are related to payments such as invoices storage, digital receipts storage, warranty, recurring payments, loyalty cards, coupons, etc.
  2. Web Payments terminology:
    • Identify and review existing terminology that has been established by a variety of international organizations and standards. This includes e.g. UNCITRAL terminology, World Bank Terminology, ISO20022 or ISO29115.
    • Adopt, as much as possible, common terminologies accross glossaries to cover needs identified in new use-cases or scenarios
  3. Wallet and Wallet API
    • Identify the role and the place of a digital wallet in the payment process in the different scenarios identified in the roadmap (e.g. online and onsite payments, proximity payments). This includes the investigation of Wallet at the customer end as well as at the merchant end (connected to merchant's checkout/payment option). This also includes investigation related to the interaction between Wallet providers, individual payment instrument providers and regulations.
    • Define an open framework that encourages innovation in digital wallets and leverage interoperability with merchant sites.
    • Identify the functionalities of wallets and the interactions with the different stakeholders.
    • Identify the needs for standards.
    • Identify requirements to enable integration of new payment instruments (e.g. cryptocurrencies), new payments schemes and ancillary services, such as loyalty cards or coupons.
  4. Payment Transaction Messaging
    • Identify and review existing, relevant technical standards related to transaction messaging.
    • Identify requirements and constraints to define a standard way for merchants to describe transaction contents and merchant identification (aka “tokens”).
    • Identify requirements and constraints to define a standard way for payment service providers to communicate transaction results back to the merchants and users.
    • Identify requirements and constraints to define a standard way to initiate payment process within a web application. This includes the possible provision of customer information (shopping attributes) such as geolocation, time of purchase, or any other information that might be requested by the payment providers to e.g. detect fraud.
    • Identify requirements and constraints to define a standard way for payment service providers to communicate specific account information such as account balance, transaction history, etc.
    • In all the above items, investigations should take into account the specificities of mobile payments and proximity payments.
  5. Identity, Authentication, and Security
    • Identify and review existing, relevant technical standards for authentication, secure transactions and identity provision.
    • Improve Web user-agents (a Web browser, a hybrid app, or an installed Web application) to enable improved authentication using various technologies from multi-factor authentication to secure-elements, to smartcard-based authentication. This includes Mobile/device specifics such as Multi-Modal or contextual security.
    • Review existing Identification mechanism and identity providers on the Web and whether they fit with payments requirements in terms of privacy and security. Develop requirements and use-cases otherwise to seed new work in the area. A particular attention will be put on privacy aspects, and information exchange between identity providers and payment system providers.
    • Identify user data protection and user privacy issues as well as the management of data provisioning required by regulation and by anti-fraud detection processes.
    • Access basic user and payment provider information via the Web in a way that is easy to synchronize across devices and easy to share with various merchants given authorization by the customer.
    • Minimize risk in identifying users by building on top of the Web Cryptography API implemented by all major browsers, including hardware tokens, smartcards, biometrics, mobile, two-factor authentication, Secure Elements, SIM or UICC, etc.
    • Explore possible mechanisms for Trusted UI.
  6. Review, comments and provide requirements to standards and other related documents developed by W3C and external groups related to Web Payments.

Timelines

The IG will, during its lifetime, undertake different activities that may proceed in parallel. No specific timeline has been identified at this point, but the various activities are intended to be running for a short period of time (2-4 months), with the possibility of running a few iterations of them.

Dependencies and Liaisons

W3C Groups

Groups that the IG will most likely cooperate with are listed below.

Device APIs WG
This group creates APIs for payments-related features/devices.
Digital Publishing IG
Online payments is a challenge for publishers, particularly in the area of micro-payments. The Digital Publishing IG may provides specific use-cases for Web Payments.
Geolocation WG
Charged with standardizing position detection of users and devices, which can be used to initiate new payment flows.
HTML WG
HTML will be one of the primary user interfaces for Web Payments.
Internationalization WG
Ensuring that all payments solutions that may be proposed take into account the internationalization requirements is essential for a global adoption.
Mobile and Web IG
Adoption of the Mobile Web as a compelling platform for the development of modern mobile web applications.
NFC WG
NFC will be utilized to perform short-range wireless Web payments.
Privacy IG
Review on privacy and anonymity considerations for Web Payments.
Protocols and Formats WG
Review of accessibility support in Web Payments.
RDF WG
The RDF WG is in charge of JSON-LD specification that is relevant for transporting payments messages.
Social Web WG
The Social Web will be working on a way to identify users in a decentralized way and will also be one way of requesting payment for goods and services.
System Applications WG
Runtime environment, security model, and associated APIs for building Web applications with comparable capabilities to native application.
W3C Technical Architecture Group (TAG)
Linking with the TAG is essential to ensure that payments approach that may be proposed are fitting with the overall Web architecture.
Web Applications WG
The Web Apps WG may create APIs to manage the payments process.
Web Application Security Working Group (WebAppSec)
WebAppSec may help develop security and policy mechanisms to improve the security of payments.
Web Credentials CG
Provide inputs on possible ways to manage identity on the Web and when conducting financial transactions.
Web Cryptography WG
Web payments security and authentication.
Web Payments CG
The purpose of the Web Payments Community Group is to discuss, research, document, prototype, and test Web payment systems.
Web Security IG
Review on security considerations for Web payments

External Groups

There are a number of external groups working in areas related to the ones in scope for the Web Payments IG. The Interest Group should determine whom to communicate with and then maintain communication with them. The following groups are likely to be important:

ASC (Accredited Standards Committee) X9
The ANSI accredited U.S. standards development organization for U.S. financial services. ASC X9 uses an open, consensus process to develop its standards.
EMVCo
EMVCo administers all the originial specifications known as EMV, a trademark dating back to 1999. Over the years, EMV has evolved from a single, chip-based contact specification to include EMV Contactless, EMV Common Payment Application (CPA), EMV Card Personalisation, and EMV Tokenisation. There are also EMV documents and materials regarding mobile payments. The common thread throughout “EMV” is a commitment to worldwide interoperability and acceptance of secure payment transactions.
FIDO Alliance
The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services.
Good Relations
Web Vocabulary for E-Commerce
GS1
GS1 is an international not-for-profit association with Member Organizations in over 100 countries. GS1 is dedicated to the design and implementation of global standards and solutions to improve the efficiency and visibility of supply and demand chains globally and across sectors. The GS1 system of standards is the most widely used supply chain standards system in the world.
GSMA
GSMA is an industry association of mobile network operators with almost global coverage. GSMA works on recommendations for NFC-based payments, but also on other handset- and SIM-based aspects for secure transactions which will likely have an effect on capabilities of wireless devices for payments.
IETF
Internet Engineering Task Force is an open-standards development organization which develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite.
ISO TC 68
ISO (International Organization for Standardization) is the world’s largest developer of voluntary International Standards. International Standards give state of the art specifications for products, services and good practice, helping to make industry more efficient and effective. Developed through global consensus, they help to break down barriers to international trade. ISO Technical Committee 68 is the ISO entity that develops international financial services standards.
European Telecommunications Standards Institute (ETSI)
ETSI, the European Telecommunications Standards Institute, produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and internet technologies.
Merchant Customer Exchange (MCX)
Merchant Customer Exchange (MCX) was created by a group of leading merchants with a singular purpose: offering consumers a customer-focused, versatile and seamlessly integrated mobile-commerce platform.
Open ID Foundation
The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID.
Open Mobile Alliance (OMA)
OMA is the focal point for the development of mobile service enabler specifications, which support the creation of interoperable end-to-end mobile services. OMA drives service enabler architectures and open enabler interfaces that are independent of the underlying wireless platforms.
Open Web Application Security Project (OWASP)
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. OWASP provided free tools (documents, forums, etc.) to anyone interested in improving application security. OWASP advocates approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
Payment Systems Development Group, World Bank
The Payment Systems Development Group (PSDG) is the Financial Infrastructure and Remittances Service Line of the Financial Inclusion and Infrastructure Practice, Financial and Private Sector Development Vice-Presidency, The World Bank.
PCI Security Standards
The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
SIMalliance
SIMalliance promotes the essential role of the secure elements (SE) in delivering secure mobile applications and services across all devices that can access wireless networks. By identifying and addressing SE-related technical issues, and both clarifying and recommending existing technical standards relevant to SE implementation, the SIMalliance aims to promote an open SE ecosystem to facilitate and accelerate delivery of secure mobile applications globally.
SWIFT
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. The majority of international interbank messages use the SWIFT network. As of September 2010, SWIFT linked more than 9,000 financial institutions in 209 countries and territories, who were exchanging an average of over 15 million messages per day (compared to an average of 2.4 million daily messages in 1995).
UNCITRAL, Working Group IV (Electronic Commerce)
This group coordinates multilateral work in the field of electronic transferable records including all aspects of payments and electronic commerce. UNCITRAL is the core legal body of the United Nations system in the field of international trade law, specializing in commercial law reform worldwide for over 40 years. UNCITRAL's business is the modernization and harmonization of rules on international business.
Vendorcom
Vendorcom, the cards & payments community, is a European membership organization which represents key stakeholders in the cards and payments industry. Its primary aims are to promote innovation and thought-leadership, provide a forum for knowledge sharing and issues resolution for its members and encourage capability development across the cards and payments industry.

This is not intended as an exhaustive list, but illustrative of groups working on related technologies.

Participation

Participation is open to W3C Members and invited experts.

In order to make rapid progress, the group MAY form several Task Forces (TFs), each working on a separate topic. Group members are free to join any number of TFs.

Participants are reminded of the Good Standing requirements of the W3C Process.

Communication

This group primarily conducts its technical work on the public mailing list at public-webpayments-ig@w3.org (archive). See W3C mailing list and archive usage guidelines. There is also a member-only list to be used for administrative or member-confidential purposes at member-webpayments-ig@w3.org (archive).

Information about the group (documents under review, face-to-face meetings, etc.) is available from the Web Payments Interest Group home page.

Decision Policy

The group will aim to proceed by consensus.

Where there is consensus among the representatives of W3C members in the group, it will be forwarded as a consensus position. Where the group does not reach agreement, the different positions (whether held by W3C members or other members of the group) will be considered together.

All technical resolutions made by a meeting of the group are provisional until two weeks after being published to the mailing list. An objection made on the mailing list within two weeks of publishing a decision has the same standing as if it were made at the meeting.

Patent Disclosures

The Web Payments Interest Group provides an opportunity to share perspectives on the topic addressed by this charter. W3C reminds Interest Group participants of their obligation to comply with patent disclosure obligations as set out in Section 6 of the W3C Patent Policy. While the Interest Group does not produce Recommendation-track documents, when Interest Group participants review Recommendation-track specifications from Working Groups, the patent disclosure obligations do apply.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

In February 2015, Ian Jacobs replaced Stephane Boyera as the W3C staff contact.

In April 2017, Dapeng Liu replaced Erik Anderson as co-Chair.

On 17 May 2017, Ken Mealey became a co-Chair.

HTML5 Apps logoThis charter was developed with support from the European Union's 7th Research Framework Programme (FP7/ 2013-2015) under grant agreement n°611327 - HTML5 Apps


IG co-Chairs: David Ezell (NACS), Erik Anderson (Bloomberg)
Web Payments Team Contact: Stephane Boyera

$Date: 2017/09/15 15:10:07 $ $Id: webpayments_charter.html,v 1.35 2017/09/15 15:10:07 ijacobs Exp $