Web Payments Interest Group Charter

The mission of the Web Payments Interest Group, part of the Web Payments Activity, is to provide a forum for Web Payments technical discussions to identify use cases and requirements that existing and/or new specifications need to ease payments on the Web for users (payers) and merchants (payees), and to establish a common ground for payment service providers on the Web Platform. The overall objective of this group is to identify and leverage the conditions for greater uptake and wider use of Web Payments through the identification of standardization needs to increase interoperability between the different stakeholders and the different payment methods.

Join the Web Payments Interest Group.

Version: 0.2 - published 4 June 2014. See the comments received on this version

Previous Version (V0.1)

End date	@@ June 2017
Confidentiality	Proceedings are Public.
Initial Chairs	TBD
Initial Team Contacts (FTE %: 20)	Stephane Boyera
Usual Meeting Schedule	Teleconferences: Teleconferences to be held as required. Task Forces may have separate calls that will not overlap with others. Face-to-face: Up to 3 per year as required

Scope

The Web Payments Interest Group's scope covers payment transactions using Web technologies on all computer devices (desktop, laptop, mobile, tablet, etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed Web application) and using all possible legal payments methods. For instance, this includes:

Traditional payment methods: e.g.credit and debit cards, credit transfer, direct debit, ACH, e-check, prepaid cards, etc.
Non-traditional currencies (commonly called cryptocurrencies)
Newer front-end payment initiating systems (e.g. various flavors of online digital wallets)
Other value transfer methods such as loyalty points, coupons, etc.

The Web Payments IG will cover a variety of scenarios including Web-mediated Business-to-Consumer (B2C), Business-to-Business (B2B), Business-to-Business to Consumer (B2B2C), and Person-to-Person (P2P) transactions in the case of physical (payment at physical shops) and online payments for physical or digital goods, including in-app payments. It will also cover one-time payments as well as e.g. recurring bill payments. Finally it will also cover micro-payments (low value payments) in different cases (P2P in international remittances or B2C/B2B for very small value goods such as press article).

The tasks that the Interest Group will undertake include:

Identification of problems, barriers and challenges that currently exists or may appear in the domain of Web Payments. This includes technology aspects as well as business aspects (incentives, etc.) and covers the different stakeholders, in particular customers (more generally payers), merchants (more generally payees), web application developers, and payment system providers.
Identification of use-cases and scenarios of payment transactions using Web technologies that need to be addressed. This will cover both online payments and payments at physical shops or face-to-face. Different categories of use-cases should be identified to highlight different dimensions such as the role of regulations on technologies, the case of international low-value remittances, general retail payments, bill payments, etc.
Identifying ways to improve the trust in and usability, security and uptake of Web payments.
Identification of requirements for more secure and interoperable management of payment transactions on the Web. This includes the identification of areas and places where standards are needed to ensure interoperable interfaces between Web applications and payment systems.
Identification of gaps in Web Technologies that do not allow the identified requirements to be met.
Identification of the role and place of regulations in the overall payment process, and the requirements that regulations impose on technologies to ensure that they are usable all over the world under different regulatory regimes. different use-cases from different regions of the World should highlight the implication of the different regulations. Different use-cases and dimensions will be investigated including terms of the payment service between payers, payees and intermediaries, or cross-border payments.
Priorization of the work items to resolve the identified gaps.
Review of deliverables under development by other W3C groups that are relevant to the IG scope and report bugs as appropriate.
Liaison with other organizations in the payment industry that are using Web Technologies for their technical specifications and/or their services to foster alignment and interoperability on a global scale.

Note:

Technical development of standards is not in scope for the Interest Group. However, this group will encourage the development or adaption of technical standards to bridge the gaps that are identified. This includes the provisions of requirements and liaisons with relevant W3C and external groups and organizations. See the Dependencies and Liaison section.
The Group will consider the security, privacy and accessibility implications of its use cases and requirements, and seek appropriate review.

Success Criteria

We have succeeded if we can achieve the following:

Participation via mailing list subscription and postings from people representing various stakeholder communities, including banks, payment industry, various legal and regulatory bodies with mandates that are related to Web payments, payment standardization bodies, hardware and software developers, mobile operator companies, browser vendors, application developers, merchants and merchants association, and users
Members of the Interest Group join relevant Working Groups and drive the development of work items
Constructive feedback on W3C deliverables posted for review on the Web Payments IG mailing list
Successfully engage and coordinate with other organizations in the payments industry
Successfully develop a roadmap for Web Payments that identifies the key buildings blocks and challenges that need to be addressed and the roadmap is supported by the major players in each category of stakeholders

Deliverables

The primary deliverables of the Web Payments Interest Group are IG notes that identify requirements for existing and/or new technical specifications, gaps in Web technologies, and a roadmap for the Web Payments activity. In more details:

The IG would identify specific use cases and requirements which impact existing Working Groups and bring those requirements to those Working Groups (e.g. WebApps, WebCrypto).
The IG would identify where W3C needs to create new Working Groups to address payment specific needs of the Open Web Platform and on core Web technologies. Some example areas might include Web Wallet APIs or digital signature. New WGs might be needed either because of scope expansions beyond existing WGs, or if fundamentally different communities of participants are required.

In addition, the group will review and comment on documents generated by the other W3C groups and may review documents coming from external organizations.

A preliminary list of topics and goals that members want to work on:

Web Payments Roadmap
- Identify and review existing, relevant technical standards for payment systems in terms of e.g. risk management and governance.
- Identify existing and possibly future issues and challenges of Web payments, from technical and business perspectives. This includes the identification of the different actors in the payments chain, their position, their business models, their responsibilities, their incentives, etc.
- Identify a set of scenarios that are in the scope of Web Payments work, including payments in brick and mortar stores with mobile devices. These scenario should highlights the interfaces between payment systems and applications. They should also highlights interactions with essential external services such as identity providers.
- Identify where standards are needed to ease the transparent interaction and integration of existing and future payment methods and Web applications. This includes investigating how to:
  - Enable a level-playing field for payers, payees and payment service providers, opening the market for more innovation and competition.
  - Reduce the burden on payers and payees to support multiple payment providers and their selections for a given transaction, along with improved security and customer confidence.
  - Provide more flexibility for payers and payees to use multiple payment instruments.
  - Increase user protection (privacy, fraud, etc.) when paying on the Web.
  - Provide more transparency of choice to the user to understand the roles of involved parties, assess the effects of possible fees, and understand the data flow and its implications (e.g. for privacy, governance, etc.)
Web Payments terminology:
- Identify and review existing terminology that has been established by a variety of international organizations
- Adopt, refine or extent existing terminology(ies) to cover needs identified in new use-cases or scenarios
Wallet and Wallet API
- Identify the role and the place of a digital wallet in the payment process in the different scenarios identified in the roadmap (e.g. online and onsite payments).
- Define an open framework that encourages innovation in digital wallets and leverage interoperability with merchant sites.
- Identify the functionalities of wallets and the interactions with the different stakeholders.
- Identify the needs for standards.
- Identify requirements to enable integration of new payments schemes and ancillary services, such as loyalty cards or coupons.
Payment Transaction Messaging
- Identify and review existing, relevant technical standards related to transaction messaging.
- Define a standard way for merchants to describe transaction contents and merchant identification (aka “tokens”).
- Define a standard way for payment service providers to communicate transaction results back to the merchants and users.
- Define a standard way to initiate payment process within a web application. This includes the possible provision of customer information (shopping attributes) such as geolocation, time of purchase, or any other information that might be requested by the payment providers to e.g. detect fraud.
- Define standard way for payment service providers to communicate specific account information such as account balance, transaction history, etc.
Identity, Authentication, and Security
- Identify and review existing, relevant technical standards for authentication, secure transactions and identity provision.
- Improve Web user-agents (a Web browser, a hybrid app, or an installed Web application) to enable improved authentication using various technologies from multi-factor authentication to secure-elements, to smartcard-based authentication.
- Review existing Identification mechanism and identity providers on the Web and whether they fit with payments requirements in terms of privacy and security. Develop requirements and use-cases otherwise to seed new work in the area. A particular attention will be put on privacy aspects, and information exchange between identity providers and payment system providers.
- Access basic user and payment provider information via the Web in a way that is easy to synchronize across devices and easy to share with various merchants given authorization by the customer.
- Minimize risk in identifying users by building on top of the Web Cryptography API implemented by all major browsers, including hardware tokens, smartcards, biometrics, mobile, two-factor authentication, Secure Elements, SIM or UICC, etc.
- Explore possible mechanisms for Trusted UI.
Review, comments and provide requirements to standards and other related documents developed by W3C and external groups related to Web Payments

Timelines

The IG will, during its life time, undertake different activities that may proceed in parallel. No specific timeline has been identified at this point, but the various activities are intended to be running for a short period of time (2-4 months), with the possibility of running a few iterations of them.

Dependencies and Liaisons

W3C Groups

Groups that the IG will most likely cooperate with are listed below.

Web Payments CG: The purpose of the Web Payments Community Group is to discuss, research, document, prototype, and test Web payment systems.
Device APIs WG: This group creates APIs for payments-related features/devices.
Geolocation WG: Charged with standardizing position detection of users and devices, which can be used to initiate new payment flows.
Social Web WG: The Social Web will be working on a way to identify users in a decentralized way and will also be one way of requesting payment for goods and services.
HTML WG: HTML will be one of the primary user interfaces for Web Payments.
NFC WG: NFC will be utilized to perform short-range wireless Web payments.
Web Applications WG: The Web Apps WG may create APIs to manage the payments process.
Mobile and Web IG: Adoption of the Mobile Web as a compelling platform for the development of modern mobile web applications.
System Applications WG: Runtime environment, security model, and associated APIs for building Web applications with comparable capabilities to native application.
RDF WG: The RDF WG is in charge of JSON-LD specification that is relevant for transporting payments messages.
Privacy IG: Review on privacy and anonymity considerations for Web Payments.
Web Cryptography WG: Web payments security and authentication.
Web Security IG: Review on security considerations for Web payments
Protocols and Formats WG: Review of accessibility support in Web Payments.

External Groups

There are a number of external groups working in areas related to the ones in scope for the Web Payments IG. The Interest Group should determine whom to communicate with and then maintain communication with them. The following groups are likely to be important:

IETF: Internet Engineering Task Force is an open-standards development organization which develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite.
GS1: GS1 is an international not-for-profit association with Member Organisations in over 100 countries. GS1 is dedicated to the design and implementation of global standards and solutions to improve the efficiency and visibility of supply and demand chains globally and across sectors. The GS1 system of standards is the most widely used supply chain standards system in the world.
FIDO Alliance: The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services..
Open ID Foundation: The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID.
SWIFT: The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. The majority of international interbank messages use the SWIFT network. As of September 2010, SWIFT linked more than 9,000 financial institutions in 209 countries and territories, who were exchanging an average of over 15 million messages per day (compared to an average of 2.4 million daily messages in 1995).
PCI Security Standards: The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
UNCITRAL, Working Group IV (Electronic Commerce): This group coordinates multilateral work in the field of electronic transferable records including all aspects of payments and electronic commerce. UNCITRAL is the core legal body of the United Nations system in the field of international trade law, specializing in commercial law reform worldwide for over 40 years. UNCITRAL's business is the modernization and harmonization of rules on international business.
Good Relations: Web Vocabulary for E-Commerce
GSMA: GSMA is an industry association of mobile network operators with almost global coverage. GSMA works on recommendations for NFC-based payments, but also on other handset- and SIM-based aspects for secure transactions which will likely have an effect on capabilities of wireless devices for payments.
ASC (Accredited Standards Committee) X9: The ANSI accredited U.S. standards development organization for U.S. financial services. ASC X9 uses an open, consensus process to develop its standards.
Payment Systems Development Group, World Bank: The Payment Systems Development Group (PSDG) is the Financial Infrastructure and Remittances Service Line of the Financial Inclusion and Infrastructure Practice, Financial and Private Sector Development Vice-Presidency, The World Bank.
ISO TC 68: ISO (International Organization for Standardization) is the world’s largest developer of voluntary International Standards. International Standards give state of the art specifications for products, services and good practice, helping to make industry more efficient and effective. Developed through global consensus, they help to break down barriers to international trade. ISO Technical Committee 68 is the ISO entity that develops international financial services standards.

This is not intended as an exhaustive list, but illustrative of groups working on related technologies.

Participation

Participation is open to W3C Members and invited experts.

In order to make rapid progress, the group MAY form several Task Forces (TFs), each working on a separate topic. Group members are free to join any number of TFs.

Participants are reminded of the Good Standing requirements of the W3C Process.

Communication

This group primarily conducts its technical work on the public mailing list at public-webpayments-ig@w3.org (archive). See W3C mailing list and archive usage guidelines. There is also a member-only list to be used for administrative or member-confidential purposes at member-webpayments-ig@w3.org (archive).

Information about the group (documents under review, face-to-face meetings, etc.) is available from the Web Payments Group home page and on the group wiki.

Decision Policy

The group will aim to proceed by consensus.

Where there is consensus among the representatives of W3C members in the group, it will be forwarded as a consensus position. Where the group does not reach agreement, the different positions (whether held by W3C members or other members of the group) will be considered together.

All technical resolutions made by a meeting of the group are provisional until two weeks after being published to the mailing list. An objection made on the mailing list within two weeks of publishing a decision has the same standing as if it were made at the meeting.

Patent Disclosures

The Web Payments Interest Group provides an opportunity to share perspectives on the topic addressed by this charter. W3C reminds Interest Group participants of their obligation to comply with patent disclosure obligations as set out in Section 6 of the W3C Patent Policy. While the Interest Group does not produce Recommendation-track documents, when Interest Group participants review Recommendation-track specifications from Working Groups, the patent disclosure obligations do apply.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

IG co-Chairs: TBD

Web Payments Team Contact: Stephane Boyera

$Date: 2014/07/04 08:32:17 $ $Id: webpayments_charter_20140604.html,v 1.1 2014/07/04 08:32:17 boyera Exp $