Web Payments Interest Group Charter
The mission of the Web Payments Interest Group, part of the Web Payments Activity,
is to provide a forum for Web Payments technical discussions to identify use
cases and requirements that existing and/or new specifications need to ease
payments on the Web for users (payers) and merchants (payees), and to establish
a common ground for payment service providers on the Web Platform. The overall
objective of this group is to identify and leverage the conditions for greater
uptake and wider use of Web Payments through the identification of
standardization needs to increase interoperability between the different
stakeholders and the different payment methods.
Version: 0.2 - published 4 June
2014. See the
comments received on this version
Previous Version
(V0.1)
End date |
@@ June 2017 |
Confidentiality |
Proceedings are Public.
|
Initial Chairs |
|
Initial Team Contacts
(FTE %: 20) |
Stephane Boyera |
Usual Meeting Schedule |
Teleconferences: Teleconferences to be held as required. Task Forces
may have separate calls that will not overlap with others.
Face-to-face: Up to 3 per year as required |
Scope
The Web Payments Interest Group's scope covers payment transactions using
Web technologies on all computer devices (desktop, laptop, mobile, tablet,
etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed
Web application) and using all possible legal payments methods. For instance,
this includes:
- Traditional payment methods: e.g.credit and debit cards, credit transfer,
direct debit, ACH, e-check, prepaid cards, etc.
- Non-traditional currencies (commonly called cryptocurrencies)
- Newer front-end payment initiating systems (e.g. various flavors of
online digital wallets)
- Other value transfer methods such as loyalty points, coupons, etc.
The Web Payments IG will cover a variety of scenarios including Web-mediated
Business-to-Consumer (B2C), Business-to-Business (B2B), Business-to-Business to
Consumer (B2B2C), and Person-to-Person (P2P) transactions in the case of
physical (payment at physical shops) and online payments for physical or
digital goods, including in-app payments. It will also cover one-time payments
as well as e.g. recurring bill payments. Finally it will also cover
micro-payments (low value payments) in different cases (P2P in international
remittances or B2C/B2B for very small value goods such as press article).
The tasks that the Interest Group will undertake include:
- Identification of problems, barriers and challenges that currently exists
or may appear in the domain of Web Payments. This includes technology
aspects as well as business aspects (incentives, etc.) and covers the
different stakeholders, in particular customers (more generally payers),
merchants (more generally payees), web application developers, and payment
system providers.
- Identification of use-cases and scenarios of payment transactions using
Web technologies that need to be addressed. This will cover both online
payments and payments at physical shops or face-to-face. Different
categories of use-cases should be identified to highlight different
dimensions such as the role of regulations on technologies, the case of
international low-value remittances, general retail payments, bill
payments, etc.
- Identifying ways to improve the trust in and usability, security and
uptake of Web payments.
- Identification of requirements for more secure and interoperable
management of payment transactions on the Web. This includes the
identification of areas and places where standards are needed to ensure
interoperable interfaces between Web applications and payment systems.
- Identification of gaps in Web Technologies that do not allow the
identified requirements to be met.
- Identification of the role and place of regulations in the overall
payment process, and the requirements that regulations impose on
technologies to ensure that they are usable all over the world under
different regulatory regimes. different use-cases from different regions of
the World should highlight the implication of the different regulations.
Different use-cases and dimensions will be investigated including terms of
the payment service between payers, payees and intermediaries, or
cross-border payments.
- Priorization of the work items to resolve the identified gaps.
- Review of deliverables under development by other W3C groups that are
relevant to the IG scope and report bugs as appropriate.
- Liaison with other organizations in the payment industry that are using
Web Technologies for their technical specifications and/or their services
to foster alignment and interoperability on a global scale.
Note:
- Technical development of standards is not in scope for the Interest
Group. However, this group will encourage the development or adaption of
technical standards to bridge the gaps that are identified. This includes
the provisions of requirements and liaisons with relevant W3C and external
groups and organizations. See the Dependencies and
Liaison section.
- The Group will consider the security, privacy and accessibility
implications of its use cases and requirements, and seek appropriate
review.
Success Criteria
We have succeeded if we can achieve the following:
- Participation via mailing list subscription and postings from people
representing various stakeholder communities, including banks, payment
industry, various legal and regulatory bodies with mandates that are
related to Web payments, payment standardization bodies, hardware and
software developers, mobile operator companies, browser vendors,
application developers, merchants and merchants association, and users
- Members of the Interest Group join relevant Working Groups and drive the
development of work items
- Constructive feedback on W3C deliverables posted for review on the Web
Payments IG mailing list
- Successfully engage and coordinate with other organizations in the
payments industry
- Successfully develop a roadmap for Web Payments that identifies the key
buildings blocks and challenges that need to be addressed and the roadmap
is supported by the major players in each category of stakeholders
Deliverables
The primary deliverables of the Web Payments Interest Group are IG notes
that identify requirements for existing and/or new technical specifications,
gaps in Web technologies, and a roadmap for the Web Payments activity. In more
details:
- The IG would identify specific use cases and requirements which impact
existing Working Groups and bring those requirements to those Working
Groups (e.g. WebApps, WebCrypto).
- The IG would identify where W3C needs to create new Working Groups to
address payment specific needs of the Open Web Platform and
on core Web technologies. Some example areas might include Web Wallet APIs
or digital signature. New WGs might be needed either because of scope
expansions beyond existing WGs, or if fundamentally different communities
of participants are required.
In addition, the group will review and comment on documents generated by the
other W3C groups and may review documents coming from external
organizations.
A preliminary list of topics and goals that members want to work on:
- Web Payments Roadmap
- Identify and review existing, relevant technical standards for
payment systems in terms of e.g. risk management and governance.
- Identify existing and possibly future issues and challenges of Web
payments, from technical and business perspectives. This includes the
identification of the different actors in the payments chain, their
position, their business models, their responsibilities, their
incentives, etc.
- Identify a set of scenarios that are in the scope of Web Payments
work, including payments in brick and mortar stores with mobile
devices. These scenario should highlights the interfaces between
payment systems and applications. They should also highlights
interactions with essential external services such as identity
providers.
- Identify where standards are needed to ease the transparent
interaction and integration of existing and future payment methods and
Web applications. This includes investigating how to:
- Enable a level-playing field for payers, payees and payment
service providers, opening the market for more innovation and
competition.
- Reduce the burden on payers and payees to support multiple
payment providers and their selections for a given transaction,
along with improved security and customer confidence.
- Provide more flexibility for payers and payees to use multiple
payment instruments.
- Increase user protection (privacy, fraud, etc.) when paying on
the Web.
- Provide more transparency of choice to the user to understand the
roles of involved parties, assess the effects of possible fees, and
understand the data flow and its implications (e.g. for privacy,
governance, etc.)
- Web Payments terminology:
- Identify and review existing terminology that has been established by
a variety of international organizations
- Adopt, refine or extent existing terminology(ies) to cover needs
identified in new use-cases or scenarios
- Wallet and Wallet API
- Identify the role and the place of a digital wallet in the payment
process in the different scenarios identified in the roadmap (e.g.
online and onsite payments).
- Define an open framework that encourages innovation in digital
wallets and leverage interoperability with merchant sites.
- Identify the functionalities of wallets and the interactions with the
different stakeholders.
- Identify the needs for standards.
- Identify requirements to enable integration of new payments schemes
and ancillary services, such as loyalty cards or coupons.
- Payment Transaction Messaging
- Identify and review existing, relevant technical standards related to
transaction messaging.
- Define a standard way for merchants to describe transaction contents
and merchant identification (aka “tokens”).
- Define a standard way for payment service providers to communicate
transaction results back to the merchants and users.
- Define a standard way to initiate payment process within a web
application. This includes the possible provision of customer
information (shopping attributes) such as geolocation, time of
purchase, or any other information that might be requested by the
payment providers to e.g. detect fraud.
- Define standard way for payment service providers to communicate
specific account information such as account balance, transaction
history, etc.
- Identity, Authentication, and Security
- Identify and review existing, relevant technical standards for
authentication, secure transactions and identity provision.
- Improve Web user-agents (a Web browser, a hybrid app, or an installed
Web application) to enable improved authentication using various
technologies from multi-factor authentication to secure-elements, to
smartcard-based authentication.
- Review existing Identification mechanism and identity providers on
the Web and whether they fit with payments requirements in terms of
privacy and security. Develop requirements and use-cases otherwise to
seed new work in the area. A particular attention will be put on
privacy aspects, and information exchange between identity providers
and payment system providers.
- Access basic user and payment provider information via the Web in a
way that is easy to synchronize across devices and easy to share with
various merchants given authorization by the customer.
- Minimize risk in identifying users by building on top of the Web
Cryptography API implemented by all major browsers,
including hardware tokens, smartcards, biometrics, mobile, two-factor
authentication, Secure Elements, SIM or UICC, etc.
- Explore possible mechanisms for Trusted UI.
- Review, comments and provide requirements to standards and other related
documents developed by W3C and external groups related to Web Payments
Timelines
The IG will, during its life time, undertake different activities that may
proceed in parallel. No specific timeline has been identified at this point,
but the various activities are intended to be running for a short period of
time (2-4 months), with the possibility of running a few iterations of them.
Dependencies and Liaisons
W3C Groups
Groups that the IG will most likely cooperate with are listed below.
- Web Payments
CG
- The purpose of the Web Payments Community Group is to discuss,
research, document, prototype, and test Web payment systems.
- Device APIs WG
- This group creates APIs for payments-related features/devices.
- Geolocation WG
- Charged with standardizing position detection of users and devices,
which can be used to initiate new payment flows.
- Social
Web WG
- The Social Web will be working on a way to identify users in a
decentralized way and will also be one way of requesting payment for
goods and services.
- HTML WG
- HTML will be one of the primary user interfaces for Web Payments.
- NFC WG
- NFC will be utilized to perform short-range wireless Web payments.
- Web Applications WG
- The Web Apps WG may create APIs to manage the payments process.
- Mobile and Web IG
- Adoption of the Mobile Web as a compelling platform for the development
of modern mobile web applications.
- System Applications WG
- Runtime environment, security model, and associated APIs for building
Web applications with comparable capabilities to native application.
- RDF WG
- The RDF WG is in charge of JSON-LD specification that is relevant for
transporting payments messages.
- Privacy IG
- Review on privacy and anonymity considerations for Web Payments.
- Web Cryptography WG
- Web payments security and authentication.
- Web Security IG
- Review on security considerations for Web payments
- Protocols and Formats WG
- Review of accessibility support in Web Payments.
External Groups
There are a number of external groups working in areas related to the ones
in scope for the Web Payments IG. The Interest Group should determine whom to
communicate with and then maintain communication with them. The following
groups are likely to be important:
- IETF
- Internet Engineering Task Force is an open-standards development
organization which develops and promotes Internet standards, cooperating
closely with the W3C and ISO/IEC standards bodies and dealing in
particular with standards of the TCP/IP and Internet protocol suite.
- GS1
- GS1 is an international not-for-profit association with Member
Organisations in over 100 countries. GS1 is dedicated to the design and
implementation of global standards and solutions to improve the
efficiency and visibility of supply and demand chains globally and across
sectors. The GS1 system of standards is the most widely used supply chain
standards system in the world.
- FIDO Alliance
- The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit
organization nominally formed in July 2012 to address the lack of
interoperability among strong authentication devices as well as the
problems users face with creating and remembering multiple usernames and
passwords. The FIDO Alliance plans to change the nature of authentication
by developing specifications that define an open, scalable, interoperable
set of mechanisms that supplant reliance on passwords to securely
authenticate users of online services..
- Open ID Foundation
- The OpenID Foundation is a non-profit international standardization
organization of individuals and companies committed to enabling,
promoting and protecting OpenID technologies. Formed in June 2007, the
foundation serves as a public trust organization representing the open
community of developers, vendors, and users. OIDF assists the community
by providing needed infrastructure and help in promoting and supporting
expanded adoption of OpenID.
- SWIFT
- The Society for Worldwide Interbank Financial Telecommunication (SWIFT)
provides a network that enables financial institutions worldwide to send
and receive information about financial transactions in a secure,
standardized and reliable environment. The majority of international
interbank messages use the SWIFT network. As of September 2010, SWIFT
linked more than 9,000 financial institutions in 209 countries and
territories, who were exchanging an average of over 15 million messages
per day (compared to an average of 2.4 million daily messages in
1995).
- PCI Security
Standards
- The PCI Security Standards Council is an open global forum, launched in
2006, that is responsible for the development, management, education, and
awareness of the PCI Security Standards, including the Data Security
Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS),
and PIN Transaction Security (PTS) requirements.
- UNCITRAL, Working Group IV (Electronic
Commerce)
- This group coordinates multilateral work in the field of electronic
transferable records including all aspects of payments and electronic
commerce. UNCITRAL is the core legal body of the United Nations system in
the field of international trade law, specializing in commercial law
reform worldwide for over 40 years. UNCITRAL's business is the
modernization and harmonization of rules on international business.
- Good
Relations
- Web Vocabulary for E-Commerce
- GSMA
- GSMA is an industry association of mobile network operators with almost
global coverage. GSMA works on recommendations for NFC-based payments,
but also on other handset- and SIM-based aspects for secure transactions
which will likely have an effect on capabilities of wireless devices for
payments.
- ASC (Accredited Standards Committee) X9
- The ANSI accredited U.S. standards development organization for U.S.
financial services. ASC X9 uses an open, consensus process to develop its
standards.
- Payment Systems Development
Group, World Bank
The Payment Systems Development Group (PSDG) is the Financial
Infrastructure and Remittances Service Line of the Financial Inclusion
and Infrastructure Practice, Financial and Private Sector Development
Vice-Presidency, The World Bank.
- ISO
TC 68
- ISO (International Organization for Standardization) is the world’s
largest developer of voluntary International Standards. International
Standards give state of the art specifications for products, services and
good practice, helping to make industry more efficient and effective.
Developed through global consensus, they help to break down barriers to
international trade. ISO Technical Committee 68 is the ISO entity that
develops international financial services standards.
This is not intended as an exhaustive list, but illustrative of groups
working on related technologies.
Participation
Participation is open to W3C Members and invited experts.
In order to make rapid progress, the group MAY form several Task Forces
(TFs), each working on a separate topic. Group members are free to join any
number of TFs.
Participants are reminded of the Good
Standing requirements of the W3C Process.
Decision Policy
The group will aim to proceed by consensus.
Where there is consensus among the representatives of W3C members in the
group, it will be forwarded as a consensus position. Where the group does not
reach agreement, the different positions (whether held by W3C members or other
members of the group) will be considered together.
All technical resolutions made by a meeting of the group are provisional
until two weeks after being published to the mailing list. An objection made on
the mailing list within two weeks of publishing a decision has the same
standing as if it were made at the meeting.
Patent Disclosures
The Web Payments Interest Group provides an opportunity to share
perspectives on the topic addressed by this charter. W3C reminds Interest Group
participants of their obligation to comply with patent disclosure obligations
as set out in Section 6 of the W3C Patent Policy. While the Interest Group
does not produce Recommendation-track documents, when Interest Group
participants review Recommendation-track specifications from Working Groups,
the patent disclosure obligations do apply.
For more information about disclosure obligations for this group, please see
the W3C Patent Policy
Implementation.
About this Charter
This charter has been created according to section 6.2 of the
Process Document. In the event
of a conflict between this document or the provisions of any charter and the
W3C Process, the W3C Process shall take precedence.
IG co-Chairs: TBD
Web Payments Team Contact: Stephane Boyera
Copyright© 2014
W3C ® (MIT , ERCIM
, Keio, Beihang), All Rights Reserved.
$Date: 2014/07/04 08:32:17 $
$Id: webpayments_charter_20140604.html,v 1.1 2014/07/04 08:32:17 boyera Exp $