Web Payments Interest Group Charter
Status: On 15 September 2017, this group was superseded by the Web Commerce Interest Group. This charter is no longer operative.
The mission of the Web Payments Interest Group, part of the Web Payments Activity, is to provide a forum
for Web Payments technical discussions to identify use cases and requirements
for existing and/or new specifications to ease payments on the Web for users
(payers) and merchants (payees), and to establish a common ground for payment
service providers on the Web Platform. The overall objective of this group is
to identify and leverage the conditions for greater uptake and wider use of Web
Payments through the identification of standardization needs to increase
interoperability between the different stakeholders and the different payment
methods. The objective of the group is also to enable more competition and
innovation in the area of Web payments and to prevent possible payment vendor
monopoly and vendor lock-in.
End date |
30 September 2017 |
Confidentiality |
Proceedings are Public.
|
Chairs |
- David Ezell, NACS
- Dapeng Liu, Alibaba Group
- Ken Mealey, American Express
|
Initial Team Contacts
(FTE %: 50) |
Ian Jacobs |
Usual Meeting Schedule |
Teleconferences: Teleconferences to be held as required. Task Forces
may have separate calls that will not overlap with others.
Face-to-face: Up to 3 per year as required |
Scope
The Web Payments Interest Group's scope covers payment transactions using
Web technologies on all computer devices (desktop, laptop, mobile, tablet,
etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed
Web application) and using all possible legal payments methods. For instance,
this includes:
- Traditional payment methods: e.g.credit and debit cards, credit transfer,
direct debit, ACH, e-check, prepaid cards, etc.
- Non-traditional currencies (this term covers multiple cases such as the
commonly called cryptocurrencies,
digital currencies, or virtual currencies. This category is sometimes
designated as "non-governmental units-of-account" by some International
organizations )
- Newer front-end payment initiating systems (e.g. various flavors of
online digital wallets, contactless payments based on various technologies
such as NFC or BTLE)
- Other value transfer methods such as loyalty points, coupons, etc.
- New person-to-person payment systems such as Mobile Money in the
developing world.
The Web Payments IG will cover a variety of scenarios including Web-mediated
Business-to-Consumer (B2C), Business-to-Business (B2B), Business-to-Business to
Consumer (B2B2C), and Person-to-Person (P2P) transactions in the case of
physical (payment at physical shops) and online payments for physical or
digital goods, including in-app payments. It will also cover one-time payments
as well as e.g. recurring bill payments. Finally it will also cover
micro-payments (low value payments) in different cases (P2P in international
remittances or B2C/B2B for very small value goods such as press articles).
The tasks that the Interest Group will undertake include:
- Identification of problems, barriers and challenges that currently exists
or may appear in the domain of Web Payments. This includes technology
aspects as well as business aspects (incentives, etc.) and covers the
different stakeholders, in particular customers (more generally payers),
merchants (more generally payees), web application developers, and payment
system providers. It also includes legal aspects and the IG will have to
ensure that the proposed architecture is flexible enough to cope with
varieties of regulations that exist across the globe.
- Identification of use-cases and scenarios of payment transactions using
Web technologies that need to be addressed. This will cover both online
payments, off-line payments and payments at physical shops or face-to-face.
Issues such as "floor-limits" and "stand-in" for specific transaction
scenarios should be considered. Different categories of use-cases should be
identified to highlight different dimensions such as the role of
regulations on technologies, the case of international low-value
remittances, general retail payments, bill payments, utility payments etc.
- Identifying ways to improve the usability, security, uptake, and trust of
Web payments
- Identification of requirements for more secure and interoperable
management of payment transactions on the Web. This includes the
identification of areas and places where standards are needed to ensure
interoperable interfaces between Web applications and payment systems.
- Identification of the issues related to user privacy protection, user
data protection, as well as provision of user data required for regulation
or for anti-fraud detection process. This covers also rules, regulations
and APIs related to access to accounts.
- Identification of gaps in Web Technologies that do not allow the
identified requirements to be met.
- Identification of the role and place of regulations in the overall
payment process, and the requirements that regulations impose on
technologies to ensure that they are usable all over the world under
different regulatory regimes. Different use-cases from different regions of
the World should highlight the implication of the different regulations,
and the best way to ensure that technologies can be flexible enough to cope
with these regulations. Different use-cases and dimensions will be
investigated including terms of the payment service between payers, payees
and intermediaries, or cross-border payments.
- Priorization of the work items to resolve the identified gaps.
- Review of deliverables under development by other W3C groups that are
relevant to the IG scope and report bugs as appropriate.
- Liaison with other organizations in the payment industry that are using
Web Technologies for their technical specifications and/or their services
to foster alignment and interoperability on a global scale.
Note:
- Development of technical standards is not in scope for the Interest
Group. However, this group will encourage the development or adaption of
technical standards to bridge the gaps that are identified. This includes
the provisions of requirements and liaisons with relevant W3C and external
groups and organizations. See the Dependencies and
Liaison section.
- The Group will consider the security, privacy and accessibility
implications of its use cases and requirements, and seek appropriate
review.
Success Criteria
We have succeeded if we can achieve the following:
- Participation via mailing list subscription and postings from people
representing various stakeholder communities, including banks, payment
industry, various legal and regulatory bodies with mandates that are
related to Web payments, payment standardization bodies, hardware and
software developers, mobile operator companies, browser vendors,
application developers, merchants and merchants association, and users
- Members of the Interest Group join relevant Working Groups and drive the
development of work items
- Constructive feedback on W3C deliverables posted for review on the Web
Payments IG mailing list
- Successfully engage and coordinate with other organizations in the
payments industry
- Successfully develop a roadmap for Web Payments that identifies the key
buildings blocks and challenges that need to be addressed and the roadmap
is supported by the major players in each category of stakeholders.
Deliverables
The primary deliverables of the Web Payments Interest Group are IG notes
that identify requirements for existing and/or new technical specifications,
gaps in Web technologies, and a roadmap for the Web Payments activity. In more
details:
- The IG would identify specific use cases and requirements which impact
existing Working Groups and bring those requirements to those Working
Groups (e.g. WebApps, WebCrypto).
- The IG would identify where W3C needs to create new Working Groups to
address payment specific needs of the Open Web Platform and
on core Web technologies. Some example areas might include Web Wallet APIs
or digital signature. New WGs might be needed either because of scope
expansions beyond existing WGs, or if fundamentally different communities
of participants are required.
In addition, the group will review and comment on documents generated by the
other W3C groups and may review documents coming from external
organizations.
A preliminary list of topics and goals that members want to work on:
- Web Payments Roadmap
- Identify and review existing, relevant technical standards for
payment systems in terms of e.g. risk management and governance.
- Identify existing and possibly future issues and challenges of Web
payments, from technical, business and legal perspectives. This
includes the identification of the different actors in the payments
chain, their position, their business models, their responsibilities,
their incentives, etc. This also includes the identification of the
roles of regulations in the payment chains, and how it can affect the
payment flow.
- Identify a set of scenarios that are in the scope of Web Payments
work, including payments in brick and mortar stores with mobile
devices, off-line payments, micro-payments, mobile money, integration
of issues such as "floor-limits" and "stand-in" for specific
transaction scenarios should be considered. etc.. These scenario should
highlights the interfaces between payment systems, including users'
account, and applications as well as the complete transaction flow.
They should also highlights interactions with essential external
services such as identity providers. It may be appropriate to design a
typology of Uses-cases where a set of cases illustrate in different
ways the same element. Such a typology will help separating the overall
space in smaller units that could be handled separately.
- Identify where standards are needed to ease the transparent
interaction and integration of existing and future payment methods and
Web applications. This includes investigating how to:
- Enable a level-playing field for payers, payees and payment
service providers, opening the market for more innovation and
competition.
- Reduce the burden on payers and payees to support multiple
payment providers and their selections for a given transaction,
along with improved security and customer confidence.
- Provide more flexibility for payers and payees to use multiple
payment instruments.
- Increase user protection (privacy, fraud, etc.) when paying on
the Web as well as reduce payee exposure to risk from fraud
- Provide more transparency of choice to the user to understand the
roles of involved parties, assess the effects of possible fees, and
understand the data flow and its implications (e.g. for privacy,
governance, etc.)
- Identify where standards are needed to ease the management and
interoperability of bill/utility payments
- Identity other services that are related to payments such as invoices
storage, digital receipts storage, warranty, recurring payments,
loyalty cards, coupons, etc.
- Web Payments terminology:
- Identify and review existing terminology that has been established by
a variety of international organizations and standards. This includes
e.g. UNCITRAL terminology, World Bank Terminology, ISO20022 or
ISO29115.
- Adopt, as much as possible, common terminologies accross glossaries
to cover needs identified in new use-cases or scenarios
- Wallet and Wallet API
- Identify the role and the place of a digital wallet in the payment
process in the different scenarios identified in the roadmap (e.g.
online and onsite payments, proximity payments). This includes the
investigation of Wallet at the customer end as well as at the merchant
end (connected to merchant's checkout/payment option). This also
includes investigation related to the interaction between Wallet
providers, individual payment instrument providers and regulations.
- Define an open framework that encourages innovation in digital
wallets and leverage interoperability with merchant sites.
- Identify the functionalities of wallets and the interactions with the
different stakeholders.
- Identify the needs for standards.
- Identify requirements to enable integration of new payment
instruments (e.g. cryptocurrencies), new payments schemes and ancillary
services, such as loyalty cards or coupons.
- Payment Transaction Messaging
- Identify and review existing, relevant technical standards related to
transaction messaging.
- Identify requirements and constraints to define a standard way for
merchants to describe transaction contents and merchant identification
(aka “tokens”).
- Identify requirements and constraints to define a standard way for
payment service providers to communicate transaction results back to
the merchants and users.
- Identify requirements and constraints to define a standard way to
initiate payment process within a web application. This includes the
possible provision of customer information (shopping attributes) such
as geolocation, time of purchase, or any other information that might
be requested by the payment providers to e.g. detect fraud.
- Identify requirements and constraints to define a standard way for
payment service providers to communicate specific account information
such as account balance, transaction history, etc.
- In all the above items, investigations should take into account the
specificities of mobile payments and proximity payments.
- Identity, Authentication, and Security
- Identify and review existing, relevant technical standards for
authentication, secure transactions and identity provision.
- Improve Web user-agents (a Web browser, a hybrid app, or an installed
Web application) to enable improved authentication using various
technologies from multi-factor authentication to secure-elements, to
smartcard-based authentication. This includes Mobile/device specifics
such as Multi-Modal or contextual security.
- Review existing Identification mechanism and identity providers on
the Web and whether they fit with payments requirements in terms of
privacy and security. Develop requirements and use-cases otherwise to
seed new work in the area. A particular attention will be put on
privacy aspects, and information exchange between identity providers
and payment system providers.
- Identify user data protection and user privacy issues as well as the
management of data provisioning required by regulation and by
anti-fraud detection processes.
- Access basic user and payment provider information via the Web in a
way that is easy to synchronize across devices and easy to share with
various merchants given authorization by the customer.
- Minimize risk in identifying users by building on top of the Web
Cryptography API implemented by all major browsers,
including hardware tokens, smartcards, biometrics, mobile, two-factor
authentication, Secure Elements, SIM or UICC, etc.
- Explore possible mechanisms for Trusted UI.
- Review, comments and provide requirements to standards and other related
documents developed by W3C and external groups related to Web Payments.
Timelines
The IG will, during its lifetime, undertake different activities that may
proceed in parallel. No specific timeline has been identified at this point,
but the various activities are intended to be running for a short period of
time (2-4 months), with the possibility of running a few iterations of them.
Dependencies and Liaisons
W3C Groups
Groups that the IG will most likely cooperate with are listed below.
- Device APIs WG
- This group creates APIs for payments-related features/devices.
- Digital Publishing
IG
- Online payments is a challenge for publishers, particularly in the area
of micro-payments. The Digital Publishing IG may provides specific
use-cases for Web Payments.
- Geolocation WG
- Charged with standardizing position detection of users and devices,
which can be used to initiate new payment flows.
- HTML WG
- HTML will be one of the primary user interfaces for Web Payments.
- Internationalization
WG
- Ensuring that all payments solutions that may be proposed take into
account the internationalization requirements is essential for a global
adoption.
- Mobile and Web IG
- Adoption of the Mobile Web as a compelling platform for the development
of modern mobile web applications.
- NFC WG
- NFC will be utilized to perform short-range wireless Web payments.
- Privacy IG
- Review on privacy and anonymity considerations for Web Payments.
- Protocols and Formats WG
- Review of accessibility support in Web Payments.
- RDF WG
- The RDF WG is in charge of JSON-LD specification that is relevant for
transporting payments messages.
- Social
Web WG
- The Social Web will be working on a way to identify users in a
decentralized way and will also be one way of requesting payment for
goods and services.
- System Applications WG
- Runtime environment, security model, and associated APIs for building
Web applications with comparable capabilities to native application.
- W3C Technical Architecture Group
(TAG)
- Linking with the TAG is essential to ensure that payments approach that
may be proposed are fitting with the overall Web architecture.
- Web Applications WG
- The Web Apps WG may create APIs to manage the payments process.
- Web Application Security
Working Group (WebAppSec)
- WebAppSec may help develop security and policy mechanisms to improve
the security of payments.
- Web Credentials
CG
- Provide inputs on possible ways to manage identity on the Web and when
conducting financial transactions.
- Web Cryptography WG
- Web payments security and authentication.
- Web Payments
CG
- The purpose of the Web Payments Community Group is to discuss,
research, document, prototype, and test Web payment systems.
- Web Security IG
- Review on security considerations for Web payments
External Groups
There are a number of external groups working in areas related to the ones
in scope for the Web Payments IG. The Interest Group should determine whom to
communicate with and then maintain communication with them. The following
groups are likely to be important:
- ASC (Accredited Standards Committee) X9
- The ANSI accredited U.S. standards development organization for U.S.
financial services. ASC X9 uses an open, consensus process to develop its
standards.
- EMVCo
- EMVCo administers all the originial specifications known as EMV, a
trademark dating back to 1999. Over the years, EMV has evolved from a
single, chip-based contact specification to include EMV Contactless, EMV
Common Payment Application (CPA), EMV Card Personalisation, and EMV
Tokenisation. There are also EMV documents and materials regarding mobile
payments. The common thread throughout “EMV” is a commitment to
worldwide interoperability and acceptance of secure payment
transactions.
- FIDO Alliance
- The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit
organization nominally formed in July 2012 to address the lack of
interoperability among strong authentication devices as well as the
problems users face with creating and remembering multiple usernames and
passwords. The FIDO Alliance plans to change the nature of authentication
by developing specifications that define an open, scalable, interoperable
set of mechanisms that supplant reliance on passwords to securely
authenticate users of online services.
- Good
Relations
- Web Vocabulary for E-Commerce
- GS1
- GS1 is an international not-for-profit association with Member
Organizations in over 100 countries. GS1 is dedicated to the design and
implementation of global standards and solutions to improve the
efficiency and visibility of supply and demand chains globally and across
sectors. The GS1 system of standards is the most widely used supply chain
standards system in the world.
- GSMA
- GSMA is an industry association of mobile network operators with almost
global coverage. GSMA works on recommendations for NFC-based payments,
but also on other handset- and SIM-based aspects for secure transactions
which will likely have an effect on capabilities of wireless devices for
payments.
- IETF
- Internet Engineering Task Force is an open-standards development
organization which develops and promotes Internet standards, cooperating
closely with the W3C and ISO/IEC standards bodies and dealing in
particular with standards of the TCP/IP and Internet protocol suite.
- ISO
TC 68
- ISO (International Organization for Standardization) is the world’s
largest developer of voluntary International Standards. International
Standards give state of the art specifications for products, services and
good practice, helping to make industry more efficient and effective.
Developed through global consensus, they help to break down barriers to
international trade. ISO Technical Committee 68 is the ISO entity that
develops international financial services standards.
- European Telecommunications Standards
Institute (ETSI)
- ETSI, the European Telecommunications Standards Institute, produces
globally-applicable standards for Information and Communications
Technologies (ICT), including fixed, mobile, radio, converged, broadcast
and internet technologies.
- Merchant Customer Exchange (MCX)
- Merchant Customer Exchange (MCX) was created by a group of leading
merchants with a singular purpose: offering consumers a customer-focused,
versatile and seamlessly integrated mobile-commerce platform.
- Open ID Foundation
- The OpenID Foundation is a non-profit international standardization
organization of individuals and companies committed to enabling,
promoting and protecting OpenID technologies. Formed in June 2007, the
foundation serves as a public trust organization representing the open
community of developers, vendors, and users. OIDF assists the community
by providing needed infrastructure and help in promoting and supporting
expanded adoption of OpenID.
- Open Mobile Alliance
(OMA)
- OMA is the focal point for the development of mobile service enabler
specifications, which support the creation of interoperable end-to-end
mobile services. OMA drives service enabler architectures and open
enabler interfaces that are independent of the underlying wireless
platforms.
- Open Web Application
Security Project (OWASP)
- OWASP is an open community dedicated to enabling organizations to
conceive, develop, acquire, operate, and maintain applications that can
be trusted. OWASP provided free tools (documents, forums, etc.) to anyone
interested in improving application security. OWASP advocates approaching
application security as a people, process, and technology problem because
the most effective approaches to application security include
improvements in all of these areas.
- Payment Systems Development
Group, World Bank
- The Payment Systems Development Group (PSDG) is the Financial
Infrastructure and Remittances Service Line of the Financial Inclusion
and Infrastructure Practice, Financial and Private Sector Development
Vice-Presidency, The World Bank.
- PCI Security
Standards
- The PCI Security Standards Council is an open global forum, launched in
2006, that is responsible for the development, management, education, and
awareness of the PCI Security Standards, including the Data Security
Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS),
and PIN Transaction Security (PTS) requirements.
- SIMalliance
- SIMalliance promotes the essential role of the secure elements (SE) in
delivering secure mobile applications and services across all devices
that can access wireless networks. By identifying and addressing
SE-related technical issues, and both clarifying and recommending
existing technical standards relevant to SE implementation, the
SIMalliance aims to promote an open SE ecosystem to facilitate and
accelerate delivery of secure mobile applications globally.
- SWIFT
- The Society for Worldwide Interbank Financial Telecommunication (SWIFT)
provides a network that enables financial institutions worldwide to send
and receive information about financial transactions in a secure,
standardized and reliable environment. The majority of international
interbank messages use the SWIFT network. As of September 2010, SWIFT
linked more than 9,000 financial institutions in 209 countries and
territories, who were exchanging an average of over 15 million messages
per day (compared to an average of 2.4 million daily messages in
1995).
- UNCITRAL, Working Group IV (Electronic
Commerce)
- This group coordinates multilateral work in the field of electronic
transferable records including all aspects of payments and electronic
commerce. UNCITRAL is the core legal body of the United Nations system in
the field of international trade law, specializing in commercial law
reform worldwide for over 40 years. UNCITRAL's business is the
modernization and harmonization of rules on international business.
- Vendorcom
- Vendorcom, the cards & payments community, is a European membership
organization which represents key stakeholders in the cards and payments
industry. Its primary aims are to promote innovation and
thought-leadership, provide a forum for knowledge sharing and issues
resolution for its members and encourage capability development across
the cards and payments industry.
This is not intended as an exhaustive list, but illustrative of groups
working on related technologies.
Participation
Participation is open to W3C Members and invited experts.
In order to make rapid progress, the group MAY form several Task Forces
(TFs), each working on a separate topic. Group members are free to join any
number of TFs.
Participants are reminded of the Good
Standing requirements of the W3C Process.
Decision Policy
The group will aim to proceed by consensus.
Where there is consensus among the representatives of W3C members in the
group, it will be forwarded as a consensus position. Where the group does not
reach agreement, the different positions (whether held by W3C members or other
members of the group) will be considered together.
All technical resolutions made by a meeting of the group are provisional
until two weeks after being published to the mailing list. An objection made on
the mailing list within two weeks of publishing a decision has the same
standing as if it were made at the meeting.
Patent Disclosures
The Web Payments Interest Group provides an opportunity to share
perspectives on the topic addressed by this charter. W3C reminds Interest Group
participants of their obligation to comply with patent disclosure obligations
as set out in Section 6 of the W3C Patent Policy. While the Interest Group
does not produce Recommendation-track documents, when Interest Group
participants review Recommendation-track specifications from Working Groups,
the patent disclosure obligations do apply.
For more information about disclosure obligations for this group, please see
the W3C Patent Policy
Implementation.
About this Charter
This charter has been created according to section 6.2 of the
Process Document. In the event
of a conflict between this document or the provisions of any charter and the
W3C Process, the W3C Process shall take precedence.
In February 2015, Ian Jacobs replaced Stephane Boyera as the W3C staff contact.
In April 2017, Dapeng Liu replaced Erik Anderson as co-Chair.
On 17 May 2017, Ken Mealey became a co-Chair.
This charter was developed with support from the European Union's 7th
Research Framework Programme (FP7/ 2013-2015) under grant agreement n°611327 -
HTML5 Apps
IG co-Chairs: David Ezell (NACS), Erik Anderson (Bloomberg)
Web Payments Team Contact: Stephane Boyera
Copyright© 2014
W3C ® (MIT , ERCIM
, Keio, Beihang), All Rights Reserved.
$Date: 2017/09/15 15:10:07 $
$Id: webpayments_charter.html,v 1.35 2017/09/15 15:10:07 ijacobs Exp $