See also: IRC log
<CyrilV> +present CyrilV
<CyrilV> * thanks
<scribe> scribe: Ian
<scribe> Chair: Arie
Notes from previous meeting:
https://www.w3.org/Payments/IG/wiki/StakeholderPriorities#Banks
Arie: Goal is to arrive at a consensus on the top set of questions we should be asking banks about their interests and needs
Questions form last time
====
What Web / mobile use cases are you working on and when would you deploy?
What (WEB) standards are you already implementing? (e.g., OAUTH2).
What are the primary obstacles today that prevent you from deploying “credit transfer” (or, “push”) payment schemes?
(For central banks) What standards are necessary to implement your faster/more secure/open API initiatives?
===
<Zakim> padler, you wanted to ask about differentiated needs for Banks..
padler: Sorry I had to miss last call. Looking at the wiki and reflecting on what type of things where we might engage banks,
it feels like we should ask more for specificity in the draft questions.
scribe: e.g., where in the
organizations these technologies could be useful
... e.g., with regards to identity, is it part of retail
strategy?
... or concerns with bank to bank interop?
... answers likely to be different based on role
... different roles / different technology needs.
... e.g., if we ask what is hindering faster payments, it's
more about bank-to-bank
... so we should ask more clearly what areas of the bank where
these technologies would be deployed.
Arie: In the previous call we
chose to focus on the retail side
... I think security is important whatever the department
Mark: I think Pat's point was
broader. In order to serve my retail customers, it also matters
how we connect with different institutions
... and, frankly, the technology becomes less important than
the rules...more of a banking question than a technology
question
... but the technology questions are different between whether
I am connecting to a clearing house or asking for customer
credentials
<Zakim> padler, you wanted to provide an example of where this may be important...
padler: If I think about consumer
identity and accounts, and payment endpoints -- those may also
be used by institutional or government processes (e.g.,
gov2person, or payroll)
... one does not need a different standard for payroll as for
peer2peer
... the IG should harmonize what's being done in the retail
space, and harmonize other flows with what's being done in the
new WG
... e.g., to enable other entities to pay them...it should look
consistent whether the payer/payee are 2 institutions, people,
or governments.
... that does not imply that the messages would flow over the
same pipes, but interoperability would be helpful.
CyrilV: When I looked at the
minutes of the previous call, I saw mention of PSD2
... there are several bilateral relationships in these
flows
... e.g., you have banks facing the customers and banks facing
merchants
... banks serve a role of being a trusted party who can engage
in payment ecosystem
... (Third party service providers in PSD2 lingo)
... the four corner model serves a valuable role of creating
trusted relationships
... we have some standards for card payments (giving a 4 corner
model)
... we have SEPAmail project (4 corner)
... and IDEAL in NL
... so there are valuable 4-corner models for payments but we
don't have all the standards we need for the web
... to do 4 corners
... banks need good standards in order to do several
things:
1) Dissociate relationship from multilateral or bilateral
2) Standards to connect disparate systems
scribe: it would be interesting if these different systems could use the same tools to operate
<Zakim> AdrianHB, you wanted to ask if the retail payment (as developed in the new WG) SHOULD be usable in b2b or other scenarios
AdrianHB: I want to build on what
Cyril said...there are no standards for 4-party model...we are
addressing to a certain extent in the new WG
... but I am wondering whether the scope of the new WG is such
that the messages will be reusable.
... I don't think it's in the charter today
... How important is ISO20022 to all this?
... there are people saying it's very important (an flexible
enough to achieve our goals) and yet there are also technology
folks who do not wish to be encumbered in the same way
Cyril: I've been working on a
presentation on 4-corner.
... what is difficult today is to organize the flow
... in the 4-corner model you have lots of different
flows
... (request, response, forward, etc.)
... these could be addressed through ISO20022 or simpler
... to guarantee that the flow is a good one, to ensure you
have audit trail, so far we don't have that.
... so we have the messages (so we can "talk") but we don't
have everything that we need
CyrilV: This is the layer
underneath what we are talking about; EPC calls this the
operating model
... when the EPC works on an operating model, [/me missed
it]
... but I think we could create similar flows for different use
cases
... I think ultimately what we are missing is a layer for
payments
<Zakim> Ian, you wanted to answer to Adrian
<AdrianHB> ian: Adrian asked if the WG messages can ebe xtended to other scenarios
<AdrianHB> ... I would be nervous to extend the scope of the WG
<AdrianHB> ... it may be useful as a learning exercise but we can't do too much in the first pass
Kris: ISO folks discussing the
same questions that seem to be discussed here.
... e.g., we have methodology but not sufficient to do
payments
... there are also questions about the scope of ISO work and
the work of other standards
... APIs and so on cover more than just "the business payload"
...it contains security and other things not in ISO20022
... so it's important to understand where ISO20022 fits into
the payment space (and what it does and doesn't do)
... e.g., Security is not covered in ISO20022
... on the other hand, 4-corner is covered (business process
modeling)
... I think it's key that we establish what's part of ISO20022
and what's not...
... ISO20022 is not the solution to Web payments...but we need
to figure out its relation to web payments
padler: What's perhaps missing is
consistent account management
... it would be helpful to use account standard and account
identity standards in an interoperable fashion
... I see the IG has having a role of establishing glue between
things, e.g., open standards for identity and account
Vincent: Currently messages that
have been defined are in banking space...banks and inter
banking
... the way ISO20022 is structured, there are 3 main
layers:
- business model (can cover any business functionality, including the business side of web payments...
scribe: web payments has two
parts - technical and also business
... being on the payment side in ISO20022, most of the business
things are covered.
Vincent: Second layer is logic
layer
... third layer is implementation (e.g., XML for payment
messages, but also ASN1 in card world)
... the technical standards could be extended to meet our
needs
padler: I didn't meant to suggest
ISO20022 is not applicable. Rather, the gap that I see wrt W3C
is that there are topics like identity and
credentials....
... we want to use standard that have already been developed
(where we can)
... we should ensure that ISO20022 meets our use cases and
develop out the protocols as needed
Vincent: I think that recently
there was addition of ATM messages
... getting closer to web payments (closer than other inter
bank)
padler: Question before us is -
how does the web (outside of payments), and payments on the
web, and ISO20022 integrate?
... for end users, you don't want to have to support multiple
technologies if you can avoid it.
<aylcw3c> +1
padler: you'd rather like interop with other systems
Vincent: That's why I'm
mentioning the card messages that were recently
registered
... they looked into harmonizing identity management, input
management, merchant management
... those were covered in those card messages
... so that could be a place where we should look into it for
web payments, possibly reusing
<AdrianHB> +1 to ISO20022 education for the group!
dezell: +1 to getting better
sense of ISO20022 in the group
... Question for banks - what kinds of additional services do
they see going along with web payments?
IJ: E.g., like integration of mobile banking and payments?
dezell: Yes
<Zakim> AdrianHB, you wanted to ask if banks think W3C has anything to add in the interbank messaging space?
AdrianHB: I want to try to
summarize some things that I'm hearing and relate it to the
work of the WG
... and see if there's anything to talk about in the IG
... one of the ways that we've been discussing the WG work is
in relation to the 4-corner model
... we've said that there is a lot of fiction in 4-corner
between payer and payee
... today it's that interaction between customer and merchant
that has security and friction issues
... in the WG we are attempting to address that.
... it's focused
... but in the bigger picture of the 4-corner model, if the
other messages are ISO20022 and the operating procedures are
standardized,
and we are using ISo20022 layer of technologies, it makes sense to understand in the WG that that is the context.
scribe: what I"m not clear about
is whether banks should be looking to W3C to define anything
related to interbank messaging
... ISO20022 seems to cover that. Are there gaps?
padler: Interbank messaging is
just one thing we might look to standards bodies.
... but a lot of our technology stacks run on open web
standards
... even if we don't go to w3c for interbank flows, we are
still looking at browser standards or things interoperable
outside of payments that we need to deploy to conduct
business
<aylcw3c> +1 on banks joining
padler: I think we need bank
input on topics like security
... That's an interesting perspective - part of the role of the
IG is pushing information to the rest of W3C about bank
needs
s/padlerl/Adrian
padler: Yes, we want these
stakeholders to push requirements (of banks, PSPs, etc.) to the
more general groups at w3c (e.g., security)
... that's not to take away work from other orgs, just to get
stakeholder input into what w3c does
AdrianHB: I don't think that
messaging has been loud enough
... to my mind, I've seen the primary role of the IG to gather
people together to look at gaps
" Coordination role of payments conversations at W3C; "
" Further work on detailed requirements on messages, security, etc. These requirements will be provided as input to relevant groups; "
<padler> +1 to encouraging more payments and banking related companies to joining both the W3C and the IG to express standardization needs related to open web standards and efforts underway at the W3C
<AdrianHB> +1 to that role! (was lost by me in focus on forming WGs)
AdrianHB: Perhaps one reason we did not emphasize this messages is that our first focus was establishing the first WG and the next one
IJ: +1 to revisiting our larger role
Adrian: +1
<dezell> +1 to more bank participation.
aylcw3c: +1 to getting banks more involved to hear their requirements put to various other technologies
(Here's a potential question: QUESTION - Do you feel that it would be valuable to be able to contribute your requirements directly to the development of Web technologies?"
<AdrianHB> QUESTION: What about the Web is limiting in delivering products? (i.e. What makes you pick and app or native application instead of Web)
CyrilV: On the question of what
banks want for the Web...we could imagine having everything on
the web (including clearing, etc.)
... from my perspective, we see that our clients what more
security than they have today
... security on both sides (even with 3DS the security is not
generalized)
... there are also links to "after" and "before" payments
... payments don't happen in a void
... there are pre invoice, invoice, payment, delivery,
etc.
... our clients need to have links between these different
phases
... a full digital view
Amy: I'm early in the process;
happy to listen in at this point. ETA Members include banks
mostly on the acquiring side
... I'm still collecting data
IJ: can we reach out to those banks in ETA with our questions?
Amy: We have BOA Merchant services, Wells-Fargo, JP Morgan Chase...I'm happy to engage with them
Arie: Identity has been mentioned
multiple times
... ISO20022 and its relation to the web
QUESTION: What about the Web is limiting in delivering products? (i.e. What makes you pick and app or native application instead of Web)
Adrian: In other words, what
makes you pick a native app instead of a Web app?
... I think for banks, they don't make the connection between
"we found a gap" and "we can help address the gap in a web
standard"
... how do we ask the question to raise awareness about the
breadth of the platform
<mtiggas> mtiggas +1
Adrian: I also think that one of the banking meetings I had last week...one architect said "any standards that come out now for the web will only be available in a year"
<Zakim> Ian, you wanted to steal from Cyril
IJ: Similar gap analysis type of question "To achieve 4 corner model on the web, what is missing?"
CyrilV: When we are talking about
customer facing apps, we use the technology the tech people
want to use.
... for the flows in other parts of the ecosystem, those are
complex...and we could benefit from standards to enable interop
among banks
... hence SEPA....it's complex to move when everyone has to act
on the same day
... even if we see the gap, it's difficult at times to
act.
... back to the question of 4 corner...I think it could be a
real value add to the web to have the same flow
management...and to secure the flow management
... not limited to the payment message
<mtiggas> mtiggas +1
CyrilV: we should have a
standards to support 4-corner
... I could explain more deeply at TPAC
<aylcw3c> Cheers Ian
<AdrianHB> +1 for more discussion in TPAC
<aylcw3c> if reaching out to banks and asking to participate
<aylcw3c> how to reduce redundant built suystems
<aylcw3c> reduce one-off builds
<aylcw3c> Pat will jot down question on the wiki