See also: IRC log
https://docs.google.com/presentation/d/1A0Kv1A66eTw4_YMXjLXT-RQR0WDLwlqoiL_meoX1Jt8/edit
<scribe> scribe: ian
<manu> https://docs.google.com/presentation/d/1A0Kv1A66eTw4_YMXjLXT-RQR0WDLwlqoiL_meoX1Jt8/edit
Manu: This proposal is a bit
different from the other proposals. It is more about
coordination of work than new standards work
... the focus is web-based digital wallets
... we are using the term "digital wallet" for now
... combine payments, loyalty, offers
jeff: currently we are doing some standards work in payment. In loyalty and offers I'm not familiar with work in working groups...
Manu: currently there are three
groups (at different levels of maturity) - digital offers
community group, which has a goal of creating a WG.
... then we have payments WG and also verifiable claims we hope
becomes a WG
... so one activity of the IG could be to help coordinate the
work such that web-based payment apps could be as powerful as
native
Jeff: Digital offers is not far along yet; caution about considering it certain
Manu: My assumption is that it will be successful in the future
[IJ plans to try to keep this discussion to 9:35 ET)
[Manu reviews coffee shop scenario]
Manu: The scenario ties together
web payments, digital offers, and verifiable claims
... the scenario can be generalized to all retailers.
* Retailer provide digital loyalty card
* Retailer delivers digital offer to customer via the card
* Customer acts on the digital offer to perform a purchase
[Slide 4 on problems for stakeholders]
customers: value? spam? app
fatigue?
... people don't want to install apps; app retention rate low;
people don't want to install loyalty apps
retailers: loyalty programs are limited and expensive, typically tied to POS integration
consumers want real-time offers...requires digital but very few offers are digital right now; mostly print
IJ: I hear coupon industry wedded
to print
... any data on obstacles we can address to get to digital
offers?
Manu: Don't have that data and
hope the CG can work on that
... we don't need CPG companies for this particular
strategy
... this strategy is mostly for small retailers
dezell: the resistance to coupons
is an ecosystem resistance. it's not just one particular
stakeholder
... There's a lot of capital investment in physical
copuons
... this is one of the things that slows this down
... at the IG's FTF meeting I intend to try to get guests who
know this in more detail
manu: CPG have an "anemic"
digital offer strategy; those coupons are not widely
redeemable
... there ARE a number of entrenched interests
... understanding that is the job of the digital offers CG, but
is not really critical to this proposal.
[Slide 5 - ecosystem]
Customers want loyalty programs to scale across devices
[Slide 7 - benefits to customers]
IJ: What does interop look like
if problem is matching customer loyalty and retailer
loyalty?
... I would not expect to be a user of loyalty program A with
loyalty program B....I expect merchants would want to support
multiple loyalty programs potentially.
... and so the analogy is that you want a single POS
terminal
ManU: Right - the way you express loyalty is interoperable; the loyalty service providers are different
Adam: The average household has 29 loyalty programs...and typically they would need a different app for each
IJ: I understand protocol interop, but I don't see loyalty services going away.
dezell: the analogy to cards is a good one...there used to be one card per program
scribe: and companies did not
want their cards used at other merchants
... but consumers wanted interop
... standards came about and that carried the day
Manu: What we are proposing is
not to centralize or minimize...we want retailers to provide
loyalty cards that are specific to that retailer
... they only want it to be used at their location
(But that is my point - you will then have N loyalty cards, each working in a small number of shops)
[Manu proceeds through additional incentives]
Manu: Software vendors want to be
able to innovate in loyalty without entering the POS
space
... they want to be able to provide digital wallets that
include digital offers
[Demand for Ecosystem]
scribe: people want digital
coupons but only 2.5% are digital today, so there's a bit
opportunity
... digital coupons constitute 6% of redeemed coupons even
though they constitute a much smaller proportion of all
coupons
<dezell> Manu, suggest you include the redemption gap - reportedly %20 of face value (loss to merchant) for paper coupons.
[Why W3C]
Manu: I think part of vision needs to be weaving w3c technologies together to compete with native apps
Mark: On centralization - had
there been a ubiquitous commercial network when cards developed
we may not have ended up with a centralized model
... one problem in the past was hub and spoke for comms
Jeff: I like this idea in this space in general. I am unclear what exactly is the deliverable that you are proposing, a nd generated by whom
Manu: The deliverable is an
analysis of the technologies we are working on and how they fit
together
... digital bazaar is building a web-based wallet that uses
these various technologies
... based on our implementation we think that it's possible,
but we think there are gaps
... so this project would be a gap analysis
... So we should produce a gap analysis by the end of the
year
Jeff: An architecture document
that relates these things and identifies gaps .. that could be
a methodology
... for a gap analysis, what methodology would you use?
Manu: The goal is to focus on a
basic scenario (which we also think is relevant
generally)
... The proposal right now is to do a low-level gap analysis -
can the web do this thing?
Jeff: + to "more specific". My only worry when I look at slide 5 and see "gap analysis"...to me that has to be framed carefully.
as long as it's framed more tightly, then it makes sense to me
IJ: Is there a barrier to having
this conversation in the digital offers community?
... I would not want to have 2 digital offers conversations
going on
Manu: It's not about digital
offers. It's about a lifecycle.
... they get a digital offer and make a payment
... there's another piece which is "linked data
communications"
IJ: Digital offers are out of scope for payments WG
Manu: I think the IG is the right place since it does not cleanly fit into digital offers
Ken: Apologies to not have slide; tough to get approval to do so
[IJ Notes that Ken's docs not in our archive]
Ken: Amex key priority is
fighting fraud. The current focus these days is EMV in the
physical world
... (big migration happening in the US)
... back in September Amex commissioned a survey...about 1000
consumers and 400 merchants
... some US-centric data here
... most US consumers use a mobile device
... about half of consumers experienced online fraud, and about
60% merchants said they experienced fraud
... based on how we look at payments in general, when we look
at online payments we see both good news and challenging
news
... while online payments are growing exponentially, fraud is
as well
... EMV (in simplest form) is a chip; superior to magnetic
strip because cryptograms are used
... most of the world's markets have been moving to EMV
... the US is currently going through the transition
... for petroleum merchants to replace a terminal is
complicated; they have received an extension
... in the US, most brands are seeing that they are close to
being completely EMV on the issuing side (most cards in the
market now have chips)
... only about 30% of merchants are currently enabled for EMV,
so still some way to go
... where we have seen EMV migration we have seen a spoke in
online fraud
... we are expecting this to hit the online market as
well
... most of the payments world is focused on card-not-present
(CNP) transactions
... these are more vulnerable because (traditionally) they do
not benefit from both software and hardware advances
... what people consider "CNP" may vary and there are lots of
scenarios, but for the purposes of these calls are those
related to online commerce.
<Zakim> manu, you wanted to ask specifically about fraud mitigation - is it just "implement EMV?" or is there more? "EMV for the Web"? This sounds like a new W3C WPWG payment method?
Manu: One idea is "implement EMV
one the way"
... from what you are saying, it sounds like the web payments
WG could implement something like an EMV payment method
... is that the type of outcome you'd like to see?
Ken: Good question, you are ahead of me
(We are working on a tokenization spec => https://w3c.github.io/webpayments/proposals/tokenized_cards.html )
Ken: I am not focusing on
EMV...
... at least in some of my experience participating so far in
calls, I don't see what we would consider an adequate focus on
security
... it doesn't have to be EMV, it doesn't have to be 3D Secure,
or tokenization...the point is that we think the group would
benefit by spending more time on security
... we think that there is an opportunity to educate
constituents, including about security
... I see great stuff happening from a coding perspective
(easier payments) and from a user experience
... and also a merchant experience
... all of that is good, what we are saying here is that there
is an opportunity to do more, in part by educating people about
how to do more secure payments
... what I will pick up on the next call ... previous breaches
and what they have cost, and why it makes sense to address
them
<dezell> I agree strongly with Ken about the value of the discussion in the IG.
<Zakim> dezell, you wanted to comment if there's time.
dezell: +1 to Ken. One note is
that mobile may obviate need for EMV equipment updates
... it's not just crypto, it's about flow
<manu> +1 for putting more of a focus on security, especially digital signatures on data sent via Payment Request...
jeff: I am most interested in security issues as they relate to specific recommendations that we are doing
<manu> (and encrypted fields in Payment Request)
jeff: in some cases there may be
opportunities to provide feedback on specs in developments in
various working groups (and guidelines for usage)
... is there some specific call-out that we need to make to
these working groups?
Ken: I hear that. I want to
ensure I am not being myopic (Amex perspective only, or
traditional ways we would address an issuse)
... Authentication is an important issue; I want to continue to
advocate relationships with other organizations such as X9,
PCI, EMVCo, [FIDO]
<manu> Ian: We can try to map the existing security work at W3C to Amex's perspective... where should we focus? That'll help us get more concrete about this.
https://www.w3.org/Payments/IG/wiki/Vision2017
<jeff> possible regrets next week, traveling in Europe
<manu> call next week, please... would like to hear more from Ken wrt. security... have a number of thoughts on it.
<manu> Ian: Let's hear more about Ken's proposal next week
24 Feb at 9am ET
regrets for that meeting: Jeff