15:30:00 <RRSAgent> RRSAgent has joined #wpwg
15:30:00 <RRSAgent> logging to http://www.w3.org/2017/10/03-wpwg-irc
15:30:08 <Ian> Meeting: Tokenization Task Force
15:30:12 <Ian> Chair: Ian
15:30:35 <Ian> agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2017Oct/0002.html
15:30:57 <Ian> present+
15:31:08 <Ian> present+ SteveSommers
15:33:31 <lte> lte has joined #wpwg
15:35:14 <Ken> Ken has joined #wpwg
15:35:20 <Simon> Simon has joined #wpwg
15:38:36 <MANASH_MC> MANASH_MC has joined #WPWG
15:44:54 <Ken> +Q
15:45:30 <Ian> [10:34]  <Ian> present+ Ken
15:45:30 <Ian> [10:34]  <Ian> present+ Olivier
15:45:30 <Ian> [10:34]  <Ian> present+ SimonDix
15:45:30 <Ian> [10:36]  <Ian> Topic: TPAC agenda planning
15:45:30 <Ian> [10:36]  <Ian>    https://github.com/w3c/webpayments/wiki/FTF-Nov2017
15:45:31 <Ian> [10:38]  <Ian> present+ Laura
15:45:33 <Ian> [10:38]  <Ian> present+ Manash
15:45:35 <Ian> [10:39]  <Ian>     Demo (Manash/Sachin) and report on experience with network tokenization spec.
15:45:37 <Ian> [10:39]  <Ian>     3DS 2.0, UX, Regulatory overview, Benefits to W3C members
15:45:41 <Ian> [10:39]  <Ian>     How can 3DS 2.0 scale through PR API
15:45:43 <Ian> [10:39]  <Ian> Manash: EMVCo is coming out with 3DS 2.0
15:45:45 <Ian> [10:40]  <Ian> ...it's a vast improvement...several reasons it's important:
15:45:47 <Ian> [10:40]  <Ian> - regulatory
15:45:49 <Ian> [10:40]  <Ian> ....in some markets 2-factor auth is required
15:45:51 <Ian> [10:40]  <Ian> ...but the user experience can be klunky
15:45:53 <Ian> [10:41]  <Ian> ...but potentially 95% of the time step up will not be required (to strong auth)
15:45:55 <Ian> [10:41]  <Ian> - 3DS 2.0 does improve the approval rates (for CNP)
15:45:57 <Ian> [10:41]  <Ian> in the US 1 in 6 transactions is declined. 3DS 2.0 is supposed to increase acceptance rates
15:45:59 <Ian> [10:42]  <Ian> - Liability shift may also be possible in some jurisdictions
15:46:01 <Ian> [10:42]  <Ian> ...but 3DS 2.0 has costs - scalability, ....
15:46:03 <Ian> [10:42]  <Ian> ...what we want to focus on TPAC is:
15:46:05 <Ian> [10:43]  <Ian> 1) benefit of 3DS 2.0..and can we create a scalable model on top of PR API that allows merchants to accept 3DS 2.0 without setting up a 3DS 2.0 server
15:46:08 <Ian> [10:44]  <Ian> ...there is a potential scalable solution to make it less burdensome on the merchant
15:46:12 <Ian> [10:45]  <Ian> IJ: what might we get to see about network tokenization payment method?
15:46:14 <Ian> present+ Ken
15:46:16 <Ian> present+ Olivier
15:46:18 <Ian> present+ SimonDix
15:46:20 <Ian> present+ Laura
15:46:22 <Ian> present+ Manash
15:46:28 <Ian> Manash: At TPAC what we are hoping to show how you create a scalable format using network tokens
15:47:08 <Ian> ...we want to move away from Basic Card and from custom payment methods
15:47:28 <Ian> ...we want merchants to be able to say "I accept network tokens" and allow any payment app to return a token
15:47:45 <Ian> ...we will have a design and roadmap at TPAC
15:48:09 <Ian> ack Ken
15:48:26 <Ian> Ken: +1 to Manash's agenda
15:48:49 <Ian> https://w3c.github.io/webpayments-methods-tokenization/index.html
15:50:04 <Ian> https://github.com/w3c/webpayments-methods-tokenization/wiki/Network-Tokens
15:51:01 <Ian> Manash: The wiki reflects our more recent understanding.
15:51:25 <Ian> Manash: Note that 3DS 2.0 is independent of tokenization (can be used with basic card)
15:53:22 <Ian> IJ: to ensure this work is understood:
15:53:25 <Ian>  a) What are the delviearbles?
15:53:32 <Ian>  2) Make sure our rechartering includes that in scope
15:54:14 <Ian> Last edited in august => https://github.com/w3c/webpayments-methods-tokenization/wiki/Network-Tokens
15:54:49 <Ian> ACTION: Ian to update the network token payment method to include the data model in the wiki
15:54:50 <trackbot> 'Ian' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., IFSF-EFT-WG-Lead, ijacobs, ijmad).
15:54:55 <Ian> "Tokenized Card Payment"
15:55:07 <Ian> IJ: What title should we give that spec?
15:58:26 <Ian> Manash: Network / Issuer Tokenized Card Payment
15:58:41 <Ian> IJ: Let's keep short title and move details to abstract
15:59:17 <Ian> Manash: In a couple of weeks we will have more clarity on when we will have a demo with worldpay
15:59:53 <Ian> ...I would also like to understand how other players in the ecosystem are planning to work with a tokenization standard.
16:02:28 <Ian> q?
16:02:40 <Ian> Topic: Encrypted Card
16:02:49 <Ian> IJ: Any news or updates?
16:03:03 <Ian> Olivier: No updates. I still plan to build a prototype for TPAC
16:04:01 <oyiptong> Ian: you're dropping off
16:04:32 <oyiptong> Ian: maybe you can try dropping video?
16:05:26 <Ian> Value proposition for encrypted:
16:05:33 <Ian>  * World where user does not yet have payment app that does tokenization
16:05:54 <Ian> * World of PCI exposure even when third party using iframe
16:06:49 <Ian> * Where merchant wants to control routing and therefore ok to get data itself; just wants that data to be opaque
16:08:15 <Ian> IJ: We should be able to articulate the value proposition and who the interested parties are.
16:08:28 <Ian> Manash: Where is the card being encrypted?
16:08:33 <Ian> Olivier: In the user agent (or other payment app)
16:08:40 <oyiptong> https://github.com/w3c/webpayments-methods-tokenization/wiki/encrypted_card
16:12:20 <Ian> We characterize this as "transitional" payment method prior to broad adoption of network tokens
16:12:25 <Ian> Manash: interesting!
16:13:15 <Ian> ...also interested in relationship to dynamic CVV etc.
16:13:48 <Ian> ...what if the browser calls a server that provides a dynamic CVV
16:13:56 <Ian> ..then the browser doesn't have to ask the user to enter a CVV code
16:15:09 <Ian> olivier: Background transactions also interesting...how does dynamic cvv work in subscription world?
16:15:19 <Ian> Manash: You have card data on file but don't store the CVV...
16:15:43 <Ian> ...there's a call to the server when payment (subscription transaction) required, so get a dynamic cvv at the transaction time
16:16:12 <Ian> Oyiptong: The added security is the ability to deny the transaction before it's made?
16:16:30 <Ian> Manash: Rather, the data is dynamic (so more secure)...whether cvv or expiry date
16:16:43 <Ian> ...one question is "who can generate that data?" it's either banks or networks
16:17:37 <Ian> IJ: Is this still Basic Card though from the merchant perspectiv?
16:17:40 <Ian> Manash: Yes
16:18:51 <Ian> IJ: Do we need a different payment method identifier for social reasons? (e.g., so merchants can say "I did not get basic card back")
16:19:29 <Ian> Manash: Or maybe there is a user experience change (e.g., no input for CVV; call a server instead)
16:19:41 <Ian> ...merchant cannot store the data it receives
16:20:31 <Ian> ...so probably need to signal to back end that some data cannot be stored
16:24:05 <Ian> IJ: Should we turn encrypted card into a payment method spec?
16:25:01 <Ian> ...let's keep as wiki (dropping part II) and if WG supports adopting it, give it a new repo
16:25:21 <Ian> Topic: next meeting
16:25:50 <oyiptong> q+
16:25:58 <Ian> ack oy
16:26:17 <Ian> oyiptong: I want to talk to Andre about encrypted card
16:27:49 <Ian> ack oy
16:28:34 <Ian> Proposed 24 October
16:28:42 <Ian> (WRONG)
16:29:17 <Ian> Things we can do at a call before TPAC:
16:29:19 <Ian>  * Review draft presentations
16:29:24 <Ian> * Review updated payment method specs
16:29:59 <Ian> NEXT MEETING: 17 October
16:30:12 <Ian> agenda:
16:30:18 <Ian>  * Check on Olivier outline
16:30:23 <Ian>  * Check on Ian's network tokenization spec edits
16:30:44 <Ian> RRSAGENT, make minutes
16:30:44 <RRSAgent> I have made the request to generate http://www.w3.org/2017/10/03-wpwg-minutes.html Ian
16:30:53 <Ian> RRSAGENT, set logs public