Web Payments Working Group

09 December 2021


Anne Pouillard (Worldline), David Benoit, Doug Fisher (Visa), Gerhard Oosthuizen (Entersekt), Ian Jacobs (W3C), Jean-Luc Di Manno (FIME), John Fontana (Yubico), Manish Garg (Banksly), Nick Telford-Reed, Praveena Subrahmanyam (Airbnb), Rolf Lindemann (Nok Nok Labs), Stephen McGruer (Google), Suzie-Annezo Sebire (FIME), Tomoya Horiguchi (JCB), Werner Bruinings (American Express)

Meeting minutes


Welcome Chairs

[Praveena and Gerhard]

New Privacy and Payments resources

Privacy and Payments

smcgruer_[EST]: We have documented how privacy changes might impact changes on the Web.
… a lot on 3p cookie decprecation, but also about the general question of privacy.
… we have three sections:

Problem statement

Payment flows

Things that will break

smcgruer_[EST]: I invite people to help flesh these out and to let us know about things that are important to you and that, in particular, you think will break

Ian: What can we do?

smcgruer_[EST]: Would appreciate individuals reading these and letting us know their thoughts.
… welcome pull requests

nicktr: What other consultations are going on between browsers and payments industry?

smcgruer_[EST]: As Chrome, our main forum is WPWG / WPSIG
… we do have other partnerships via other parts of Google
… this is the main forum.

nick: We should let various groups outside and within W3C about this.
… e.g., MAG, Conexxus, etc.


ACTION: NickTR to work with co-CHairs and Team Contact to socialize these resources

Gerhard: Let's walk through some of this during our sessions.
… the pages are focused on "the rails"
… if you look at how open banking and FAPI works, payments are initiated in a different way
… the surprises will happen around where and how you get customer consent, rather than how the money is moved
… might be useful to build out the authentication / consent mechanisms in the different scenarios
… what might be useful is that we may find we know will be problems.
… e.g., we know that the method URL in an iframe will create this or that problem.

nicktr: what is slightly reassuring is that Stephen has already mentioned behaviors that have already changed (e.g., cookie behavior in some browsers)

nicktr: Also would be interesting to hear issues in non-card space

<Zakim> smcgruer_[EST], you wanted to comment on that

smcgruer_[EST]: Agree world didn't end when Safari and Mozilla changed cookie behaviors, so that's mildly reassuring. But I think there are some things that will break that are of concern.
… beyond 3p cookie changes, there's a broader question about the future direction.

smcgruer_[EST]: We also have to take a look at future payment models that are privacy protecting

Manish: 3p cookies IMO are less of an issue for open banking
… due to the model


Ian: I think it would be interesting to do some vision work, although I find in practice that what gains traction may not always align with our higher level thinking

NickTR: In open banking, 3p cookies are often used for hints (e.g., user's preferred bank)
… once in a 1p context, I agree that 3p cookies are less relevant

smcgruer_[EST]: +1 to nick. One concrete thing I heard is that due to choice of banks, 3p cookie often used for keeping track of user pref

<smcgruer_[EST]> https://github.com/WICG/FedCM/blob/main/explainer/problem.md#navigational-tracking may be worth a read btw, for privacy cases that don't have to do with 3p cookies but which seem applicable to all of payments

nicktr: Payment handlers were designed to allow explicit consent

Anti-Fraud CG has started

Ian: Any volunteers to read them?

<nicktr> I'm going to read them

Nick: I will

<Gerhard> +1 to attempt to read them

Payment Request and PMI Next Steps


Ian: what's coming up:

- Decision regarding changes to the spec

- Call for consensus

- Transition request


Rechartering mini-update

Ian: Stay tuned!
… please ask your AC rep to review the charter
… before 18 Dec

Year in review and upcoming priorities

nicktr: We are keen to understand where you want us to go
… I listed my view of what I've heard in the agenda



Getting Payment Request and Payment Method Manifest over the line as a recommendation.

Further experimentation and development of Secure Payment Confirmation

Privacy considerations based on browser changes; impact on risk assessment and "returning user" use case

Solving the payment handler conundrum


[Nick reviews the four things in his list]

Nick: What's missing for you from this list?

Nick: Other good questions for the group:

- Driving adoption

Nick: How do we get more non-card experimentation?

Nick: What do we want to see in terms of PR API next features?

Ian: Let's talk about SPC adoption.

<nicktr> ian: please go and have a look at the SPC issues

next meeting 20 January 2022

20 Jan!


Nick: I will take an action item to work with the official w3c calendar

ACTION: Nick to look into using W3C calendar in the WPWG

Nick: Thanks everyone for another awesome year!
… we'll look at more privacy discussion at the 20 Jan call

Summary of action items

  1. NickTR to work with co-CHairs and Team Contact to socialize these resources
  2. Nick to look into using W3C calendar in the WPWG
Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).