Planning for strategic discussion on the direction of the IG during the October 2015 face-to-face meeting of the Web Payments Interest Group. Comments welcome on public-webpayments-ig@w3.org.

Introduction

Eleven months after launching, it would be good to see whether we agree that the Interest Group is doing the "right things." Right now I see two primary sources of right things:

1. Industry needs (notably those expressed by the participants in this group)
2. Our charter.

Industry Needs

To learn industry needs we are currently planning:

• Stakeholder discussions
• Functional topics people are passionate about.

QUESTION: How else to gather information about industry needs?

Our Charter

There's a lot of interesting material in our charter.

Success Criteria

I took a stab at rating us on the success criteria after 11 months (very good, good, fair, poor, premature).

Participation in IG

Participation via mailing list subscription and postings from people representing various 
stakeholder communities, including banks, payment industry, various legal and regulatory 
bodies with mandates that are related to Web payments, payment standardization bodies, 
hardware and software developers, mobile operator companies, browser vendors, application 
developers, merchants and merchants association, and users.

• RATING: Good. We now have 95 participants from 45 Member organizations and another 7 invited experts. We have representatives from different continents, and from most of the categories listed above.
• EXAMPLE OF STRATEGY TO IMPROVE:
  • We are in the early phases of organizing an outerach event in Tokyo (analogous to the one we organized in New York) on 2 November. Please let me know if you are interested in participating.
• QUESTIONS
  • What strategies do you recommend to increase representation from the different stakeholder groups?
  • What strategies do you recommend to increase representation in different regions? (It would be great to hear from Alibaba, on this topic, for example, because of the challenges they face in particular around time zones).

Participation in Other Groups

Members of the Interest Group join relevant Working Groups and drive the development of work items.

• RATING: Don't know. I believe one great opportunity will be the new strong authentication Working Groups that are currently in development.

Feedback on Deliverables of Other Groups

Constructive feedback on W3C deliverables posted for review on the Web Payments IG mailing list.

• RATING: Premature. I think that we will play a stronger role once the Web Payments Working Group has launched. I expect we will discuss the ongoing relationship between the IG and the WG during the WG's face-to-face meeting.

Industry Engagement

Successfully engage and coordinate with other organizations in the payments industry.

• RATING: Good. I interpret this question in two ways: companies and other standards efforts. The staff in particular but the entire IG has done a fine job reaching out to companies that we believe should take an interest in the work. Regarding liaisons with other standards bodies, we are fortunate now to have ISO20022 RA participating directly in the group. We have had some interactions around ISO 12812. Several people from the IG are participating in various government efforts in Europe and the US (and possibly elsewhere).
• EXAMPLE OF STRATEGIES TO IMPROVE:
  • Industry engagement meetings in China, New York
  • Japan meeting mentioned above
  • W3C is looking into establishing a more scalable approach to listening to industry needs at high level; stay tuned for more discussion of this around TPAC.
  • Revised communications strategy (materials, media outreach, blog schedule, etc.)
• QUESTIONS
  • Should we plan for an industry gathering alongside our next face-to-face meeting (e.g., Europe in March or April 2016)?
  • For banks: Pat indicated recently that to connect with industry, we need to be able to articulate more clearly how our activities relate to existing bank activities and interests (ISO20022, OAUTH2 and other identity work, etc.).

Roadmap

Successfully develop a roadmap for Web Payments that identifies the key buildings blocks 
and challenges that need to be addressed and the roadmap is supported by the major players 
in each category of stakeholders.

• RATING: Fair. First, we did something very well in my view: we provided the Membership in April 2015 with a very specific timeline for the launch of the first Payments Working Group. At the current time, we are on track (though we may see delays due to handling Member review comments). We also provided the Members with a Roadmap although I am not yet confident in that roadmap. I think it's a good start but we need to revisit it and update it (which is one piece of the TPAC FTF meeting).

Deliverables

Our charter speaks about the following as "preliminary deliverables".

Roadmap

• Identify and review existing, relevant technical standards for payment systems in terms of e.g. risk management and governance.
  • RATING: Poor. This has not been as salient for our WG charter scope.
• Identify existing and possibly future issues and challenges of Web payments, from technical, business and legal perspectives. This includes the identification of the different actors in the payments chain, their position, their business models, their responsibilities, their incentives, etc. This also includes the identification of the roles of regulations in the payment chains, and how it can affect the payment flow.
  • RATING: Fair. We have endeavored to identify business benefits and incentives when discussing our work (see, for example, our FAQ question on benefits). We have even had periodic discussion of regulatory questions but for the scope of our first WG, those questions are not as relevant.
• Identify a set of scenarios that are in the scope of Web Payments work, including payments in brick and mortar stores with mobile devices, off-line payments, micro-payments, mobile money, integration of issues such as "floor-limits" and "stand-in" for specific transaction scenarios should be considered. etc.. These scenario should highlights the interfaces between payment systems, including users' account, and applications as well as the complete transaction flow. They should also highlights interactions with essential external services such as identity providers. It may be appropriate to design a typology of Uses-cases where a set of cases illustrate in different ways the same element. Such a typology will help separating the overall space in smaller units that could be handled separately.
  • RATING: Very Good; see the use cases
• Identify where standards are needed to ease the transparent interaction and integration of existing and future payment methods and Web applications. This includes (details skipped)
  • RATING: Very Good; see our Web Payments WG Charter
• Identify where standards are needed to ease the management and interoperability of bill/utility payments
  • RATING: Poor (also, not currently in use cases I think).
• Identity other services that are related to payments such as invoices storage, digital receipts storage, warranty, recurring payments, loyalty cards, coupons, etc.
  • RATING: Poor. We have for now not prioritized any of those (but they are part of the agenda of the merchant stakeholders discussion).

Web Payments terminology

• Identify and review existing terminology that has been established by a variety of international organizations and standards. This

includes e.g. UNCITRAL terminology, World Bank Terminology, ISO20022 or ISO29115.

• • RATING: Good, but incomplete (see experiment)
• Adopt, as much as possible, common terminologies accross glossaries to cover needs identified in new use-cases or scenarios
  • Rating: Good. Shane worked on automatic integration. (But the charter introduces some terminology and we need to reconcile that with the other documents).

Wallet and Wallet API

• Identify the role and the place of a digital wallet in the payment process in the different scenarios identified in the roadmap (e.g. online and onsite payments, proximity payments). This includes the investigation of Wallet at the customer end as well as at the merchant end (connected to merchant's checkout/payment option). This also includes investigation related to the interaction between Wallet providers, individual payment instrument providers and regulations.
  • RATING: Good. We have had extensive discussions about wallets and their many meanings. We have, for now, chosen to use a simple definition and not propose wallet standards, only APIs for a small set of payment messages via wallets.
• Define an open framework that encourages innovation in digital wallets and leverage interoperability with merchant sites.
  • RATING: Good. That is the topic of the first Working Group. However, functionality is limited.
• Identify the functionalities of wallets and the interactions with the different stakeholders.
  • RATING: Fair. That is covered in part through use cases (and is on the agenda of the merchants stakeholder discussions).
• Identify the needs for standards.
  • (This is too vague a statement; that is the overall goal of our work; I would delete this in a future charter.)
• Identify requirements to enable integration of new payment instruments (e.g. cryptocurrencies), new payments schemes and ancillary services, such as loyalty cards or coupons.
  • RATING: Good. That is the topic of the first Working Group. However, functionality is limited.

Payment Transaction Messaging

• Identify and review existing, relevant technical standards related to transaction messaging.
  • RATING: Fair
• Identify requirements and constraints to define a standard way for merchants to describe transaction contents and merchant identification (aka “tokens”).
  • RATING: Good. That is partly in scope for the Web Payments Working Group (invoices, etc.)
• Identify requirements and constraints to define a standard way for payment service providers to communicate transaction results back to the merchants and users.
  • RATING: Fair. The Web Payments WG will define a payment completion signal (where applicable).
• Identify requirements and constraints to define a standard way to initiate payment process within a web application. This includes the possible provision of customer information (shopping attributes) such as geolocation, time of purchase, or any other information that might be requested by the payment providers to e.g. detect fraud.
  • RATING: Very good; this the subject of the Web Payments Working Group.
• Identify requirements and constraints to define a standard way for payment service providers to communicate specific account information such as account balance, transaction history, etc.
  • RATING: Poor. This has not yet been prioritized, but is likely in scope for upcoming "internet of value" discussions.
• In all the above items, investigations should take into account the specificities of mobile payments and proximity payments.
  • RATING: Premature.

Identity, Authentication, and Security

• Identify and review existing, relevant technical standards for authentication, secure transactions and identity provision.
  • RATING: Poor. This should likely not be a focus of the Interest Group, and work should primarily happen in the W3C Security Activity. However, we have had some discussions on this topic.
• Improve Web user-agents (a Web browser, a hybrid app, or an installed Web application) to enable improved authentication using various technologies from multi-factor authentication to secure-elements, to smartcard-based authentication. This includes Mobile/device specifics such as Multi-Modal or contextual security.
  • RATING: Poor. Again, belongs in the Security Activity.
• Review existing Identification mechanism and identity providers on the Web and whether they fit with payments requirements in terms of privacy and security. Develop requirements and use-cases otherwise to seed new work in the area. A particular attention will be put on privacy aspects, and information exchange between identity providers and payment system providers.
  • RATING: Poor. Our discussions on identity and credentials have not yet converged on specific next steps.
• Identify user data protection and user privacy issues as well as the management of data provisioning required by regulation and by anti-fraud detection processes.
  • RATING: Poor.
• Access basic user and payment provider information via the Web in a way that is easy to synchronize across devices and easy to share with various merchants given authorization by the customer.
  • RATING: Poor. Our discussions on identity and credentials have not yet converged on specific next steps.
• Minimize risk in identifying users by building on top of the Web Cryptography API implemented by all major browsers, including hardware tokens, smartcards, biometrics, mobile, two-factor authentication, Secure Elements, SIM or UICC, etc.
  • RATING: Poor. Belongs in the Security Activity.
• Explore possible mechanisms for Trusted UI.
  • RATING: Poor. We say in the WPWG charter that user interfaces is out of scope. Trust and security of UI belongs in the Security Activity.

Review, comments

• Review, comments and provide requirements to standards and other related documents developed by W3C and external groups related to Web Payments.
  • RATING: Premature/Fair. We expect this to change with the launch of the WPWG. We have also had discussions about 12812, and some IG participants are participating in the US Fed's task forces and in other efforts elsewhere.

Scope

Platforms

• The Web Payments Interest Group's scope covers payment transactions using Web technologies on all computer devices (desktop, laptop, mobile, tablet, etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed Web application)
  • RATING: Good. Our initial focus is Web across any device; we have postponed native App APIs for now.

Payment methods

• Traditional payment methods: e.g.credit and debit cards, credit transfer, direct debit, ACH, e-check, prepaid cards, etc.
  • RATING: Good. Both in the sense that the APIs of the WPWG will support these, and in conversations we have had.
• Non-traditional currencies (this term covers multiple cases such as the commonly called cryptocurrencies, digital currencies, or virtual currencies. This category is sometimes designated as "non-governmental units-of-account" by some International organizations )
  • RATING: Premature. Distributed ledgers are not excluded from the scope of the WPWG. We are planning to discuss distributed ledgers furthers (Internet of Value).
• Newer front-end payment initiating systems (e.g. various flavors of online digital wallets, contactless payments based on various technologies such as NFC or BTLE)
  • RATING: Poor. We have spoken little about NFC and BTLE. We have had initial discussions about QR codes and bar codes.
• Other value transfer methods such as loyalty points, coupons, etc.
  • RATING: Poor. We chose not to prioritize these at first.
• New person-to-person payment systems such as Mobile Money in the developing world.
  • RATING: Poor. We chose not to prioritize these at first.

Flows

• The Web Payments IG will cover a variety of scenarios including Web-mediated Business-to-Consumer (B2C),
  • RATING: Very good. That has been our primary focus.
• Business-to-Business (B2B),
  • RATING: Poor. Not prioritized.
• Business-to-Business to Consumer (B2B2C),
  • (I don't know what this means.)
• Person-to-Person (P2P) transactions in the case of physical (payment at physical shops) and online payments for physical or digital goods, including in-app payments.
  • RATING: Poor. This was not prioritized, though we expressed in our Vision that we want to see convergence and harmonization in different payment settings.
• It will also cover one-time payments as well as e.g. recurring bill payments.
  • RATING: Poor. Initial focus on one-time payments.
• Finally it will also cover micro-payments (low value payments) in different cases (P2P in international remittances or B2C/B2B for very small value goods such as press articles).
  • RATING: Poor. Not prioritized initially. However, the work of the WPWG could make micropayments cost effective by lowering the usability costs significantly through automation.

Next Steps

• QUESTION: What should we change in success criteria (if anything)?
  • QUESTION: Where we fall short, what are strategies for improving?
• QUESTION: What should we change in deliverables (if anything)?
  • QUESTION: Where we fall short, what are strategies for improving?
• QUESTION: What is our plan for the next six months?
  • QUESTION: Are our current task forces still relevant? If not, which ones do we need?