The Web Payments Interest Group is gathering stakeholder input from participants to establish IG priorities as of Q4 2015. Ideally this information would be one source of input to the group's October 2015 face-to-face meeting during TPAC.

On the organization of this material

• The Interest Group itself should determine how it wishes to organize stakeholder groups. The groups on this page may change over time.
• An IG participant may participate in the discussions of any group, but with the focus on the needs of that group.
• We do not wish to create stakeholder silos, only ensure that we are hearing needs. Therefore, we consider it useful to have the information for all groups on the same page, so that different groups can learn from each other and find overlapping interests.

Draft Questions

General Goals:

• Ensure breadth of responses and consistent input/data across stakeholder groups.
• Provide overview of the Industry/Stakeholder group needs relative to the Web Payments IG work

General

• What are the user stories? How important are these to your stakeholder group?
• At a high level, provide an overview of how Web Payments standards would benefit or be of use to your industry/stakeholder group. Provide specific examples of priorities/key pain points that standards in this space would improve.
• One way to organize your material (this is just a thought, not a requirement) is to align with some key capabilitly groups:
  • Core and security
  • Identity and credentails
  • Accounts and ownership
  • Clearing and settlement
  • Commerce

Stakeholder groups

Customers

• Leads: ??
• Examples: People, organizations, software agents
• Topics of Concern/Focus
  • Identity/Credentials and Privacy
  • Digital Receipts

Accessibility - Customers with Disabilities & A11Y Vendors in Payments

• Leads: Katie Haritos-Shea, Charles McCathie Nevile
• Examples:
  • Web payment implementations in Japan that address Accessibility - A11Y Vendors in Payments
  • What the new WP WG needs to know about Accessibility relative to Web Payments
  • What the WP IG should consider next in Accessibility for future WG and their Charters
  • Real world impacts of enabling Accessibility in web payments
  • Percentage of Unbanked/Underbanked that are PWD
• Topics of Concern/Focus
  • Alternate forms of Identity/Credentials and Privacy for CWD
  • Alternate forms of Authentication
  • JSON LD and data formats that support Accessibility
  • Push by US by Federal financial regulators to ensure the dedicated inclusion of Persons with Disabilities in all new mobile payment initiatives’ and technologies.

Merchants / Retailers

• Leads: David Ezell, Joerg Heuer
• Examples: 7/11, Walmart, Target, Tesco, Mom and Pop Shops

Strategies for gathering material

• Hold periodic telcons with IG members
• Develop presentation materials for the W3C Digital Marketing Workshop
• Gather feedback from the Digital Marketing Workshop
• Attempt to reach out more effectively to merchants from Europe and Asia

Materials

Scope

• Our scope covers merchant/retailer operations that are touched by payment.
• Our scope is not limited to any specific technologies.
• A list of technologies that might guide consideration are listed below in this section.
• The group has not voted on any specific scope yet.

Draft questions

• Are there any general use cases for payment, important to your business, that are not currently enumerated in the Web Payments IG Use Cases? If so, can you please enumerate them?
• What payment schemes does your business currently accept?
• What loyalty or coupon programs do you support and how are these related to payment?
• Does your business require access to EFT (Foodstamps, government programs)?
• Does your business sponsor any branded payment instruments? If so, are they
  • Rebranded from a standard card scheme?
  • Created as a new payment channel for your business (e.g. ACH)?
• Has your business created a mobile app (e.g. for payment or loyalty)? If so, what are the supported features?

See the Stakeholder Outreach Page for outreach materials.

Drafts

The following two drafts represent work garnered from this stakeholder group, and presented at the W3C Digital Marketing and Web Convergence Workshop at Nielsen in Tampa, 2015-09-17/18.

• Presentation from the Digital Marketing and Web Convergence Workshop
• "White Paper" from the Digital Marketing and Web Convergence Workshop

Meeting history

• Minutes of 4 September "merchants/retailers" discussion

Candidate Topics

• Topics of Concern/Focus
  • Commercial Instruments
    • Top-level Categories:
      • Loyalty Cards
      • Electronic Coupons
      • Other Rewards
    • Classifications:
      • Progressive points or Instant award
      • Awarded by:
        • Manufacturer (Product)
        • Payment Instrument (Pay with Points)
        • Merchant (Promotions)
    • Role of the Wallet in organizing items effectively
  • Identity/Credentials and PCI Compliance
  • Proximity technologies and methods
    • QR Code
    • NFC / BTLE
    • Biometric reading
  • Multi-tender (payment instrument) transactions
  • Interaction with EFT (Foodstamps) and other loyalty or coupon programs

Notes

• Small businesses in particular may benefit from the deliverables of the WPWG if it makes it easier to accept more forms of payment.

Payment Service Providers

• Leads: Chao Duan and Kepeng Li
• Examples: Worldpay, PayPal, Dwolla, Alipay, TenPay, Baidu Wallet, Adflex, Adyen, Anderson Zaks, BT Buynet, Bucksnet, Capita, Cardstream, Citypay (Payoffshore), Clear Commerce, Creditcall, CyberSource, Datacash, Datatrans, Debitech, ESP, eWay, Integral, Iridium, ITS, Logic Group, Netbanx, Netpayments, Ogone, Paybox, Payment Express, Paypoint.net, Paywizard, PXP, Real Credit, Realex, ReD, Sagepay, Secure Trading, Ticketing Solutions, Ticketmaster, TNSPay, Total Web, UPG, VeriFone, Wirecard, Worldnet, UK cards association, EPSM.eu (a European association).

Feedback

See PSP Outreach

Topics

• Purchase information
  • Barcode
• Security
  • Biometrics and other authentication approaches
  • Tokenization
  • PCI compliance
  • Interaction with other protocols, e.g. 3D 2.0 Secure;
• Mobile
• User experience
  • Automated payments
• Regulation
  • Taxes and tax reporting
• Network issues
• International payments
• Risk management

Questions

• If there were a standard way to communicate payment information between web applications and browsers, what opportunities would this create for your business? What concerns might you have?
• What is the most important service you would like to provide your retail customers but cannot yet do so because of a technology obstacle? What are the reasons (e.g., lack of interoperability, cost of deployment to multiple devices, lack of standards,lack of adequate security, etc.)?
• What are the most important value added services (e.g., loyalty) that you would like to build on top of future payment systems?
• What other mobile payments use cases are you working on and when do you plan to deploy solutions?
• What non-mobile Web payments use cases are you working on and when do you plan to deploy solutions?
• What Web technologies do you support in your payment applications? (e.g., OAUTH2).
• What are the primary obstacles today that prevent you from deploying “credit transfer” (push) payment schemes?
• If you are involved in faster payment initiatives, are there new Web technologies that you believe are important to success?
• In your region, if there are open API regulatory requirements, are there new Web technologies that you believe are important to success?
• What issues (technical, legal, developer, etc.) lead you to choose native mobile platforms over Web applications? Are there specific Web capabilities whose absence is limiting delivery of services?

Agenda idea

• Playback of what we heard (organized thematically)
• Map against existing use cases.

Banks

• Lead: Arie Levy-Cohen

Strategies for gathering material

• Develop a set of questions to share with banks and financial institutions
• Reach out to the European Central Bank and European Banking Authority to understand perceived standards needs from government. Note: We are not intentionally limiting our outreach to European agencies and welcome input from agencies in other regions.
  • See Action 144.

Materials

• Wiki for managing outreach to banks

Scope

• We have consensus to focus on retail banking. Other aspects of banking are no less important, but as an initial effort, we believe retail banking aligns best with our activities.

Draft questions

• See the outreach template

Additional notes

• Usability: The banks have been creating mobile apps to improve the user experience, basically you can transfer your money by touching the screen 4 times. (Leandro)

Identity

• We know "identity" to be a broad topic.
• We distinguished the identity requirements at two specific moments:
  • Enrollment time
  • Transaction time (e.g., re: source of funds)
• We felt we should not focus on identity requirements at enrollment time.
• We discussed whether there is value in interoperability between identifiers minted at enrollment time, and identifiers (re)used at transaction time.
• Europe is poised to require multi-factor authentication for (some) payments; what is the impact of those requirements on (upcoming) work on stronger Web authentication?

Account access

• We mentioned PSD2 and wondered whether there is a role for standard access to accounts (e.g., from Web applications). However, we did not reach any conclusions.

Regulatory trends

• A move towards global standard. E.g. ISO 20022, the BIS principles for Financial Markets Infrastructures, the LEI (Legal Entity Identifier).
• Improved security, in particular stronger mechanisms against cyber attacks (BIS CPMI);
• Payments processing is accelerating: instant payment implementations and projects are emerging in many countries. Although not as such a regulatory issue, customers are asking for it, in many countries central banks or governments are supporting of pushing for it;

Meeting history

• Minutes of 17 September "banks" discussion
• Minutes of 8 September "banks" discussion
• Minutes of 31 August "banks" discussion

Mobile Operators

User Stories

Remote Payments

• Description: paying for something away from the POS or through a system that does not require interaction with a POS
• Benefit: operators can maintain a richer customer-operator relationship and can create business relationships with merchant acquirers. They could use existing assets in these payment solutions, such as identity. Others
  • Consumers: benefit from greater security assurance and more stable, widely accepted payment platform
  • Merchants: increased sales potential
  • Merchant acquirers: increased completed transactions with less need to maintain complex and large numbers of business relationships

One-click checkout

• Description: order items (instore or remote) with one click
• Requirements: user must previously completed on-boarding
• Recognised Issues: regulations may may this globally impossible
• Benefits: can easily be provided by mobile device so if managed by operators can be easily maintained.

Identity and Authentication

• Identity solutions are being standardised in a number of bodies
  • Open ID Foundation
  • IETF
• New identity solutions utilise more secure methods of identity verification and access including
  • tokenisation
  • attribute checking
  • anonymity
• Operators and other identity providers can link their identity solutions (e.g., mobile connect) with their payment solutions to provide a set of richer services for users
• Operators can rent (secure) SIM card space to others
• Operators and other identity providers can use their existing user data for this (as Google does with gmail)
• Note: mobile phone number is not always the identifier here.

Value Added Services

• Description: tie-ins related to purchase items and services. Coupons, loyalty cards, frequent visitor card.
• Based on a small amount of conversation, we did not hear this as a pressing use case.

Payment Provider Onboarding

• Apparently this is painful. Banks needs to connect to backend structures of various MONs, which is costly and complex.
• Note: Right now the MNO opens up the SE mostly through proprietary APIs. But Global Platform has just started work on api for trusted service manager.

Carrier Billing

• What would be needed to make it easier to bring carrier billing to the Web (in addition to strong authentication and the APIs of the Web Payments WG)? Would this happen through a digital wallet provided by the MNO?

Requirements

• Enrolment requirements
  • data entry for things such as amount, identity entry, other personal data, confirmation for enrolment and payment.
• Secure connections
  • payments should be conducted over secure payments only, could look into a check to ensure proper SSL/TLS is setup and secure.
• Wallet
  • Needs simplification of payment provider onboarding
  • Must support in-app, online and instore transactions
  • Should support the adding of Value Added Services
• Tokenisation
  • More services moving to accepting tokens over credit card numbers. Should do the same in new web standards.
  • EMVco Payment Tokenisation Technical Framework Spec

Realities

Some realities for the mobile industry working with payments include:

• Users will continue to want to pay with different forms of payment (credit card, bank transfer, pre-payment, pay by bill, etc.)
  • Although, cash transaction will decrease
• Users will want to pay with a variety of devices. The mobile device is only one of these (but also an extremely popular choice)
• Users will use different identities for different purposes.

Other Ideas

A list of other ideas not fitting the the above categories.

• Guideline Documents
  • Web payment deployment guidelines for verticals (especially transport and retail) based on in-market implementations.
  • Mobile money code of conduct
• Guidelines to regulations globally

Payment System Vendors

• Leads: ??
• Examples: Verifone, Oracle, Digital Bazaar
• Topics of Concern/Focus
  • Guarantee of Interoperability (independent testing)

Meeting History

• 2 September 2015 telcos call

Browser Makers

• Lead: ??
• Examples: Chrome, Firefox, Internet Explorer, Opera
• Topics of Concern/Focus

Regulators

• Lead: ??
• Examples: FinCEN, Hong Kong Monetary Authority, Securities & Exchange Commission
• Topics of Concern/Focus
  • Identity/Credentials and Know Your Customer and Anti-Money Laundering Regulations

Timeline

• Week of 24 August: We organize a 30-minute call with those interested to start the discussion, and in that call we find a champion for that group. The champion continues discussions with the group (which can also happen on this mailing list ff people wish) to develop the perspectives (in this wiki).
• Week of 5 September: We hear from each champion on the 5 September call, what the highlights are. We provide feedback, that the champions incorporate into their materials. Each group then continues to flesh out its perspectives as far as it needs in this wiki.
• At the face-to-face meeting we hear from each stakeholder group as part of determining next priorities for the IG.