[Draft] Web Payments Working Group Charter
The mission of the Web Payments Working Group is to make payments easier and more secure on the Web. The group seeks to:
- streamline checkout by making it easier for users to return stored credentials and other information, and by creating a consistent experience across Web sites, browsers, and operating systems. These improvements should help reduce the percentage of transactions abandoned prior to completion ("shopping cart abandonment") by improving consumer confidence in the payment experience;
- improve payment security by fostering digital payment method innovation on the Web;
- simplify and lower the cost of creating effective Web checkout experiences;
Under this charter, the Working Group defines Recommendations that allow for a payment to be initiated within a Web site or application.
| Start date | 9 March 2018 3 February 2020 |
|---|---|
| End date | 31 December 2019 2021 |
| Charter extension | See Change History . |
| Chairs | Nick Telford-Reed, Worldpay; Invited Expert; Adrian Hope-Bailie, Ripple Coil |
|
Team
Contact
(FTE %: 50%) 40%) |
Ian Jacobs |
| Usual Meeting Schedule |
Teleconferences:
Weekly
Face-to-face: 2-3 per year |
Scope
Continued Work
The Working Group will continue to advance these existing specifications to Recommendation:
- Payment Request API , which standardizes an API to allow merchants (i.e., Web sites selling physical or digital goods) to utilize one or more payment methods with minimal integration. User agents (e.g., browsers) facilitate the payment flow between merchant and user, mediating the user experience and providing consistency between different merchants and providers.
- Payment Method Identifiers , which defines the validation and (where applicable) registration of identifiers used for matching purposes by other W3C payments specifications.
- Payment Handler API , which defines capabilities that enable Web applications to handle payment requests. The specification defines how Web-based payment apps handlers register their capabilities with the user agent, how the user agent communicates with them, and what information is exchanged. Note: Based on experience with the Payment Handler API, the Working Group is discussing creation of a new UI component where payments, authentication, and other activities can occur. This functionality would generalize some of the current payment-specific functionality of Payment Handler API.
- Payment Method Manifest , which allows the curators of a defined payment method or owners of a proprietary payment method to authorize (via a manifest file) which payment apps handlers may be used to fulfill the payment method. The scope of this work extends to all types of payment apps, handlers, including native mobile apps and Web apps.
The Working Group will continue to develop the following payment method specification, intended to become a Working Group Note:
- Basic Card Payment , which specifies request and response data for making simple card payments with Payment Request API.
Formal Adoption of Work Under Consideration
The Working Group has discussed, but not yet taken up formally, deleted text: the payment method specifications on the following topics. The Working Group will decide whether these should be published on the Recommendation Track or as Working Group Notes: topics:
- Network tokens </li> <li> Credit transfers </li> <li> Direct debits </li> <li> Interledger payments (in cooperation with the <a href= "https://www.w3.org/community/interledger/"> Interledger Payments Community Group </a> ) </li> <li> Distributed ledger payments </li> <li> Leveraging existing encryption mechanisms to secure payment data, in consultation with with relevant security groups in W3C and the IETF. EMV® Secure Remote Commerce (SRC) deleted text: </ul> <p> The Working Group will account for exception handling in the design of payment method specifications. These include, but are not limited to, authorization failures and network failures. </p> <h3 id="new-topics"> New Topics </h3> <p> The Working Group has had significant discussion about the following topics and anticipates discussion will continue: </p> <ul>
- The relationship of Payment Request API, Payment Handler API, Web Authentication, and the security model of the Web to the EMV® 3-D Secure - Protocol and Core Functions Specification. and EMV® Payment Tokenisation specifications.
- Credit transfers
- Direct debits
New Topics
Working Group participants have expressed interest in the following topics new a number of enhancements to this charter: Payment Request 1.0 . These include:
- Integration of user payment instruments previously stored by the merchant (e.g., "cards on file") into the display of options enabled through Payment Request API.
- Multi-tender payments
- Discount codes
- Trailing transaction (such as tips or post-checkout hotel expenses)
- deleted text: Access to and validation of billing address </li> <li> Enhancements to the event model so that payment methods involving merchant validation can do so within the Payment Request API flow. </li> <li> Facilities for improved error reporting to the user
- Facilities to enable merchants to test Payment Request API in their environments
The Working Group has discussed the following payment methods but has not developed any draft specifications:
- Payment app security and filtering Web Monetization
The Working Group will determine which specification type best suits each topic, for example through modifications to Payment Request API, through a payment method specification, or some other specification.
Curation of Working Group Resources
The Working Group will continue to curate the following resources it has published:
- Test suites for the above specifications. Note: To promote interoperability, all changes made to specifications should have tests.
- Registry of standardized payment methods
- Card Network Identifiers Approved for use as filters with Payment Request API deleted text: <li> <a href="https://github.com/w3c/payment-request-info"> Developer Portal </a> to help with adoption. </li>
The Working Group may publish similar informational resources deemed important for (e.g., FAQs or best practices documentation) to support the deleted text: successful deployment of its other deliverables.
deleted text: <h3 id="discontinued"> Discontinued Deliverables </h3> <p> The Working Group plans to discontinue work on the following specification: </p> <ul> <li> <a href="https://www.w3.org/TR/webpayments-http-api/"> Web Payments HTTP API 1.0 </a> </li> </ul>Out of Scope
The following topics are out of scope for this Working Group.
- This It is in scope for the Working Group to discuss user experience, for example as part of understanding user journeys during a checkout experience. However, this Working Group is chartered to Recommend programming interfaces, not user interfaces. interface specifics.
- The Working Group will not define authentication mechanisms (e.g., hardware-based solutions in securing transactions, or authenticating users via biometry or other mechanisms) but should be aware of industry developments to help ensure compatibility with the flows defined by this group. The Web Payments Working Group anticipates leveraging the deliverables of W3C's Web Authentication Working Group .
- A digital payment scheme is a set of rules for the execution of payment transactions that are followed by adhering entities (payment service providers, processors, issuers, acquirers, payers and payees), where transactions take place over networks (such as the Web). A digital payment instrument is an account, token, or other means of fulfilling the payment provider's role in a digital payment scheme. Some digital payment schemes make use internally of payment instruments from other payment schemes. How they register and communicate with internal payment instruments is beyond the scope of this charter.
Security and Privacy Considerations
A key security consideration is the ability to prove message integrity and authentication of all message originators. The Working Group will work with the organizations listed in the liaisons section of the charter to help ensure API security.
Protection of the privacy of all participants in a payment is important to maintaining the trust that payment systems are dependent upon to function. A payment process defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a loyalty program) by the owner of the information. The design of any API should guard against the unwanted or inadvertent leakage of such data through exploitation of the API.
Relation to Regulatory Requirements
The deliverables of this group should enable parties involved in a payment transaction to meet any and all regulatory obligations.
Deliverables
Recommendation Track Milestones
| Note: The group will document significant changes from this initial schedule on the group home page. See below for information about reference drafts . | ||||
| Specification | FPWD | Most Recent CR | PR | Rec |
|---|---|---|---|---|
| Payment Request API |
|
|
April 2018 October 2020 | July 2018 December 2020 |
| Payment Method Identifiers |
|
|
April 2018 October 2020 | July 2018 December 2020 |
| Payment Handler API |
|
September 2018 June 2020 | April 2019 January 2021 | July 2019 March 2021 |
| Payment Method Manifest |
|
June 2020 | January 2021 | March 2021 |
| SRC Payment Method | March 2020 | September 2018 2020 | April 2019 January 2021 | July 2019 March 2021 |
Non-Recommendation Track Milestones
- Basic Card Payment is expected to be published as a Group Note in Q1 2018. when Payment Request API 1.0 advances to Recommendation.
On Rechartering
Under this charter, the Working Group intends to deliver specifications for the topics listed in the sections on Recommendation track milestones , Non-Recommendation track milestones , and topics under consideration .
The Working Group would otherwise expect to recharter for other new Recommendation-track deliverables.
Dependencies and Liaisons Coordination
deleted text: <h3 id="wpig"> Web Commerce Interest Group </h3>deleted text: The mission of the Web Commerce Interest Group (formerly the Web Payments Interest Group) is to improve Commerce on the Web for users, merchants, and other stakeholders. The Working Group expects to work with the Interest Group as follows: </p> <ul> <li> The Interest Group may review and comment on Working Group deliverables. </li> <li> The Interest Group may play a role as "industry analyst," understanding and communicating business and technology drivers that help to make the case for functionality enabled by the Working Group. As technology and industry requirements change, the Interest Group should update their analyses and keep the Working Group informed. </li> </ul> <h3 id="other-w3c-groups"> Other W3C Groups </h3> <dl> <dt> <a href= "https://www.w3.org/International/core/"> Internationalization Core Working Group </a> </dt> <dd> Internationalization and localization review. </dd> <dt> <a href="https://www.w3.org/Privacy/"> Privacy Interest Group </a> </dt> <dd> For privacy reviews. </dd> <dt> <a href="https://www.w3.org/WAI/APA/"> Accessible Platform Architectures (APA) all specifications, this Working Group will seek horizontal review deleted text: </dt> <dd> To help ensure the protocols provide support for accessibility to people accessibility, internationalization, performance, privacy, and security with disabilities. </dd> <dt> <a href="https://tag.w3.org/"> Technical Architecture Group (TAG) </a> </dt> <dd> For Web architecture reviews. </dd> <dt> <a href="https://www.w3.org/2017/vc/WG/"> Verifiable Claims the relevant Working Group and Interest Groups, and with the TAG . Invitation for review must be issued during each major standards-track document transition, including FPWD </dt> <dd> For discussion of identity requirements. </dd> and at least 3 months before CR , and should be issued when major changes occur in a specification.
W3C Groups
- Web Application Security
- For review of security APIs and features.
- Web Authentication Working Group
- For discussion of strong authentication.
- <a href="https://www.w3.org/2008/webapps/"> Web Platform Working Group </a> </dt> <dd> For review of JavaScript APIs and manifest usage. </dd> <dt> <a href="https://www.w3.org/Security/wiki/IG"> Web Payment Security Interest Group
- For discussions about Web payment security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison. and use cases.
Groups Outside W3C
- EMVCo
- EMVCo administers many specifications known collectively as EMV®, including specifications about network tokenization, 3-D Secure, and Secure Remote Commerce.
- deleted text: <a href="http://httpwg.org/"> The IETF HTTP Working Group </a> </dt> <dd> The Working Group expects to coordinate with the IETF HTTP Working Group regarding HTTP-based payment initiation. </dd> <dt> ISO TC 68
- Coordination with ISO TC 68 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 20022).
- <a href="https://www.pcisecuritystandards.org/"> PCI Security Standards Council Open Banking UK , STET , and Berlin Group
- The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. Coordination will help ensure the API can be used securely For discussion about open banking APIs and meet merchant goals. Web payments.
Participation
To be successful, the Web Payments Working Group is expected to have a minimum of 10 active participants for its duration. Effective participation in Web Payments Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.
Participants in the group are required (by the W3C Process ) to follow the W3C Code of Ethics and Professional Conduct .
Communication
This group primarily conducts its work on GitHub and the public mailing list public-payments-wg@w3.org ( archive ). Administrative tasks may be conducted in Member-only communications.
Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Web Payments Working Group home page.
Decision Policy
As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, —using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.
Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.
Patent Policy
This Working Group operates under the W3C Patent Policy </a>. (Version of 5 February 2004 updated 1 August 2017). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.
For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .
Licensing
This Working Group will use the W3C Software and Document license for all its deliverables.
About this Charter
This charter for the Web Payments Working Group has been created according to <a href= "https://www.w3.org/Consortium/Process/groups#GAGeneral"> section 5.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
Charter History
| Charter Period | Start Date | End Date | Changes |
|---|---|---|---|
| Initial Charter | 21 October 2015 | 31 December 2017 | N/A |
| Charter Extension | 1 January 2018 | 1 March 2018 | None (Rechartering) |
| 2018 Rechartering | 9 March 2018 | 31 December 2019 | Deliverables under consideration since the previous charter are listed in section 1.2. |
| 2020 Rechartering | 3 February 2020 | 31 December 2021 | Deliverables under consideration since the previous charter are listed in section 1.2. |
Reference Drafts as of this Charter
The following information related to the W3C Patent Policy is provided as a convenience.
-
Payment
Request
API
Latest publication: <a href= 'https://www.w3.org/TR/2017/CR-payment-request-20170921/'> 21 September 2017 16 April 2019 -
Reference
Draft:
<a href= 'https://www.w3.org/TR/2017/CR-payment-request-20170914/'>
https://www.w3.org/TR/2017/CR-payment-request-20170914/
https://www.w3.org/TR/2019/CR-payment-request-20190416/
associated <a href= 'https://lists.w3.org/Archives/Member/member-cfe/2017Sep/0006.html'> Call for Exclusion on 14 September 2017 16 April 2019 ended on 13 November 2017 15 June 2019
Produced under Working Group Charter: /Payments/WG/charter-201510.html https://www.w3.org/Payments/WG/charter-201803.html -
Payment
Method
Identifiers
Latest publication: <a href= 'https://www.w3.org/TR/2017/CR-payment-method-id-20170914/'> 14 05 September 2017 2019 -
Reference
Draft:
https://www.w3.org/TR/2017/CR-payment-method-id-20170914/
associated Call for Exclusion on 14 September 2017 ended on 13 November 2017
Produced under Working Group Charter: /Payments/WG/charter-201510.html http://www.w3.org/Payments/WG/charter-201510.html
<dt id="1330" class='spec'>
<a href='https://www.w3.org/TR/webpayments-http-messages/' rel= 'versionof'>
Web
Payments
HTTP
Messages
1.0
-
Payment
Handler
API
Latest publication: <a href= 'https://www.w3.org/TR/2016/WD-webpayments-http-messages-20160915/'> 15 24 September 2016 2019 -
Reference
Draft:
<a href= 'https://www.w3.org/TR/2016/WD-webpayments-http-messages-20160915/'>
https://www.w3.org/TR/2016/WD-webpayments-http-messages-20160915/
https://www.w3.org/TR/2017/WD-payment-handler-20170518/
associated <a href= 'https://lists.w3.org/Archives/Member/member-cfe/2016Sep/0008.html'> Call for Exclusion on 16 September 2016 18 May 2017 ended on 12 February 15 October 2017
Produced under Working Group Charter: /Payments/WG/charter-201510.html http://www.w3.org/Payments/WG/charter-201510.html
<dt id="1363" class='spec'>
<a href='https://www.w3.org/TR/payment-handler/' rel= 'versionof'>
-
Payment
Handler
API
Method
Manifest
Latest publication: <a href= 'https://www.w3.org/TR/2017/WD-payment-handler-20171129/'> 29 November 12 December 2017 -
Reference
Draft:
<a href= 'https://www.w3.org/TR/2017/WD-payment-handler-20170518/'>
https://www.w3.org/TR/2017/WD-payment-handler-20170518/
https://www.w3.org/TR/2017/WD-payment-method-manifest-20171212/
associated <a href= 'https://lists.w3.org/Archives/Member/member-cfe/2017May/0007.html'> Call for Exclusion on 18 May 12 December 2017 ended on 15 October 2017 11 May 2018
Produced under Working Group Charter: /Payments/WG/charter-201510.html http://www.w3.org/Payments/WG/charter-201510.html
Adrian Hope-Bailie, Ian Jacobs, Nick Telford-Reed
Copyright © 2018 2019 W3C ® ( MIT , ERCIM , Keio , Beihang ), All Rights Reserved.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
$Date: 2018/03/09 13:38:32 2019/11/08 14:33:29 $