Abstract

This document is a prioritized list of Web payments use cases. Guided by these use cases, the W3C Web Payments Interest Group plans to derive architecture and associated technology requirements to integrate payments into the Open Web Platform. That work will form the basis of conversations with W3C groups and the broader payments industry about what standards (from W3C or other organizations) will be necessary to fulfill the use cases and make payments over the Web easier and more secure.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

The Web Payments Interest Group has closed. W3C has discontinued work on this document.

Please consult the Web Commerce Interest Group and Web Payments Working Group for ongoing discussions of payments use cases.

This document was published by the Web Payments Interest Group as a Working Draft. For comments regarding this document, please see the archives of the Web Payments Interest Group.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 August 2014 W3C Process Document.

Table of Contents

1. Introduction

ECommerce is thriving and continues to expand. However, fragmentation of payment systems is limiting the growth potential as are problems — both real and perceived — such as fraud and usability.

Because the Web is ubiquitous, strengthening support for Web payments has the potential to create new opportunities for businesses and customers. Mobile devices are already transforming the industry by supplanting physical payment cards in proximity payments, voucher distribution, and identification when people authenticate to a scanner, point of sale, or access gate. Although we are seeing innovation in mobile payment systems, the lack of standards makes it more difficult to adapt to new payment approaches or integrate new payment providers.

The W3C Web Payments Interest Group is developing a roadmap for standards to improve the interoperability of payments using Web technologies for both online and brick-and-mortar (offline) scenarios. This will help achieve greater interoperability among merchants and their customers, payment providers, software vendors, mobile operators, native mobile apps, and payment networks. The roadmap will include payment schemes in use today (such as electronic checks, credit cards, direct debit, and cryptocurrencies) and those of the future. The roadmap will be derived from the use cases listed below.

1.1 Why This Work is Important

The Web Payments work is not just about making payments easier, faster, more secure, and more innovative. There are many people around the world that today's financial system does not reach. These people are called the world's unbanked (or underbanked). The unbanked often live paycheck to paycheck, do not have access to savings accounts or low-fee check cashing services, lines of credit, or a way of saving for their future. Being unable to plan for one's financial future often results in a focus on the short-term, which creates a vicious cycle of not being able to escape one's situation. Not being able to participate in the financial system creates unintended inequities that create waste and result in a net loss for society.

However, some of the shortcomings of today's financial system could be addressed via technological improvements. For example, there is a considerable overlap between the unbanked and underbanked population and access to advanced mobile phones and the Web. By providing financial services to people with mobile phones in a standardized way via the Web, we could see an improvement in the financial health of these individuals and their families.

Extending the current financial system to reach further helps an ever increasing number of people plan for their future, focus on the long-term, and thus contributes to a greater net gain for society.

1.2 Relationship to Other Documents

This document is one part of a greater body of work around Web Payments that the Web Payments Interest Group at W3C is producing. These other documents include:

1.3 How this Document is Organized

This document is organized as follows:

Each use case has:

Each use case may also have notes on:

Issue 1

The group seeks input from security, privacy, and accessibility experts. Examples of desired groups to perform these reviews are, but are not limited to: W3C Privacy Interest Group, W3C Security Interest Group, W3C Web Accessibility Initiative and Protocols and Formats Working Group, US Federal Reserve Security Panels, X9 Security subgroups, and ISO security subgroups.

Note

All character names appearing in this document are fictitious. Any resemblance to real persons, living or dead, is purely coincidental. Some organizations, products, and services appearing in this document are real and are included purely for pedagogic purposes and don't imply endorsement or approval of the Web Payments work in any way, shape, or form. For all other organizations, products, or services appearing in this document, any resemblance to real entities is purely coincidental.

2. Terminology

This document attempts to communicate the concepts outlined in the Web Payments space by using specific terms to discuss particular concepts. This terminology is included below and linked to throughout the document to aid the reader:

entity
A person, organization, or software agent that is capable of interacting with the world.
four corner model
A payment scheme which includes the following stakeholders: the payer (also known as the Cardholder), the Issuer (who has a relationship with the Cardholder), the Acceptor and the Acquirer (which has a relationship with the Acceptor). The payment scheme defines the rules which apply to all parties; there are no limitations as to who may join the scheme, as long as the requirements of the scheme are met.
payee
An entity that receives funds as required by a transaction.
payer
An entity that provides a source of funds as required by a transaction.
payment instrument
A mechanism used to transfer value from a payer to a payee. Examples: Corporate Visa card, personal Visa card, a bitcoin account, a PayPal account, and an Alipay account. [PSD2] any personalized device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order. [ECB] a tool or a set of procedures enabling the transfer of funds from a payer to a payee.
payment processor
An entity that submits and processes payments using a particular payment instrument to a payment network. Examples: Stripe, PayPal, Authorize.net, Atos, FedACH.
payment scheme
Sets of rules and technical standards for the execution of payment transactions that have to be followed by adhering entities (payment processors, payers and payees). Examples: Visa, MasterCard, Bitcoin, Ripple, PayPal, Google Pay, Alipay, Yandex money, ACH, SEPA. [ECB] a set of interbank rules, practices and standards necessary for the functioning of payment services.
payee-initiated payment
Also known as a pull payment, a type of transaction where the payee initiates the funds transfer from the payee. A credit card payment is an example of a pull payment.
purchase
Activities surrounding and including a transaction (e.g., discovery of an offer, negotiation of terms, selection of payment instrument, delivery, etc.).
payer-initiated payment
Also known as a push payment, a type of transaction where the payer initiates the funds transfer to the payee. PayPal is an example of a push payment.
transaction
An economic exchange between a payer and one or more payees. An agreement, communication, or movement carried out between a buyer and a seller to exchange an asset for payment.
transfer order
[ECB] an order or message requesting the transfer of assets (e.g. funds, securities, other financial instruments or commodities) from the debtor to the creditor.

3. An Overview of the Payment Phases

There are many types of transactions in the world of payments, including person-to-business, business-to-business, business-to-person, government-to-person, person-to-government, and person-to-person. In this document we focus on the interactions between a payer and a payee, either of which could be a person, business, government, or software agent), which we organize into four phases:

Issue 2

The group would like feedback related to the general structure of the payment phases from individuals that worked on ISO20022, ISO12812, the European Payment Commission, and various X9 documents to ensure that the phases reflect business processes outlined in financial standardization initiatives. Feedback from the general public is also requested to see if non-payment professionals can navigate and understand the document without prior payment industry knowledge.

  1. Negotiation of Payment Terms
  2. Negotiation of Payment Instruments
  3. Payment Processing
  4. Delivery of Product/Receipt and Refunds

The descriptions below only discuss the interactions between the payer and the payee. We do not expose the low-level exchanges between banks, card associations, or other back-end "payment clearing" parties in a transaction. Those details will be discussed in the Interest Group's work on architecture and requirements.

Each phase below consists of a series of steps. The details of each step vary by payment scheme. Some steps may not be relevant at certain times (e.g., depending on payment scheme or transaction specifics). For example, some purchases do not involve a proof of funds or proof of hold. ACH and SEPA payment schemes generally do not support the verification of available funds, thus in these payment schemes the particular proof of funds step is skipped. In some cases, steps may happen in a slightly different order than described below.

It is also important to note that these phases and steps may be interrupted at various times (e.g., one party drops out, or exceptions occur like insufficient funds or a regulatory block). While these phases are an approximation of the general flow of all payments, they are helpful in structuring the use cases such that it is easy to figure out to which part of the payment process a particular use case belongs.

While these four phases may apply more or less well to a variety of other payment scenarios such as person-to-person payments, those topics are not the current focus of the group. We plan to address them directly in future work.

3.1 Negotiation of Payment Terms

In the first phase of the payment process, the payer and the payee negotiate the terms of the payment.

3.2 Negotiation of Payment Instruments

In the second phase of the payment process, payer and payee determine which payment instruments the payer will use to transfer funds to the payee.

3.3 Payment Processing

The third phase of the payment process is used to initiate the transfer of funds. Depending on the payment instrument, the transfer of funds may be verified immediately or only after several days.

3.4 Delivery of Product/Receipt and Refunds

In the fourth phase of the payment process, the transaction is completed by providing the payer with a receipt and/or the product that was purchased.

4. A Simple Example of the Payment Phases

The following scenario is provided to aid the reader in understanding how the phases of the payment process apply to a real world situation. In this scenario, we follow Jill, who seeks a new outfit for a party. She selects items from PayToParty, which is a brick-and-mortar store with an online presence. She chooses how to pay and the items are delivered to her home on the following day.

See the appendix for additional examples of the payment phases.

Issue 3

General feedback is requested on whether this section is helpful. We are attempting to ground the payment phases and steps in a real world use case. An alternative would be removing this section entirely if the preceding section suffices, or moving this narrative to section 7 with the other examples.

4.1 Negotiation of Purchase Terms

4.2 Negotiation of Payment Instruments

4.3 Payment Processing

4.4 Delivery of Product/Receipt and Refunds

5. Assumptions

The use cases below rely on a number of assumptions that are not detailed in the use cases but that will be explored in more detail in the architecture and requirements documents.

6. Use Cases

This section examines the phases of payment, and the steps involved in each phase, through a variety of use cases. The purpose of this section is to elaborate on the variety of scenarios present in each step of the payment process.

Issue 4

General feedback is requested related to the general structure of the use case snippets below. Are they focused enough to convey each topic listed? Is there information that should be added to each use case in general? Would more elaborate use cases be helpful? Would an attempt to minimize each existing use further be helpful in scanning the document more quickly?

6.1 Negotiation of Payment Terms

6.1.1 Discovery of Offer

Website
Penny uses the HobbyCo website to select a $15 model train for purchase.
Roadmap phase
1
Motivation
A human being seeing a visual offer of sale on a website is the most common way offers are discovered on the Web today (2015).
Point of Sale Kiosk
Cory shops for groceries at his local ChowMart, scans his loyalty card and all of the items he wants to purchase at the automated kiosk, requests a cash back amount, and is presented with a total amount.
Roadmap phase
Uncategorized
Motivation
Unifying point of sale interaction w/ the Web Payments architecture is vital for the success of this work.
Accessibility
At present kiosks are rarely accessible to blind people, people with low vision, people who use wheelchairs, or people with restricted mobility that makes touch interaction difficult or impossible. They don’t tend to offer speech output, any ability to zoom or customise colours, may be difficult to reach from a wheelchair/sitting position, and do not accept voice commands. Enabling as much of the payment interaction to move to a customer-held device with accessibility features would help alleviate a number of barriers that exist today.
Privacy
Cory should exercise control over how much he wants the merchant to be able to track his activities. Programs like loyalty cards will likely involve agreement to more data with the merchant.
Making kiosks that are used for financial transactions accessible introduces several challenges. Speech output may be overheard by people nearby, increased text size and/or visibility of content may make it easier for other people to read, and voice commands may also be overheard.
Mobile
A mobile device can be used to discover an offer in a variety of ways:
  • Hani takes a taxi from the airport to his hotel. The taxi driver displays the total with his mobile device. Hani and the taxi driver touch their mobile devices to each other. The total appears on Hani's mobile device.
  • There is a Quick Response Code (QR Code) printed on the bottom of a cup that Donna wants to buy. Donna uses her mobile phone app to capture the QR Code, view the price of the item, and add it to the list of items that she is buying from the store.
Roadmap phase
Uncategorized
Motivation
Unifying the way proximity mobile offers work with the Web Payments architecture would help ensure ubiquity.
Accessibility
An auditory cue notifying people that have low vision or are blind that a payment offer/invoice is awaiting their response as well as providing guidance on how close their payment device is to the payment terminal would be helpful.
Exceptions
No mobile phone connectivity (e.g. visiting a different country or trip occurs outside the range of a mobile network).
Freemium
Chaoxiang plays his favorite native app game and wants to upgrade his avatar with a few extra "power-ups". Clicking on a power-up displays the price.
Roadmap phase
Uncategorized
Motivation
Many of the very successful games these days run on the freemium model, but are tied to specific app stores. Providing an app-store agnostic mechanism to pay for items in freemium games would give players and developers more choices.
Email
A GroupBuyCo customer receives an offer by email to purchase the deal of the day.
Roadmap phase
Uncategorized
Motivation
Unifying how people initiate payments from email, at a point of sale, and via a Web site will help ensure the ubiquity of the Web payment technology platform.
Privacy / Security
It is important to recognize that initiating a payment from within an email application could lead to a wholly new category of phishing/fraud.
Hold Funds
Renne checks into a hotel and is asked for a deposit for any damages to the room.
Roadmap phase
Uncategorized
Motivation
Some transactions, such as a hold of funds, do not always reach completion and are primarily used to protect the payee from negligence on the part of the payer (e.g., such as a payer damaging a hotel room).
Exceptions
Software acting on the payer's behalf may keep track of exactly how much money the payer has available and not allow them to process the offer.
Pre-authorization
Krishna pulls up to a pump at a petrol station. His in-vehicle application recognizes the station location and the pump. The pump communicates which fuels it has and their price in an offer. Krishna's car asks if he wants to approve a fill up for up to €35.
Roadmap phase
Uncategorized
Motivation
Some offers are not aware of the final price but would rather set limits on the amount of the purchase before a particular metered good or service is delivered.
Privacy
Due to the sensitivity of location data, individuals should be able to make small fuel purchases in a way that respects their privacy.
Security
Automated purchases (e.g,. by a vehicle) may involve increased logging and security (e.g., a second factor of authentication).
Regulatory
If a pre-authorization is initiated by a software agent (such as a vehicle) due to a payer's negligence, the regulatory environment may assert that the software manufacturer is liable if the proper consent notifications were not displayed when the pre-authorization rule was activated.
Machine Readability
BigBoxCo expresses their entire product catalog online as machine-readable information so that SearchCo may index their content more easily and direct more customer traffic to BigBoxCo's website.
Roadmap phase
Uncategorized
Motivation
Machine-readable offers will have a direct positive impact on store sales if they are indexed by search engines.
Live Market Prices
EnergyCo lists barrels of refined oil for sale on their website based on an algorithm that uses the cost of coal and crude oil as inputs. EnergyCo guarantees their prices for up to 24 hours from the posting date.
Roadmap phase
Uncategorized
Motivation
The ability to express a non-repudiable offer as the basis of a legally enforceable contract will reduce transaction friction.
Regulatory
Listing inaccurate prices or not honoring prices could be prosecuted under certain regulatory regimes.
Trialware
Amantha downloads the latest version of her favorite game and beats the first level. The game asks her if she'd like to buy the full game to play further levels.
Roadmap phase
Uncategorized
Motivation
There is a fairly large trialware industry that could benefit from a simple way of executing a payment without requiring redirection to another site to enter account and payment details.
In-vehicle
Jeff listens to a lot of music on the way to work. The music station serves a digital offer along with the music stream. This enables Jeff to easily buy music that he really likes.
Roadmap phase
Uncategorized
Motivation
Car manufacturers and the entertainment industry may be interested in extending their sales channels into vehicles.
Accessibility
For safety reasons, the interface used to interact with the digital offer must not lead to an increase in vehicle accidents.
Regulatory
It may be illegal to provide services such as this if the vehicle is in motion or if it requires the driver to look away from the road.
Memorable Ids
Vern sends money to his friend Milena by typing in Milena's mobile phone number and the amount he wants to send.
Roadmap phase
Uncategorized
Motivation
Some countries, like the United Kingdom, maintain registries that map memorable identifiers like mobile phone numbers to bank accounts. These memorable payment identifiers can be used to transmit money from person to person using direct bank to bank transfers.

6.1.2 Agreement on Terms

One-time Payment
Jamie wishes to pay for a single article from a market analyst.
Roadmap phase
1
Motivation
It should be clear to a payer whether a purchase is one-time or recurring, prior to initiation of the payment.
Registration-less
Some payees would rather not require a payer to register at their site before initiating a purchase:
  • Sven wants to view a pay to read article and does so without needing to pre-register with the website.
  • Reiko finds a blowtorch for sale at a local digital resale website and places money into escrow without needing to register with the website.
  • Olaseni is listening to music in a local coffee shop and likes a song he hears. He initiates a purchase of the song from the local "music beacon" without needing to register with the coffee shop or the music service.
Roadmap phase
1
Motivation
There are a large number of "paywall" websites on the Web that require a customer to register before they may use the website. In many cases, if the site isn't regularly visited by the customer, they abandon the transaction when they see the paywall requirement. Providing a mechanism to sell an inexpensive item to a customer without requiring registration would be of great benefit to not only the merchants selling goods and services, but customers that would like to avoid lengthy registration processes.
Accessibility
People who are on the Autistic spectrum may require trust with the merchant to be established through a more formal means to prevent distress and abandonment of the transaction.
Subscription
Larissa subscribes to a site that provides a monthly analysis of the world of finance.
Roadmap phase
1 (if time permits)
Motivation
Payers should be able to understand if a particular purchase is a recurring payment prior to initiating the payment.
Regulatory
Some regulations may require that subscriptions should be automatically canceled after the subscription time span unless explicitly renewed by a payer.
Credentials
At times it is necessary to transmit personally identifiable information (e.g., about a qualification, achievement, personal quality, aspect of an entity's background, or verifiable statement by an entity about another entity) in order to be cleared to make a purchase:
  • PharmCo will only sell regulated drugs to someone with proof of an active pharmacist's license.
  • WineCo will only sell wine to someone with proof of being over the age of 21.
  • BoomCo will only ship industrial explosives to a business that can provide evidence of construction permits, a contractor's license, and an explosives handling license.
  • HomeLoanCo will not finalize a quote for a home mortgage without a credit score report and an audited finances report.
Roadmap phase
Uncategorized
Motivation
There are certain types of purchases that cannot be initiated without a proper set of credentials. While this isn't fundamental to the payment process, it is an integral part of some transaction processes.
Privacy / Security
It is important that people retain control over when and how their credentials are shared.
Regulatory
There are a large number of regulations covering the collection, storage, and usage of personally identifiable information. Any system designed to transmit or collect credentials must conform to all local and federal regulations related to identity and privacy.
Exceptions
A transaction may fail if a required credential is not available.
Privacy Protection
Tibor orders chocolates from CandyCo. CandyCo requests Tibor's tokenized shipping address to send him the candy. With Tibor's authorization, his payment software transmits a tokenized shipping address to BoomCo that the shipper can decipher. Tibor's privacy is protected from the candy store, which did not require any personally identifying information to complete the transaction.
Roadmap phase
Uncategorized
Motivation
Certain low-value transactions shouldn't require the payer to divulge personal information that is not necessary to complete the transaction.
Privacy
Non-essential, personally identifiable data should be anonymized and protected throughout the process.
Need to Know
PayCo, a payment processor, is required to keep a certain amount of information on their customers for anti-money laundering / know your customer regulatory purposes. When a payer performs a transaction with a payee, PayCo would like to reduce the amount of information that's transmitted to the payee while ensuring that PayCo complies with regulations.
Roadmap phase
Uncategorized
Motivation
There are types of information, such as personally identifiable information, that payees do not need to know for some transactions. Limiting sensitive information to be transmitted to entities involved in a payment on a purely need-to-know basis increases security while ensuring regulatory compliance.
Invoices
There are a large variety of invoices that are used in the world:
  • Sunan goes to SuperVoices to download a voiceover that he commissioned for his new pet sitting service. SuperVoices generates a detailed invoice for the service and provides it to Sunan.
  • João is given an electronic Boleto by a technology website to pay for a new laptop.
Roadmap phase
Uncategorized
Motivation
For certain payment schemes, the payer will have to provide the payment service with a detailed digital invoice from the payee in order to initiate payment to the payee.
Full Disclosure
Marge wishes to renew her passport online which requires transmission of a fee and a great deal of information about her real-world identity.
Roadmap phase
Uncategorized
Motivation
Some transactions will require very sensitive personally identifiable information to be transmitted by the payer.
Privacy / Security
We must ensure adequate security for these highly sensitive transactions to reduce the likelihood of phishing attacks.

6.1.3 Application of Marketing Elements

Coupons
JustPopcorn sends Marco a special discount offer given Marco's past purchases. The offer takes the form of a coupon that may be applied during payment.
Roadmap phase
Uncategorized
Motivation
Providing a mechanism to apply digital coupons before a payment is initiated helps price-conscious customers as well as merchants attempting to research price sensitivity.
Loyalty Cards
Terry uses his FoodCo loyalty card when purchasing his weekly groceries, which gives him a discount on gas purchases performed at the FoodCo gas station.
Roadmap phase
Uncategorized
Motivation
Loyalty cards may be used at multiple locations to effect the price of a particular good.
Store Credit
When Fjörleif arrives as the self-checkout kiosk, she scans five dress shirts and two new pairs of dress pants. The kiosk mentions that Fjörleif could save 15% off of her purchase if she makes the purchase using store credit. She accepts the offer and a new store credit card is placed in her payment application on her mobile phone.
Roadmap phase
Uncategorized
Motivation
Merchants often provide discounts to customers if they sign up for a store-specific line of credit.

6.2 Negotiation of Payment Instruments

6.2.1 Discovery of Accepted Schemes

Ubiquitous Schemes
A game store Web site accepts payment via credit card, e-check, and operator billing.
Roadmap phase
1
Motivation
Ubiquitous payment schemes should be supported without changes to how the schemes or payment instruments operate.
Regulatory
Often payment schemes have their own internal regulations as well as regulations at the local and federal level that cover the usage of the scheme.
Emerging Schemes
CrowdFundCo supports Bitcoin, Ripple, Google Wallet, and PayPal.
Roadmap phase
Uncategorized
Motivation
The same mechanism used to support existing payment schemes should also support emerging payment schemes.

6.2.2 Selection of Payment Instruments

Discovery
Yanos has a multiple digital wallets: one on his mobile phone, two in the cloud (but on different websites), and one on his smart watch. Each one has a credit card that he may want to use for a credit card-based purchase.
Roadmap phase
1
Motivation
A payer will most likely use multiple digital wallets over time. It is important to ensure that the wallets that they use are presented to them in a consistent manner across devices. The amount of wallet/payment instrument discovery flexibility that phase 1 should support is currently unknown.
Accessibility
The consistent presentation of digital wallet interfaces also includes consistent accessibility hints that are exposed in an interoperable fashion so that devices that are accessability-aware can easily integrate with the transaction process.
Privacy / Security
Discovery of digital wallets must be done in such a way as to ensure privacy protection.
Payer Privacy
We anticipate a range of privacy scenarios:
  • Lucio sends information about instruments he is willing to use to TrustedMerchant, who provides a discount for access to his information.
  • Carla does not want to share information about the payment instruments she uses with any merchants, so that information is not shared with any online merchants.
Roadmap phase
1
Motivation
Sharing or protecting data on the sorts of payment instruments available to a payer should be a decision made by the payer.
Privacy / Security
The types of payment instruments available to a payer could be used to digitally fingerprint a payer even if they were using an pseudo-anonymous payment mechanism. Merchants and payees may be legally obligated to protect this kind of payer payment information.
Manual Selection
In many cases, the payer will select a payment instrument manually:
  • Marie has credit cards from three different institutions: one for work (from BankA), one personal card (from BankB), and one retail card (from PayCo). She wants to choose the right one depending on the context of her purchase.
  • Claire has one debit card and multiple credit cards from the same bank.
  • Veronique wants to use a cryptocurrency in some cases (e.g., peer-to-peer payments).
  • Seth participates in a loyalty program with his local grocery store and can apply a variety of digital coupons when he visits the store. Is a loyalty card a payment instrument, or a credential?
  • David wants to be able to manually arrange available payment instruments when they are presented to him. Why does this need to be standardized? Isn't this just a part of the wallet UI?
  • Fergus wants to pay for a meal using two different payment instruments: cash and a company credit card. He'd like to pay $20.24 with the company credit card and provide a $5 tip with digital cash.
Roadmap phase
1
Motivation
There are scenarios, such as the first interaction/use of a payment instrument, where selection of the payment instrument won't be able to be performed automatically.
Automatic Selection
When a payer's personal preferences are known, it becomes possible to make selections for them automatically.
  • Jonny's payment software on his smart watch chooses the payment instrument that will provide him with the biggest cost savings for each purchase he makes throughout the week.
  • PayCo wants Elizabeth to know that if she pays with the debit card preferred by PayCo (because of a lower transaction fee for PayCo), she will benefit from a discount.
  • Whenever Mary shops at BigFreshGrocery she uses the same credit card. She wants payment to happen automatically with that card when she puts her phone near the checkout terminal as well as when purchasing groceries online from BigFreshGrocery.
  • Lalana does not like to scroll. She wants the instruments she uses most often to appear at top of the displayed list of available payment instruments.
Roadmap phase
Uncategorized
Motivation
Payment solutions providers can make payments easier and faster through automation.

6.2.3 Authentication to Access Instruments

Password Auth
When Suresh attempts to pay online, he is asked for a username and password by his payment service provider before the payment is approved.
Roadmap phase
1
Motivation
The most common mechanism for protecting access to payment instruments on the Web in 2015 is the use of a username and password.
Multi-Factor
We anticipate a range of authentication scenarios, leveraging a wide variety of approaches and device capabilities:
  • When Ian selects his debit card, he is prompted for a PIN.
  • Horace presses the biometric fingerprint reader on his phone to authorize a purchase.
  • An authentication code is sent to Tony's mobile phone as a text message to ensure that he is the one that initiated the payment. Once he enters the authentication code, the payment proceeds.
  • Wes has configured his debit card to require a fingerprint scan from his mobile device and a Universal Two Factor (U2F) device to be used when performing a purchase over $1,000.
  • Frederic taps his phone at the grocery store to pay, and BankA sends him a one-time password (OTP) on his mobile phone that he enters using a keypad at the checkout counter.
  • Nadia's bank asks her to use her two-factor authentication device and at least one of their in-branch retinal scanners or palm-vein readers before she is allowed to withdraw $25,000.
Roadmap phase
1
Motivation
The payments architecture should support the authentication devices available today for multi-factor authentication, as well as those of the future.
Accessibility
Not everyone can provide fingerprints or detailed iris scans. Therefore, it is important to offer multiple forms of biometric verification to improve accessibility in addition to providing alternatives to biometric verification, such as strong two-factor verification.
KYC
A number of Know Your Customer (KYC) requirements must be met when a financial service provider authorizes access to a particular payment instrument:
  • BigBank performs KYC clearing on a continuous basis to ensure that their customers are properly vetted before participating in financial transactions.
  • Multigen, a wealth management company, must ensure that their customer's are accredited investors before allowing them to directly manage certain investments in their account.
  • The Central Bank of Pakistan enables independent mobile resellers to perform minimal thumbprint-based KYC clearing in remote regions of the country.
  • Pharmaxis, a medical drug reseller, requires that a customer is licensed to practice medicine and write prescriptions for Class 2 medications (highly addictive drugs with a known medical use) before a purchase is allowed to proceed.
  • Dr. Kubo provides a set of explosives expert KYC credentials at the time of transaction to meet transaction requirements managed by the financial institution and merchant.
Roadmap phase
Uncategorized
Motivation
Authorization to access an instrument depends on more than just authenticating with the payment service provider, it may also require the payee to have other provable qualities before the transaction can proceed.
Regulation
In many countries, a variety of regulations exist that require merchants and financial service providers to prove that they have vetted their customers before allowing a transaction to proceed.
AML
Financial service providers, and some merchants, are required to adhere to Anti-Money Laundering (AML) regulations by blocking transactions involving known bad actors or by reporting suspicious activity related to financial transactions:
  • Corresponda Bank's AML system notices an outgoing payment to an account listed as frozen by FinCEN and prevents the payment from proceeding.
  • FasterPay, a payment service provider, notices tens of thousands of small transactions flowing from high-risk foreign accounts into a previously dormant domestic account and automatically files a Suspicious Activity Report.
  • Eastern Group, an international remittance system, verifies that both the sender and a recipient of an international remittance are not on a watch list and have known accounts at the source and destination of funds before authorizing the transaction.
  • The Flamingo, a casino, automatically files a Currency Transaction Report when one of its systems detects a customer withdrawing over $10,000 USD in winnings over the course of a day.
Roadmap phase
Uncategorized
Motivation
Financial service providers, and some merchants, are required to adhere to Anti-Money Laundering (AML) regulations by reporting suspicious activity related to financial transactions or by blocking transactions involving known bad actors.
Exceptions
If a payee detects that a payer is on an applicable blacklist, the transaction must not proceed.
Biometric
In current online and offline payment transactions, biometric authentication can be used instead of password-based authentication:
  • John registers his fingerprint with his payment provider so that he can just use a fingerprint to pay for low-value items.
  • Ruba registers her voiceprint and face with her payment provider for use in transactions greater than $1,000.
  • Rico buys a $5,000 car for his daughter through an online dealership. His payment processor requires a password plus two forms of biometric identification. Rico doesn't have hands, so he uses a face and iris scan to perform the authentication.
Roadmap phase
Uncategorized
Motivation
Biometrics can be utilized on point of sale terminals, mobile, and wearable devices. Web payment systems based on biometrics could achieve more reliable information security and convenience. Some forms of biometric authentication, like facial recognition, can also be used to augment password-based authentication mechanisms.
Security / Privacy
  • An individual's privacy should be protected when performing any sort of biometric authentication.
  • Important data, such as the fingerprint template and private key, and sensitive code should be stored and executed in a Trusted Execution Environment (TEE).
  • The fingerprint authentication protocol, which is capable of transmitting a proof of fingerprint authentication credential, should not contain any personal fingerprint data.
Accessibility
Not everyone can provide fingerprints or detailed iris scans. Therefore, it is important to offer multiple forms of biometric verification to improve accessibility in addition to providing alternatives to biometric verification, such as strong two-factor verification.
Risk Monitoring
Gao's payment processor service continuously monitor's his daily spending limit, daily withdrawal limit, and typical spending behavior and alerts him when a suspicious payment has been requested.
Roadmap phase
Uncategorized
Motivation
As financial services have moved online, the number of Internet-based attacks on payer financial accounts have increased. One way to protect against these sorts of attacks is to perform continous risk monitoring.
Joint Accounts
ArcheryCorp's manufacturing division has a joint expense account that is shared among multiple employees to make purchases. The account is protected by an access control list as well as limits on the amount that each employee can spend without authorization by management.
Roadmap phase
Uncategorized
Motivation
There are many types of accounts that are accessed via different payment instruments that can be shared in an organization. Access to the accounts are typically protected by one or more sets of authorization rules.

6.3 Payment Processing

6.3.1 Initiation of Processing

Note

Before subjecting a person or organization to any financial transaction commitment (such as a web payment), they should be presented with the option of reversing, checking, or confirming their choice or submission. It should also be noted that this does not preclude certain transaction operations from being automated once they have been authorized by an entity. For more details, see the section on Error Prevention (Legal, Financial, Data) in [WCAG20].

Payee-initiated
Some payments are initiated by the payee:
  • Richard choses to pay using a credit card at FlowerFriends. FlowerFriends initiates payment processing using their payment processor to contact the acquiring bank that handles credit card payments for FlowerFriends.
  • Pitir has authorized RentSeekers to pull money out of his bank account on a monthly basis in order to pay his rent. RentSeekers initiates a payment using the ACH network to pull money from Pitir's bank account.
  • Fiona shows a QR Code, which contains her payment details, to a cashier when she is checking out. The cashier scans the QR Code and initiates a payment using the details in the QR Code.
Roadmap phase
1
Motivation
Payee-initiated payments, also known as "pull payments" or "four corner model payments", are widely deployed and utilized today.
Privacy / Security
One of the biggest security flaws of payee-initiated payments is that all the information necessary to initiate a transaction from the payer's financial account is typically transmitted to the payee. For example, credit card information along with expiration date, name, and CVV2 code are transmitted and could be intercepted by rogue software running on the payer's servers. Special attention should be paid to ensuring that this risky security model isn't supported by a Web Payments solution. For example, at a minimum, credit card tokenization such as EMVCo's solution should be supported alongside other tokenization solutions.
Payer-initiated
Some payments are initiated by the payer:
  • Once Sally has signed into PayPal to pay, PayPal initiates payment processing.
  • Joakim uses his Bitcoin wallet to send money to his friend.
  • Carson (in New York City) sends money to Vladimir (in Moscow) using his Ripple client, which converts the currency from US Dollars to Rubels in transit.
Roadmap phase
1
Motivation
Payer-initiated payments, also known as "push payments", "three corner model payments", or "peer-to-peer payments", are fundamentally more secure as no information is given to the payee that would allow them or an attacker to replay the transaction for a different amount or to a different payee at a later date.
Regulatory
There are a number of regulations that cover the protection of confidential customer data both from a payment scheme perspective as well as a federal level.

6.3.2 Verification of Available Funds

Hold Verification
Renne checks into a hotel and is asked for a deposit for any damages to the room. She uses her phone to provide a proof-of-hold until she checks out of the hotel, at which time the hold on her funds will be released.
Roadmap phase
Uncategorized
Motivation
Delivering services or products that are difficult to "undo," such as performing an oil change, dispensing fuel, or renting a car or hotel room are examples of situations which may require a two-part transaction.
Funds Verification
When Mario wishes to purchase a race car through the manufacturer, the company that makes the car requires a proof of funds from Mario's bank in order for the customization of the car to proceed.
Roadmap phase
Uncategorized
Motivation
A payee may want to limit access to certain services to only those who they know can afford the good or service because the act of providing an acceptable level of service to the payee during the pre-sale phase may be costly.

6.3.3 Authorization of Transfer

Proofs
Goods and services may be released at different times depending on the type of transaction being performed:
  • Sung-hyun provides a proof of initiation of funds transfer to get access to an online streaming music service.
  • Zhang Wei orders 10 large boxes of envelopes from an online shop in Tianjin. He uses an escrow service to provide a proof of escrow to the online shop in order to get them to initiate the shipment.
  • To protect Tibor's privacy when he purchases candy online, the store asks only for Tibor's verified shipping address and a proof of payment to send him the chocolates.
  • RockinRadio, SmoothSounds, and classicallyClassic are independent, specialized music streaming services. They accept proof of purchase from each other to provide a track that is in their online streaming catalogue even if it was originally bought from another provider.
Roadmap phase
1
Motivation
At times, it is safe to release a good when the payment network acknowledges that the funds are on their way. At other times, it's not safe to release a good or service until it has been proven that the funds are sitting in the payee's financial account.
Exceptions
If a particular expected proof is not provided, the transaction will most likely fail or transition into an alternate path.

6.3.4 Completion of Transfer

Variation of Delay
When a transaction occurs, the time it takes to transmit and receive funds often vary according to the payment scheme:
  • Eman uses a credit card to buy some gifts for her parents. The shop has access to the funds in three days.
  • Frank uses an electronic check to pay his rent. The rental agency has access to the funds in 7 days.
  • Felicity has chosen Bitcoin to pay for glasses online. The store that sells the glasses has almost guaranteed access to the funds within 15 minutes.
  • Vanessa uses Ripple to purchase a new work outfit in US Dollars. Funds in Euros are available to OnlineWorkClothes within a few minutes.
Roadmap phase
Uncategorized
Exceptions
If the funds are sent but never received, then the payee will select a recourse mechanism that is included in the last transaction message.
Escrow
There are a number of considerations when providing escrow services to both payers and payees:
  • Jack has established an online store on a trusted third party website to sell pants. Mary wants to buy a pair of pants from Jack's online store. Mary doesn't trust Jack because she has never met him nor has she done business with him before. Jack doesn't trust Mary because he doesn't know if he will be paid after shipping the pants to Mary. Mary makes a purchase, selecting to put her money in escrow at the trusted third party. Jack is notified that the funds have been received by the trusted third party. Jack sends the pants to Mary via Express Mail. When Mary gets the pants, she will tell the trusted third party and they will move the funds to Jack's account.
  • Escrow services in China sometimes provide a virtual financial account to payers. Money is typically transferred from the payer's bank account to the escrow service provider's bank to hold, but where the funds are still legally owned by the payer. When Hung transfers funds to an escrow service provider, his rights and responsibilities are exchanged with the escrow service provider at the same time as well as how various parties involved with the account can access and use the funds.
Roadmap phase
Uncategorized
Motivation
A trusted third party is typically helpful for non-instant transactions where neither the payer or the payee have an existing relationship. A trusted third party protects the payer by ensuring that the payee has been vetted and by guaranteeing product or a refund. The trusted third party protects the payee by ensuring that funds from the payer have been verified before releasing the product to them.
Regulatory
The use of money held in escrow accounts by the escrow service provider is covered by a number of consumer protection laws that restrict what the escrow service provider can do with the money. Expressing these restrictions in a way that enhances interoperability is desirable.
Notifications
Gavin sends an electronic check to WaveMart. WaveMart receives a notification that payment has been initiated almost immediately. Four days later, WaveMart receives a notification from their bank that payment has been received.
Roadmap phase
Uncategorized
Motivation
It is difficult for an organization to know when a payment has been received without depending on proprietary software.
Exceptions
It may also be important to be notified when a payment that was initiated has not been received, or when a payment has been reversed after it had been received.

6.4 Delivery of Product/Receipt and Refunds

6.4.1 Delivery of Product

Physical Goods
Giralt orders a bicycle for his daughter through BikeSmart online and has it shipped to his home address.
Roadmap phase
1
Motivation
The purchase and delivery of physical goods via an online marketplace is one of the cornerstones of online commerce.
Virtual Goods
When Lilith buys music from a band at MusicBox and then goes to their Web site to download additional content, no registration is required, just a proof of purchase that is sent to the band's website, after which MusicBox provides Lilith a link to download the additional content.
Roadmap phase
1
Motivation
Delivery of product can happen on any site that accepts a proof of purchase that contains a recognized product identifier.
Dropshipping
Takeru orders a new backpack online and has it shipped to a nearby department store for pickup.
Roadmap phase
Uncategorized
Motivation
It is common in Japan and the United Kingdom to purchase items online and then have them shipped to a nearby department store to save on shipping.

6.4.2 Delivery of Receipt

Electronic Receipts
Ashraf pulls up to a pump at a petrol station. He pays electronically using a credit card (via his phone). A machine-readable electronic receipt for the purchase from the gas station is transferred to his phone and displayed using his favorite expense tracking software.
Roadmap phase
1 (very basic receipt container and delivery protocol)
Motivation
Standardized, machine-readable electronic receipts make it easier to track expenses, prove that certain purchases were made, file tax returns, and simplify management of unnecessary paper.
Privacy
Many merchants want to ensure that receipts are not readable by any party between them and their customer.
Security
Electronic receipts should be tamperproof such that the information can be verified to have come from the merchant issuing the receipt. One mechanism that could be employed would be the use of digital signatures over the contents of the electronic receipt.
Accessibility
Protecting digital receipts may have the unintended consequence of degrading or preventing their use with accessibility technology. It is important that protection measures do not prevent accessibility technology from reading pertinent information about the transaction.
Physical Receipts
Bongani reserves a bus ticket online using his mobile phone. At the bus terminal he taps his phone to a kiosk and receives a printed physical receipt that he can use on the bus.
Roadmap phase
Uncategorized
Motivation
There will be a transition period from the use of physical receipts and tickets to digital receipts. In some cases, physical receipts may never be replaced, so it is important to ensure that digital receipts have a mechanism to be transformed to physical receipts.
Privacy / Security
Physical receipts should ensure that private information is not exposed on the receipt.
Accessibility
Implementations should ensure that people who have visual disabilities have options such as Braille output for physical receipts alongside high-contrast / large print lettering.

6.4.3 Refunds

Basic Refund
At times, it becomes necessary to refund a payer's payment:
  • Pele buys a slice of pizza with a credit card at a local restaurant and is accidentally charged for five slices of pizza. He notices the mistake after he pays and requests a refund, which the restaurant manager approves. The overcharged funds are returned to his account.
  • Teo claims that a blender he purchased online was faulty and returns the product to the merchant. The merchant provides the customer with a refund in the form of store credit based on the return policy.
  • Should we include a scenario where the refund is to a different payment scheme, e.g., cash?
  • A financial crimes regulator identifies a criminal syndicate that is operating via a number of fake identities. The fake identities are flagged and an electronic message is sent to all payment processors to reverse all payments sent to the fake identities.
Roadmap phase
1 (if time permits)
Motivation
Some transactions are the result of human error or fault. In these cases, it is helpful to be able to reverse the transaction and provide a refund to the customer.
Regulatory
Consumer protection laws and regulations affect the ways a customer can request a refund for a defective product or service.

7. Additional Examples of the Payment Phases

Early in the document we provide an example of the payment phases. In this appendix we provide further examples to illustrate the phase steps.

Issue 5

Input is requested from experts at each organization providing services mentioned below as well as engineers and designers of technologies used below. Specifically, if the payment flows outlined below contain errors or omissions the group would like to be to ensure that the oversight is corrected as soon as possible.

7.1 Credit Card Payment (Visa, MasterCard)

This scenario outlines a typical card purchase using the "four corner model". Janet is buying an handbag online from a resale shop.

Negotiation of Purchase Terms

  • Discovery of Offer: Janet searches her favorite resale shop online to discover a gently used purse that she has always wanted.
  • Agreement on Terms: Janet selects the purse and puts it into the shopping cart before others have a chance to buy it. She agrees with the shipping terms and adds an extended warranty for the product.
  • Application of Marketing Elements: At the time of reviewing the shopping cart, she is asked if she would like the scarf which goes with the purse.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The site takes Discover, MasterCard, Visa, and debit cards along with secured money order, Bitcoin, Google Wallet, and ApplePay.
  • Selection of Payment Instruments: Janet selects her Discover rewards credit card that is highlighted by default because she had used it for a previous purchase with the merchant.
  • Authentication to Access Instruments: The merchant asks Janet for her zip code and the verification code on the back of the card.

Payment Processing

  • Initiation of Processing: The merchant initiates an payment authorization request to their payment processor.
  • Verification of Available Funds: The payment authorization request is successful and the payment processor sends a response to the merchant acknowledging that the funds are now held until the merchant finalizes the payment.
  • Authorization of Transfer: After the merchant has packed the bag for shipping, the merchant sends a message back to the payment processor to finalize the payment.
  • Completion of Transfer: The funds are immediately deducted from Janet's line of credit. The funds take 3 days to be transferred to the merchant's bank account.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: The seller sends her a digital receipt, which she receives by email and directly to her digital wallet. Her digital wallet forwards the receipt to her budgeting software. The digital wallet forwards the tracking number embedded in the digital receipt to her MyUPS Shipping Tracker mobile application.
  • Delivery of Product: The merchant's shipping department packs and delivers the bag to the shipper, which then sends it to Janet.

7.2 Tokenized Payments (ApplePay / Venmo / CyberSource)

The following scenario outlines payment using a mobile device and tokenization. The merchant has provided a mobile application that customers can download in the example below. This example may apply to various tokenization payment systems now in use, such as ApplePay, CyberSource, Venmo, and Square.

Negotiation of Purchase Terms

  • Discovery of Offer: Tom uses the Terrific-Tools mobile app to select a new ax to purchase and finds a hickory handled model like the one his father had.
  • Agreement on Terms: Tom selects the ax, which is in the price range he wanted.
  • Application of Marketing Elements: Not applicable to this particular use case.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The mobile app uses tokenized payment instruments and the Terrific-Tools Application displays the options available.
  • Selection of Payment Instruments: Tom chooses to pay with his tokenization-enabled MasterCard.
  • Authentication to Access Instruments: Tom uses the fingerprint recognition feature of his device to authenticate his payment.

Payment Processing

  • Initiation of Processing: The mobile app creates an encrypted transaction and sends it to the payment processor. The payment processor decrypts the information and processes the transaction.
  • Verification of Available Funds: Not applicable to this particular use case.
  • Authorization of Transfer: The payment processor responds back to the mobile app with an approval.
  • Completion of Transfer: The payment processor sends a transaction receipt to Terrific-Tools.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: Terrific-Tools sends a transaction receipt to the mobile app.
  • Delivery of Product: Terrific-Tools ships the ax to Tom.

7.3 Three Corner Model Payments (PayPal / Alipay / Google Wallet)

The following scenario outlines an ideal payment experience using a payer-initiated payment, also known as a "push-payment" or "three corner model payment". In this scenario, Meihui is buying an airline ticket from a booking website and during the payment process she uses her fingerprint instead of a password to authorize the payment.

Negotiation of Purchase Terms

  • Discovery of Offer: Meihui searches for a flight on the booking website. She finds a flight for the ideal price and time.
  • Agreement on Terms: Meihui selects the flight and agrees to the terms and service associated with the ticket.
  • Application of Marketing Elements: Not applicable to this particular use case.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The booking website takes Alipay, Visa, MasterCard, and China UnionPay for payment.
  • Selection of Payment Instruments: Meihui chooses Alipay for payment.
  • Authentication to Access Instruments: Meihui logs in the Alipay with her account name and password. Meihui is told that she will pay for the airline ticket with 3,500 RMB and she confirms it. Meihui uses her fingerprint to approve the payment.

Payment Processing

  • Initiation of Processing: Meihui's Alipay wallet initiates the transaction.
  • Verification of Available Funds: Not applicable to this particular use case.
  • Authorization of Transfer: Alipay initiates the payment to the booking website based on Meihui's prior fingerprint-based authorization.
  • Completion of Transfer: The booking website gets a message from Alipay that the transfer is complete.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: The booking website sees that Meihui's airline ticket order has been paid and sends a receipt message to her digital wallet.
  • Delivery of Product: The booking website sends an email to Meihui with the flight information including the airline, flight number, departure time, and gate number.

7.4 Cryptocurrency Payment (Bitcoin, Ripple)

The following scenario outlines an ideal payment experience using Bitcoin, or a Bitcoin-like cryptocurrency. In this scenario, Lenne is buying a pair of alpaca socks from an online retailer using a "buy one, get one free" coupon. The socks are shipped to her home address.

Negotiation of Purchase Terms

  • Discovery of Offer: Lenne searches for "warm socks, locally sourced" in her favorite search engine. A pair of Alpaca socks come up as the first hit as the Alpaca's are nearby where she lives and the online store (AlpacaToesCo) provides local delivery. She has a coupon in her digital wallet for the store, but forgot long ago that it is there.
  • Agreement on Terms: Lenne goes to AlpacaToesCo and puts the socks in her online shopping cart and is shown the price. Lenne provides her shipping address to AlpacaToes.
  • Application of Marketing Elements: When Lenne puts the socks in her online shopping cart, she's reminded of the "buy one, get one free" coupon she has in her wallet. She adds another pair of socks and continues with the checkout process.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The website takes Visa, Ripple, and Bitcoin for payment.
  • Selection of Payment Instruments: Lenne has a Visa card as well as a local Ripple wallet and a cloud-based Bitcoin wallet. Lenne selects her cloud-based Bitcoin wallet.
  • Authentication to Access Instruments: Since the value of the payment is less than $50, Lenne isn't asked for her two-factor authentication device to approve the purchase.

Payment Processing

  • Initiation of Processing: Lenne's cloud-based Bitcoin wallet provider initiates the transaction.
  • Verification of Available Funds: Not applicable to this particular use case.
  • Authorization of Transfer: AlpacaToesCo is sent a message from the Bitcoin cloud wallet notifying them that the transfer has been initiated. Lenne is told that she will receive a notification when the item is shipped.
  • Completion of Transfer: AlpacaToesCo gets a message from the Bitcoin cloud wallet that the transfer is complete. A Bitcoin transaction ID is included in the message so that AlpacaToesCo can release the product when the appropriate number of verifications are made on the transaction.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: AlpacaToesCo sees 6 verifications on the transaction in the Bitcoin blockchain and sends a receipt of sale to Lenne's cloud wallet. The store notifies Lenne that they have shipped her package.
  • Delivery of Product: AlpacaToesCo ships the package of socks to Lenne and she receives them the next day.

7.5 Electronic Check Payment

To be completed.

7.6 Direct Debit (SEPA Direct Debit)

The following scenario outlines an ideal payment experience using a Direct Debit (payee-initiated payment), also known as a pull payment in the context of a four corner model payment. In this scenario, Anna is signing up for electricity service via the service's website. During the payment process she will validate an electronic direct debit mandate.

Negotiation of Purchase Terms

  • Discovery of Offer: Anna connects to a utility website. She wants to setup this new utility immediately before she moves in to a new flat.
  • Agreement on Terms: Anna selects the contract she wants and agrees to the terms and service associated with the delivery of electricity.
  • Application of Marketing Elements: Not applicable to this particular use case.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The utility website takes Visa, MasterCard, and SEPA Direct Debit for payment.
  • Selection of Payment Instruments: Anna chooses SEPA Direct Debit for payment.
  • Authentication to Access Instruments: Anna provides all the mandatory data required for a valid electronic SEPA Direct Debit Mandate as well as the IBAN number associated with Anna's account. Anna is told that she is setting up a recurring payment with the utility and the payment will be automatically withdrawn at the end of the month based on her electricity consumption. She agrees to the automatic transfer by entering her secret PIN.

Payment Processing

  • Initiation of Processing: At the end of the month the utility invoice system will initiate the payment by sending an invoice by email that will be sent directly to Anna's payment service provider.
  • Verification of Available Funds: Not applicable to this particular use case.
  • Authorization of Transfer: Anna's payment service provider authorizes the transfer based on the reference ID that was validated by Anna during the Authentication to Access Instruments phase.
  • Completion of Transfer: The utility website gets a message from its payment service provider that the transfer has been completed.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: The utility website sees that Anna's direct debit mandate has been validated and sends a receipt message to her digital wallet.
  • Delivery of Product: The utility website sends an email to Anna with the contract information based on the email provided in the Completion of Transfer message sent to her payment service provider.
  • Refunds: Anna could request a refund by contacting her bank if something goes wrong with the Direct Debit.

7.7 Credit Transfer (SEPAmail)

The following scenario outlines an ideal payment experience using a payer-initiated payment, also known as a push payment in the context of a four corner model payment. In this scenario, Anna is buying a very expensive piece of furniture that costs far more than the maximum amount allowed by her payment card. She pays using her bank account via her bank's website.

Negotiation of Purchase Terms

  • Discovery of Offer: Anna browses a Furniture website. She wants to buy a desk for her new flat.
  • Agreement on Terms: Anna selects a heavy oak antique desk from the 17th century.
  • Application of Marketing Elements: Not applicable to this particular use case.

Negotiation of Payment Instruments

  • Discovery of Accepted Schemes: The furniture website takes Visa, MasterCard, and SEPA "Credit Transfer via SEPAmail" for payment.
  • Selection of Payment Instruments: Anna chooses "Credit Transfer via SEPAmail" for payment and provides a tokenized version of her IBAN account number. The furniture website sends a "payment request" to its payment service provider which will forward it to Anna’s bank.
  • Authentication to Access Instruments: Anna connects to her bank's website where the payment request is pending approval.

Payment Processing

  • Initiation of Processing: Anna approves the payment request.
  • Verification of Available Funds: The availability of funds is verified by Anna's bank.
  • Authorization of Transfer: The funds transfer is automatically authorized by Anna's bank.
  • Completion of Transfer: Anna's bank sends the Credit Transfer, as well as a payment report (analogous to a signed receipt) to the furniture website's payment service provider. The furniture website gets a message (also known as a "payment advice") from its payment service provider that the transfer is complete depending of the Scheme of Credit Transfer used: within 24 hours for a SEPA Credit Transfer, often longer in International Credit Transfer outside Europe.

Delivery of Product/Receipt and Refunds

  • Delivery of Receipt: The furniture website sees that Anna's credit transfer has been received and sends a receipt by email to Anna based on the email address included in the payment report.
  • Delivery of Product: The piece of furniture is shipped to Anna.
  • Refunds: Anna must contact the furniture website directly since the credit transfer cannot be reversed since she initiated it.

A. Future Work

B. Acknowledgements

The editors wish to thank the participants of the Web Payments Interest Group for discussions about and contributions to this document, as well as the Web Payments Community Group for earlier work that informed this document.

C. References

C.1 Informative references

[WCAG20]
Ben Caldwell; Michael Cooper; Loretta Guarino Reid; Gregg Vanderheiden et al. Web Content Accessibility Guidelines (WCAG) 2.0. 11 December 2008. W3C Recommendation. URL: http://www.w3.org/TR/WCAG20/