Payment Industry Priorities: Meeting Summary of Web Payments IG

2014 is the year of Web Payments for W3C. After a March Workshop to bring the community together, and a focused effort to draft a charter for a new steering group, we announced the launch of a new Web Payments Activity in October. The new Web Payments Interest Group began work in earnest the last week of October, during W3C's annual big meeting called TPAC.

Despite the very short time between the launch of the group and the first face-to-face, more than 50 people participated in two days of good discussion. One major achievement at this meeting was to welcome representatives from major stakeholders groups involved in the payment chain: people from the telecom industry (e.g. Orange, Verizon, AT&T, Deutsche Telekom), browser makers (e.g. Opera), big retailers (e.g. NACS, Walmart), Internet giants (e.g. Paypal, Verisign, Intel), finance industry (e.g. Gemalto, Bloomberg), banks (e.g. Rabobank, World Bank), regulators (US Federal Reserve), and few startups joined their force to start this new activity. The variety of the participants, their interests and perspective was recognized as one of the greatest value of this initiative by the participants themselves.

On the technical side, obviously a first meeting is dedicated to build a common ground between participants, and ensure that we are all aware of the space in which we are working. A big part of the agenda was therefore dedicated to reviewing various specifications from ISO, X9 and a few other standardization bodies. We also reviewed existing work at W3C, on the Recommendation Track (Web Crypto WG, NFC WG, Sysapp WG), in Community Groups (Web Payments CG, Credential CG) and future work in areas like trust and permissions (see the recent workshop on this topic).

We then discussed our initial scope, and in particular, our focus on wallet, that the group is calling for now “payment agent.” The group first decided it will first address the person-to-business case, where someone is paying a bill issued by an organization (private or public, which includes person-to government payments).

Then the group decided to focus on convergent payment solutions, developing a wallet framework that will support both online and brick & mortar store payments. Finally one of the key work items will be security and how to increase security of credit card payments on the Web by enabling tokenized payment and push-based payments. Push-based payments are payments initiated by users: the merchant sends a bill to the customer who then sends an order to his payment system provider to pay the merchant. All the parties in the room agreed on the need to move out of exchange of credit card information for payments, and enable these new approaches through open standards. It was clear in the room that secure hardware storage has a big role to play here, particularly secure elements for both emulating credit cards and for managing identity and credentials securely.

Lastly, the group also held a number of discussions around privacy. Customers should be allowed to decide which information they wish to share with various parties to a transaction. There are also external forces such what is required required by regulation (e.g., minimal age to buy specific product, or money laundering detection) or for anti-fraud systems. There is clearly a tension between various parties on this topic that we must address.

The group has created two task forces too begin work on a detailed roadmap identifying technology gaps and opportunities for standardization:

• The Use Cases Task Force will take a bottom-up approach, identifying the list of scenarios that a payments framework should be able to address. The task force with work on requirements, design criteria and use-cases that will enable the design of a wallet architecture. The task force will first review various use-case documents produced by various W3C and non-W3C groups such as the W3C Web Payments Community Group, and X9 use-cases for ISO 12812 specifications.
• The Payment Agent Task Force will have a more top-down approach and will work towards proposing a disaggregated architecture based on the discussions we had during the meeting.

We hope to accelerate results by approaching the question from these two angles. Now is a great time to join the group and help shape the roadmap, before the group's next face-to-face meeting in Q1 2015.