Web Payment Security Interest Group Charter
The mission of the Web Payment Security Interest Group is to enhance the security and interoperability of various Web payments technologies. The group pursues its mission by creating a forum for organizations to define areas of collaboration and identify gaps between existing technical specifications in order to increase compatibility among different technologies.
It is not part of this group’s mission to establish dependencies between specifications or to endorse products or implementations.
| Start date |
|
|---|---|
| End date |
|
| Chairs |
|
| Team Contacts | Ian Jacobs (FTE %: 5) |
| Meeting Schedule |
Teleconferences:
Teleconferences
to
be
held
as
required.
Face-to-face: Participants generally meet during the W3C's annual Technical Plenary week; additional face-to-face meetings may be scheduled by consent of the Participants, usually no more than 2 per year. |
Introduction
The payments ecosystem is complex and undergoing significant change due to technology advances, the rise of mobile computing, regulatory changes, faster payments initiatives, and more. The complexity and rapid changes increase the challenge of securing end-to-end payments and ensuring privacy protection.
Each of the Founding Organizations —EMVCo, the FIDO Alliance, and W3C— has undertaken steps to improve online payment security. As those efforts have matured, it has become more apparent that greater coordination will help ensure compatibility and foster broader deployment.
In particular, the organizations acknowledge the growing importance of strong customer authentication in payments and other interactions. For example, the FIDO Alliance is simultaneously collaborating with W3C (on Web Authentication) and with EMVCo (related to EMV® 3-D Secure) on strong authentication solutions. The organizations recognize the value of building and sharing a vision of the future of strong authentication on the Web, including streamlining the user experience.
Scope
Interest Group Activities in Scope
- Formulate a vision: Formulate a vision for improving Web Payment Security, taking into consideration a variety of payment methods.
- Describe use cases: Collect industry needs at the high level of desired functionality. However, because Participants make no patent licensing commitments by virtue of participation in this forum, discussion of specification details, including potential changes to existing specifications, remains out of scope.
-
Conduct
and
maintain
gap
analyses
:
Gain
understanding
of
whether
current
or
planned
technology
can
be
used
to
enhance
security
and
interoperability
of
Web
payments.
This
activity
may
include:
- identification of gaps;
- interpretation of specifications.
- identification of potentially conflicting requirements;
- use of prototypes and mockups as tools for understanding;
- identification of which organization(s) should address issues.
- Liaise: Build a shared understanding of how the work of the Partner Consortia relates, in order to foster compatibility and interoperability, and avoiding conflicting requirements. This activity may include discussions with other groups, standards organizations, regulatory agencies/bodies, and Web developers.
- Communicate: Communication of Interest Group vision, use cases, and best practices to the broader community.
- Identify standardization opportunities: Identification (e.g., through use cases) of capabilities that exist or need to be created to improve Web payment security and interoperability.
Activities Out of Scope
- Development of technical specifications.
-
Consistent
with
W3C's
Antitrust
and
Competition Guidancecompetition policy , the group will not discuss specific products or implementations.
Web Payment Security Topics in Scope
This Interest Group discusses the intersection of the activities of the Partner Consortia around payments and authentication. Within that scope, the Interest Group will address these topics:
- Technology compatibility / interoperability
- Fraud reduction mechanisms, including through strong customer authentication and data security
- Privacy protection
-
Emerging
rules
and
regulations
(e.g.,
in
Europe,
updated
Payment
Services
Directive 2 (PSD2) in Europe)Directives and regulation related to digital credentials and payments) - Harmonization with other standards activities (e.g., ISO 20022)
Topics Out of Scope
- Topics internal to a Partner Consortium that do not require collaborative discussion.
Deliverables
Although the Interest Group may publish vision, use cases, gap analyses or other deliverables consistent with the scope of this charter, the expectation is that such deliverables will be rare. Instead, conversations are likely to be redirected at the appropriate time to the most relevant group.
This Interest Group might recommend standardization activities in any of the Founding Organizations, and participation in that standardization work would follow the general rules of those organizations.
For all Group Notes, this Interest Group will seek horizontal input and review for accessibility, internationalization, performance, privacy, and security with the relevant Working and Interest Groups, and with the Technical Architecture Group (TAG).
Deliverable Maintenance
The Interest Group anticipates maintaining its previously published deliverable:
Participation
Interest
Group
Participants
("Participants")
are
eligible
participants
of
Partner
Consortia
and
Invited
Experts
.
All
participants
must
follow
the
W3C
Code
of
Ethics
and
Professional
Conduct
and
W3C's
Antitrust
and
Competition
Guidance
competition
policy
.
Participation in this Interest Group will not preclude or interfere with any collaboration (bi-lateral or multi-lateral) between any set of Participants under terms developed and agreed to outside the context of this Charter.
Each Partner Consortium will provide a registration mechanism for its eligible participants .
Founding Organizations
The Founding Organizations for this Interest Group are EMVCo , the FIDO Alliance , and W3C .
Partner Consortia
A Partner Consortium is either:
- A Founding Organization, or
- A Member Consortium that is invited by the Founding Organizations to participate, and that accepts the invitation. All Founding Organizations must support an invitation. Such an invitation is revoked when any Founding Organization no longer supports it. Each Founding Organization establishes its own internal process for reaching a decision to invite a Member Consortium to participate or revoke that invitation. A Member Consortium that seeks an invitation should contact the co-Chairs.
Participant Eligibility
Each Partner Consortium determines which people associated with the Partner Consortium are eligible to participate in this Interest Group. For the Founding Organizations:
- From W3C: W3C staff and W3C Member representatives .
- From EMVCo: EMVCo staff and employees of any EMVCo Member. This does not include Associates and Subscribers. However, EMVCo staff may also invite an Associate or Subscriber to participate, in which case that organization's employees become eligible to participate in this Interest Group on behalf of that organization.
- From FIDO: FIDO staff and employees of any FIDO Member.
Each Member Consortium invited by the Founding Organizations must declare its participant eligibility policy prior to joining the group.
Invited Experts
From
time
to
time,
the
Founding
Organizations
may
invite
individuals
with
expertise
to
participate
who
are
not
employees
of
a
Partner
Consortium
or
its
Membership.
These
individuals,
who
must
be
invited
with
the
unanimity
of
the
Chairs,
participate
under
the
W3C
Invited
Expert
and
Collaborator
Agreement
and
according
to
the
W3C
Process
for
Invited
Experts
.
These
individuals
must
disclose
employment
affiliation
when
participating
in
W3C
work.
Communication
The Founding Organizations operate under different confidentiality levels. To best accommodate diverse requirements, and because this Interest Group does not publish technical specifications, Participants generally communicate in non-public channels. By joining the Interest Group, all Participants agree to keep such information "non-public" according to terms specific to each Partner Consortium (e.g., W3C participants agree to keep the communications of this group Member-only ).
This group primarily conducts its discussions on the non-public mailing list member-wpsig@w3.org ( archive ).
Non-public artifacts of the Interest Group must indicate the appropriate level of visibility for all the Partner Consortia.
Each Partner Consortium may archive and distribute non-public communications within its own membership (including participants in EMVCo programs, such as Associates and Subscribers).
In general, each Partner Consortium does not plan to share its own confidential materials with the other Partner Consortia. Participation in this group does not grant access to other non-public information outside of this group's activities.
Public Communications
From time to time and where there is consensus to do so, the Interest Group may make available public summaries or statements to keep the community apprised of its progress or suggestions.
From time to time (e.g., when seeking feedback on deliverables), this Interest Group collaborates with other groups that operate in public. After consultation with WPSIG participants, the Chairs can (and should) organize meetings with these groups where the proceedings are public. The agenda of any such meeting will state the confidentiality level.
Decision Policy
The Chairs of the Interest Group will pursue consensus decisions among the Participants for matters involving deliverables or group operations.
Copyright Licensing of Public Deliverables
This Interest Group will use the W3C Software and Document license for any material published with the consensus of the Participants.
About this Charter
Each Founding Organization will determine the process by which it approves this charter.
Charter History
The following table lists details of all changes from the initial charter, per the W3C Process Document (section 4.3) :
| Charter Period | Start Date | End Date | Changes |
|---|---|---|---|
| Initial Charter | 17 April 2019 | 25 March 2021 | N/A |
| Rechartered | 13 April 2021 | 24 March 2023 | Minor clarifications; see diff from initial charter . |
| Rechartered | 28 March 2023 | 14 March 2025 | No changes since previous charter. |
| Rechartered | 1 April 2025 | 31 March 2027 | Editorial changes since previous charter. |