[DRAFT] Web Payments Working Group Charter

deleted text: <p> <a href="http://w3c.github.io/webpayments-ig/latest/charters/payments-wg-charter.html"> See the Editor's Draft of the charter </a> for the latest version. </p>

The mission of the Web Payments Working Group is to make payments easier and more secure on the Web, through incremental improvements to Web infrastructure that support and facilitate payments.

Note : For more information about roles involved in this payment flow (e.g., payer, payee) and some terms used in the payments industry (e.g., payment scheme), please see the Web Payments glossary .

@@Join the Web Payments Working Group.

End date	31 December 2017
Confidentiality	Proceedings are public
Initial Chairs	CHAIR INFO
Initial Team Contacts (FTE %: 50%)	Doug Schepers, Ian Jacobs
Usual Meeting Schedule	Teleconferences: Weekly Face-to-face: 2-3 per year

Goals

Under this initial charter, the Working Group defines standards that ease integration of the payments ecosystem into the Web for a payment initiated within a Web application.

We anticipate the following benefits of this work:

Streamlined payment flow , which is expected to reduce the percentage of transactions abandoned prior to completion ("shopping cart abandonment").
Increased customer satisfaction due to additional payment options available to users (achieved by decoupling the payer's user agents, digital wallets, and payment instruments).
Improved transparency and confidence in digital payments for consumers as a result of increased choice and standardised standardized flows and experiences.
Improved security and privacy by providing information only to those parties that require it to complete a transaction.
Easier integration of new payment schemes by payment service providers, increasing the variety of payment instruments accepted by payees.
Easier deployment of digital wallets from banks, retailers, mobile operators, card networks, and other providers, enabling innovation and differentiation from value-added services based on location, mobile banking, marketing relationships, and so on.
Lower costs for merchants due to increased competition between payment instrument providers and easier adoption of new instruments.
Added value through machine-readable digital payment requests and payment responses.

Scope

A payment, on the Web today, ordinarily starts on a payment page where the payer must manually select a payment scheme , manually select their own payment instrument for that payment scheme, manually capture the details of that instrument into the page (along with any other essential data such as a shipping address) and then submit this data back to the payee. The payment data briefly passes through the Web (from the payer's user agent to the payee's server) on its way to a payment processor. At that point, much of the communication to complete a payment takes place among banks, card networks, and other parties in the payment ecosystem typically outside of the Web.

Various parties have innovated ways to simplify this flow, for example by caching payment instrument information in browsers, registering users on eCommerce websites to facilitate re-use of customer data and/or payment credentials (increasingly through the use of tokenization), and even developing new payment schemes. Unfortunately, these efforts suffer from a lack of standardization in areas such as:

the high level flow of a Web payment;
the programming interfaces between the various parties (such as between user agent and Web application);
the messages exchanged between these parties over the Web.

The result is that users are led through entirely different flows deleted text: and verification routines every time they make a payment on the Web.

To reduce this fragmentation, this Working Group will create open Web standards for the programming interfaces in and out of the Web context. This will increase interoperability between payer and payee systems (for existing and future payment schemes), and encourage greater automation of the steps in a typical payment. The programming interfaces between the payment schemes and the Web are usually at the user agent and the Web application, therefore the scope of the initial charter is focused on the interactions between these two components and the external actors that will interface directly with them. Note: These standards may also prove useful in a "native" application context, but this group is not focused on that use case.

The group will focus primarily on standardisation standardization of a set of messages and a message flow for the initiation, confirmation and completion of a payment. By focusing on the message format and flow, the group leaves open the standardisation standardization of the delivery mechanism for these messages as this will vary depending on the use case and technology stack. To support use cases where messages are proxied between payer and payee using different technologies, the group will standardize delivery mechanisms for common scenarios. This will include WebIDL APIs for the use cases where the messages are proxied between payer and payee via a Web browser or Web APIs where the messages are exchanged directly over the Web between two online entities in the classic REST pattern.

Note: This group is chartered to standardize programming interfaces; not user interfaces.

For more information about Web Payments activities beyond the scope of this charter, see the Web Payments Interest Group description below.

Payment Flow

The scope of work supports the following elements of a basic purchase triggered by payment initiation through a Web application. These standards define a high-level message flow for a payment from payer to payee either in the form of a credit push (payer initiated) or a debit pull (payee initiated) payment, and can be used to facilitate a payment from any payment scheme. They involve:

Pre-Payment

Registration , by the payer with their wallet , of any conforming payment instrument they wish to use on the Web (a credit or debit card, electronic cash, cryptocurrency, etc).

Negotiation of Terms

Payment Initiation Request , by the payee to the payer providing the terms of the payment including elements such as the accepted payment schemes, price, currency, recurrence, transaction type (purchase, refund, etc.), timeout and requests for any additional data that is required from the payee.

Negotiation of Payment Instruments

Discovery , by the payer, of their available payment instruments that can be used to make the payment. This is done by matching those registered by the payer with those supported by the payee (as defined in the Payment Initiation Request), while keeping information local to the payer.
Selection of a payment instrument by the payer, confirmation of the terms, and sending of any requested data back to the payee for validation.

Payment Processing and Completion

Execution of the payment by either payer or payee.
Delivery of a Payment Completion generated by the entity that executed the payment. This may contain a Proof of Payment if supported by the payment scheme.

Web Payments Basic Payment Flow — **Figure 1:** An example basic payment flow where messages are proxied via a user agent.

The group will also address exceptions that may occur during these steps, including payment authorization failure.

Security and Privacy Considerations

Security is obviously critical in payments. While the initial work of the group will leave much of the required security and authentication (e.g., encryption and digital signatures) to payment schemes, it is important to ensure that any additions to the Web platform are secure and tamper-proof. The ability to manipulate any message in a payment flow has potentially massive financial impact. Therefore the ability to prove message integrity and verification authentication of all message originators should be a key consideration for any work done by the group.

W3C is planning to charter other The Working Groups to develop standards, covering topics such as security, that Group will be important consider how existing payment schemes address security requirements. In addition, W3C is developing additional security-related specifications in facilitating payments on the Web. The current other groups. This Working Group will follow that work to help ensure compatibility with the payment flow standards produced by described in this Working Group. charter. In particular, this group will may consider how the role of hardware-based solutions may be used to generate and store secrets for secure in securing transactions, and how the role of hardware devices may be used to verify a user's authenticity in authenticating users via biometry or other mechanisms.

Protection of the privacy of all participants in a payment is essential to maintaining the trust that payment systems are dependent upon to function. Any payment process defined by the group should not require disclosure of private details of any of the participants' identity or other sensitive information without their explicit consent. The design of any public facing API should ensure it is not possible for guard against the unwanted leakage of such data deleted text: to be leaked through exploitation of the API.

Relation to Wallets

The standards from this group may be implemented in a variety of ways, including within stand-alone Web or native applications, within applications in the Cloud, within user agents such as Web browsers, or in the form of user agent extensions or plug-ins. Some of the capabilities provided by the standards from this group can be found in today's digital wallets and various other Web services. Because the "digital wallet" concept is useful as a shorthand, but means different things to different audiences, this charter includes the following definition to clarify the intent of this group.

In this charter we define a wallet as a software service, providing similar functions in the digital world to those provided by a physical wallet, namely:

It holds and allows access to payment instruments registered by the payer.
It provides logic to support certain payment schemes and enables the payer to use registered payment instruments to execute a payment in accordance with the rules and processes of that scheme.
It may hold digital assets, in the form of one or more account balances, that can be used to make payments.
It may enrich the payment flow by implementing business logic for loyalty, coupons, ticketing or other function that is complimentary complementary to its payment capabilities.

This group is not developing standards for all digital wallet capabilities: this charter's scope is limited to payment flow capabilities. At the same time, this definition of wallet is not intended to constrain W3C's future activities. Indeed, W3C anticipates a rich ecosystem of eCommerce and payment functionality on the Web, including loyalty schemes and coupons, digital receipts, digital credentials, location services, marketing additions, and more. Some of this functionality may be provided by a digital wallet, or by other services available to the payer. This charter does not seek to preclude those additional services, and in the future W3C may look for opportunities increase the interoperability of such services. The wallet metaphor appropriate to this charter may change in future charters or may be dropped if no longer relevant.

This Working Group intends to create a standard interface from the Web to a payer's wallet so that someone with any a conforming wallet can seamlessly make payments with any a conforming application running in a conforming user agent. The group may define APIs that will also be used outside of a user agent context (such as between Web services, or from within a native application, where the browser is not the proxy between wallet and payee application).

On Multiple Wallets

In the design of these standards, the Working Group will not assume that each user has only one wallet. In this charter, the phrase "the payer's wallet" is shorthand for "the payer's wallet(s)" as the payer may have multiple wallets.

The Working Group may consider the use case where an aggregation service acts as a more sophisticated wallet service or providing provides a wider choice of payment solutions to the payer. For example, the aggregator service might combine the functionality of multiple wallet services, or apply more complex algorithms to discover and collect the set of payment instruments available to the payer.

Out of Scope

This group will not define a new payment scheme, or redefine that which is already addressed today by payment schemes. The standards from this group will provide a channel for protocols and messages defined by payment schemes.

Deliverables

Recommendation-track deliverables

Web Payment Vocabularies 1.0

The Working Group will develop machine-readable vocabularies (that is, schemas) for the following:

Payment Scheme Description : used by payees to represent accepted schemes, and by payers to represent their available payment schemes and instruments.
Payment Terms Description : used to define the terms requested by the payee in the payment initiation request and the terms accepted by the payer in the payment initiation response. It includes information such as amount, currency, payee account information, recurrence, transaction reference and any scheme specific scheme-specific data that is required.
Proof of Payment : a deleted text: verifiable payment authorization from the account provider to the payee. The proof must include information about the payment request (a transaction reference or similar) and the payer's payment instrument.

Web Payments 1.0

The Working Group will define standard request and response messages for:

Registration of a Payment Instrument : A payer wallet service processes a registration request and, with user mediation as required, adds a new payment instrument to the payer's wallet.
Web Payment Initiation : The payee passes a payment request to a payer wallet service which returns the details of the payment initiation response. The payer should be presented with a set of payment instruments for selection and prompted to provide any other required data to pass back to the payee.
Web Payment Completion : The payee passes a payment completion request to a payer wallet service which returns the details of the payment completion response. If this the payment was a payer-initiated payment, payer-initiated, this is the trigger for the wallet service to execute the payment payment; otherwise this is a message advising of the result of a payee initiated payment.

The Working group will standardize the delivery mechanism for these messages in at least the following scenarios:

WebIDL API : Where the payment messages may be proxied between a Web application and the payer's wallet service via a WebIDL API hosted by the user agent.
Web services API : Where request messages may be passed to a Cloud-based wallet service via that service's REST API endpoint(s) and where HTTP may be used to pass responses to other Web services.
Inter-app on mobile devices (Optional) : If possible the group will standardize a delivery mechanism for payment messages between apps on a mobile device so that wallet apps can seamlessly interface with Websites running inside the mobile device's user agent.

Test Suites

The Web Payments Working Group anticipates developing test suites for Recommendation-track specifications it develops.

Milestones

Specification	<acronym title="First Working Draft"> FPWD </acronym>	<acronym title="Candidate Recommendation"> CR </acronym>	<acronym title="Proposed Recommendation"> PR </acronym>	<acronym title="Recommendation"> Rec </acronym>
Note: The group will document significant changes from this initial schedule on the group home page.
Web Payment Vocabularies 1.0	March 2016	July 2016	April 2017	June 2017
Web Transactions Payments 1.0	April 2016	September 2016	September 2017	November 2017

Optional Deliverables

Card Payments 1.0

A very large proportion of payments on the Web are conducted using payment cards from one of the global card schemes. The group should attempt to define a standardized specialisation specialization of the payment flow specifically for payment cards.

A generic card payment standard could:

Demonstrate how a debit-pull payment scheme should be implemented using the Web Payments 1.0 standard.
Take advantage of new security technologies such as EMVco Tokenisation Tokenization to improve on the existing methods of using cards on the Web.
Standardize a single payment scheme that is reusable by all payment card schemes globally to kick-start adoption of the Web Payments 1.0 standard.

Instrument Discovery Good Practices

This charter does not include a deliverable for a standard mechanism to discover — via the payer's wallet— available payment instruments. However, the Working Group may document good practices and recommend algorithms for the discovery of payer payment instruments.

Dependencies and Liaisons

W3C Groups

Web Payments Interest Group: The Web Payments Interest Group acts as the overall coordinator at W3C of a vision for Web Payments, by gathering Web Payments Use Cases , engaging in liaisons with other payments standards bodies, and developing a high-evel high-level architecture. The group intends to explore more eCommerce scenarios than are represented in the current Working Group charter, such as digital receipts; loyalty programs and coupons; peer-to-peer payments; and harmonization of user experience in-browser, in-app, and in-store. From time to time, the Interest Group will seek feedback from the Working Group on its evolving vision, and share information about the evolution of the Web payments technology landscape. The Interest Group may also propose new Working Groups to cover topics such as identity, credentials and commerce (including invoicing, receipts, loyalty programs, coupons, discounts, and offers). The Web Payments Interest Group also expects to provide technical input to this and other relevant W3C Working Groups, based on a detailed analysis of the relevant Web Payments Use Cases .
Web Payments Community Group: Research and incubation of ideas for consideration by this group.
Privacy Interest Group: For privacy reviews.
Web Security Interest Group: For security reviews.
Internationalization Core Working Group: Internationalization and localization review.
deleted text: <a href="/2012/webcrypto/"> Web Cryptography Working Group </a> </dt> <dd> Consultation on encryption of messages that are part of these APIs. </dd> <dt> Protocols and Formats Working Group (and successor): To help ensure the protocols support accessibility.

This group will also collaborate with future W3C Working Groups developing authentication protocols.

Groups Outside W3C

EMVCo: EMVCo administers all the originial original specifications known as EMV, including specifications about card tokenization.
IETF: Consultations with the IETF Crypto Forum Research Group (CFRG) on cryptography, as well as the "IETF Security Area Advisory Group .
GSMA: GSMA is an industry association of mobile network operators with near global coverage.
ISO TC 68: Coordination with ISO TC 68 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 20022).
ASC (Accredited Standards Committee) X9: Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).

In addition, for the Care Card Payments 1.0 specification, the Working Group will need to collaborate with the owners administrators of existing global card schemes.

Participation

To be successful, the Web Payments Working Group is expected to have active participants for its duration. Effective participation in Web Payments Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.

Communication

This group primarily conducts its work on the public mailing list public-payments-wg@w3.org (archive). Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Web Payments Working Group home page.

Decision Policy

As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the deleted text: resolution in draft minutes, available from the WG's calendar or home page. resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (1 August 2014 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .

About this Charter

This charter for the Web Payments Working Group has been created according to section 6.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Participants of the Web Payments Interest Group
See the the Editor's Draft of the charter .

Copyright © 2015 <acronym title="World Wide Web Consortium"> W3C </acronym> ^® ( <acronym title="Massachusetts Institute of Technology"> MIT </acronym> , <acronym title="European Research Consortium for Informatics and Mathematics"> ERCIM </acronym> , Keio , Beihang ), All Rights Reserved.

$Date: 2015/07/17 23:31:22 2015/07/20 19:44:27 $