IRC log of wpay on 2017-02-17

Timestamps are in UTC.

13:59:23 [RRSAgent]
RRSAgent has joined #wpay
13:59:23 [RRSAgent]
logging to http://www.w3.org/2017/02/17-wpay-irc
13:59:41 [Mark_Tiggas]
Mark_Tiggas has joined #wpay
14:01:08 [manu]
Meeting: Web Payments IG - Vision 2017 Task Force Meeting
14:01:15 [manu]
rrsagent, make logs member
14:01:24 [manu]
rrsagent, make minutes
14:01:24 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/02/17-wpay-minutes.html manu
14:01:51 [Ian]
RRSAgent, set logs member
14:01:56 [jeff]
jeff has joined #wpay
14:02:03 [Ian]
Chair: Ian
14:02:05 [Ian]
present+
14:02:08 [Ian]
present+ AmyZ
14:02:09 [jeff]
Webex access #?
14:02:12 [Ian]
present+ MarkTiggas
14:02:30 [jeff]
Webex Meeting #?
14:03:20 [jeff]
present+ jeff
14:04:02 [Ian]
agenda+ Web-based Digital Wallets
14:04:22 [Ian]
present+ AdamLake
14:04:27 [Ian]
present+ Natasha
14:04:56 [Ian]
present+ Manu
14:05:18 [Ian]
zakim, take up item 1
14:05:18 [Zakim]
agendum 1. "Web-based Digital Wallets" taken up [from Ian]
14:05:25 [Ian]
https://docs.google.com/presentation/d/1A0Kv1A66eTw4_YMXjLXT-RQR0WDLwlqoiL_meoX1Jt8/edit
14:05:40 [Ian]
scribe: ian
14:06:35 [ken]
ken has joined #wpay
14:07:33 [manu]
https://docs.google.com/presentation/d/1A0Kv1A66eTw4_YMXjLXT-RQR0WDLwlqoiL_meoX1Jt8/edit
14:07:57 [Ian]
Manu: This proposal is a bit different from the other proposals. It is more about coordination of work than new standards work
14:08:09 [Ian]
..the focus is web-based digital wallets
14:08:15 [jeff]
q+
14:08:18 [Ian]
...we are using the term "digital wallet" for now
14:08:34 [Ian]
...combine payments, loyalty, offers
14:08:48 [Ian]
ack jeff
14:08:59 [dezell]
dezell has joined #wpay
14:09:10 [Ian]
jeff: currently we are doing some standards work in payment. In loyalty and offers I'm not familiar with work in working groups...
14:09:33 [Ian]
Manu: currently there are three groups (at different levels of maturity) - digital offers community group, which has a goal of creating a WG.
14:09:48 [Ian]
..then we have payments WG and also verifiable claims we hope becomes a WG
14:10:24 [Ian]
...so one activity of the IG could be to help coordinate the work such that web-based payment apps could be as powerful as native
14:10:51 [Ian]
Jeff: Digital offers is not far along yet; caution about considering it certain
14:10:58 [dezell]
Present+ dezell
14:11:00 [Ian]
Manu: My assumption is that it will be successful in the future
14:11:55 [Ian]
[IJ plans to try to keep this discussion to 9:35 ET)
14:12:03 [Ian]
[Manu reviews coffee shop scenario]
14:13:28 [Ian]
Manu: The scenario ties together web payments, digital offers, and verifiable claims
14:13:43 [Ian]
..the scenario can be generalized to all retailers.
14:13:53 [Ian]
* Retailer provide digital loyalty card
14:14:01 [Ian]
* Retailer delivers digital offer to customer via the card
14:14:07 [Ian]
* Customer acts on the digital offer to perform a purchase
14:14:29 [dezell]
q?
14:14:54 [Ian]
[Slide 4 on problems for stakeholders]
14:15:48 [ShaneM]
ShaneM has joined #wpay
14:15:50 [todd_a]
todd_a has joined #wpay
14:15:56 [Ian]
customers: value? spam? app fatigue?
14:16:42 [Ian]
...people don't want to install apps; app retention rate low; people don't want to install loyalty apps
14:17:04 [Ian]
retailers: loyalty programs are limited and expensive, typically tied to POS integration
14:18:31 [Ian]
consumers want real-time offers...requires digital but very few offers are digital right now; mostly print
14:18:47 [Ian]
q+
14:19:51 [dezell]
q+
14:19:52 [Ian]
IJ: I hear coupon industry wedded to print
14:20:01 [Ian]
...any data on obstacles we can address to get to digital offers?
14:20:11 [Ian]
Manu: Don't have that data and hope the CG can work on that
14:20:25 [Ian]
...we don't need CPG companies for this particular strategy
14:20:34 [Ian]
...this strategy is mostly for small retailers
14:20:36 [Ian]
ack de
14:20:40 [Ian]
ack me
14:21:04 [Ian]
dezell: the resistance to coupons is an ecosystem resistance. it's not just one particular stakeholder
14:21:18 [Ian]
present+ Ken
14:21:22 [Ian]
zakim, who's here?
14:21:22 [Zakim]
Present: Ian, AmyZ, MarkTiggas, jeff, AdamLake, Natasha, Manu, dezell, Ken
14:21:25 [Zakim]
On IRC I see todd_a, ShaneM, dezell, ken, jeff, Mark_Tiggas, RRSAgent, Zakim, Ian, trackbot, ted, dlehn, dveditz, Dongwoo, mkwst, nicktr, AdrianHB, cwilso, adam, schuki, manu,
14:21:25 [Zakim]
... dlongley, csarven
14:21:46 [Ian]
dezell: There's a lot of capital investment in physical copuons
14:21:52 [Ian]
..this is one of the things that slows this down
14:22:08 [Ian]
...at the IG's FTF meeting I intend to try to get guests who know this in more detail
14:22:30 [Ian]
manu: CPG have an "anemic" digital offer strategy; those coupons are not widely redeemable
14:22:36 [Ian]
..there ARE a number of entrenched interests
14:22:56 [Ian]
...understanding that is the job of the digital offers CG, but is not really critical to this proposal.
14:24:03 [Ian]
[Slide 5 - ecosystem]
14:24:44 [Ian]
Customers want loyalty programs to scale across devices
14:26:19 [Ian]
[Slide 7 - benefits to customers]
14:27:20 [Ian]
IJ: What does interop look like if problem is matching customer loyalty and retailer loyalty?
14:28:43 [dezell]
q+
14:29:29 [Ian]
IJ: I would not expect to be a user of loyalty program A with loyalty program B....I expect merchants would want to support multiple loyalty programs potentially.
14:29:41 [Ian]
..and so the analogy is that you want a single POS terminal
14:30:16 [Ian]
ManU: Right - the way you express loyalty is interoperable; the loyalty service providers are different
14:30:32 [dezell]
q?
14:30:32 [Ian]
Adam: The average household has 29 loyalty programs...and typically they would need a different app for each
14:31:23 [Ian]
ack de
14:31:39 [Ian]
IJ: I understand protocol interop, but I don't see loyalty services going away.
14:31:55 [Ian]
dezell: the analogy to cards is a good one...there used to be one card per program
14:32:05 [Ian]
.e.g., each gas station had their own card
14:32:13 [Ian]
...and companies did not want their cards used at other merchants
14:32:21 [Ian]
..but consumers wanted interop
14:32:31 [Ian]
...standards came about and that carried the day
14:33:49 [Mark_Tiggas]
q+
14:33:58 [Ian]
Manu: What we are proposing is not to centralize or minimize...we want retailers to provide loyalty cards that are specific to that retailer
14:34:03 [Ian]
...they only want it to be used at their location
14:34:22 [Ian]
(But that is my point - you will then have N loyalty cards, each working in a small number of shops)
14:35:06 [Ian]
[Manu proceeds through additional incentives]
14:35:43 [Ian]
Manu: Software vendors want to be able to innovate in loyalty without entering the POS space
14:35:53 [Ian]
..they want to be able to provide digital wallets that include digital offers
14:36:25 [Ian]
[Demand for Ecosystem]
14:36:41 [Ian]
...people want digital coupons but only 2.5% are digital today, so there's a bit opportunity
14:37:06 [Ian]
...digital coupons constitute 6% of redeemed coupons even though they constitute a much smaller proportion of all coupons
14:37:20 [dezell]
Manu, suggest you include the redemption gap - reportedly %20 of face value (loss to merchant) for paper coupons.
14:37:45 [Ian]
[Why W3C]
14:37:52 [Mark_Tiggas]
q-
14:38:29 [Ian]
Manu: I think part of vision needs to be weaving w3c technologies together to compete with native apps
14:39:08 [jeff]
q+
14:39:37 [Ian]
Mark: On centralization - had there been a ubiquitous commercial network when cards developed we may not have ended up with a centralized model
14:39:37 [ted]
Present+ Ted
14:39:43 [Ian]
...one problem in the past was hub and spoke for comms
14:39:45 [Ian]
ack jeff
14:40:07 [Ian]
Jeff: I like this idea in this space in general. I am unclear what exactly is the deliverable that you are proposing, a nd generated by whom
14:40:21 [Ian]
..the deliverable is an analysis of the technologies we are working on and how they fit together
14:40:34 [Ian]
...digital bazaar is building a web-based wallet that uses these various technologies
14:40:49 [Ian]
..based on our implementation we think that it's possible, but we think there are gaps
14:40:54 [Ian]
...so this project would be a gap analysis
14:41:11 [Ian]
s/..the/Manu: The
14:41:26 [Ian]
Manu: So we should produce a gap analysis by the end of the year
14:41:40 [Ian]
Jeff: An architecture document that relates these things and identifies gaps .. that could be a methodology
14:41:51 [Ian]
...for a gap analysis, what methodology would you use?
14:42:19 [Ian]
Manu: The goal is to focus on a basic scenario (which we also think is relevant generally)
14:42:31 [Ian]
q+
14:42:45 [Ian]
Manu: The proposal right now is to do a low-level gap analysis - can the web do this thing?
14:43:11 [Ian]
Jeff: + to "more specific". My only worry when I look at slide 5 and see "gap analysis"...to me that has to be framed carefully.
14:43:22 [Ian]
as long as it's framed more tightly, then it makes sense to me
14:43:54 [dezell]
q+
14:43:59 [dezell]
ack Ian
14:44:15 [Ian]
IJ: Is there a barrier to having this conversation in the digital offers community?
14:44:26 [dezell]
q-
14:44:30 [Ian]
...I would not want to have 2 digital offers conversations going on
14:44:39 [Ian]
Manu: It's not about digital offers. It's about a lifecycle.
14:44:53 [Ian]
...they get a digital offer and make a payment
14:45:36 [Ian]
..there's another piece which is "linked data communications"
14:46:51 [Ian]
IJ: Digital offers are out of scope for payments WG
14:47:09 [Ian]
Manu: I think the IG is the right place since it does not cleanly fit into digital offers
14:47:12 [Ian]
q?
14:48:24 [Ian]
topic: CNP Security
14:49:05 [Ian]
Ken: Apologies to not have slide; tough to get approval to do so
14:50:44 [Ian]
[IJ Notes that Ken's docs not in our archive]
14:50:59 [Ian]
Ken: Amex key priority is fighting fraud. The current focus these days is EMV in the physical world
14:51:14 [Ian]
...(big migration happening in the US)
14:51:41 [Ian]
...back in September Amex commissioned a survey...about 1000 consumers and 400 merchants
14:51:58 [Ian]
...some US-centric data here
14:52:03 [Ian]
...most US consumers use a mobile device
14:52:23 [Ian]
...about half of consumers experienced online fraud, and about 60% merchants said they experienced fraud
14:52:39 [Ian]
...based on how we look at payments in general, when we look at online payments we see both good news and challenging news
14:52:48 [Ian]
..while online payments are growing exponentially, fraud is as well
14:53:59 [Ian]
Ken: EMV (in simplest form) is a chip; superior to magnetic strip because cryptograms are used
14:54:07 [Ian]
...most of the world's markets have been moving to EMV
14:54:25 [Ian]
...the US is currently going through the transition
14:54:58 [Ian]
...for petroleum merchants to replace a terminal is complicated; they have received an extension
14:55:22 [Ian]
...in the US, most brands are seeing that they are close to being completely EMV on the issuing side (most cards in the market now have chips)
14:55:37 [Ian]
...only about 30% of merchants are currently enabled for EMV, so still some way to go
14:55:49 [Ian]
...where we have seen EMV migration we have seen a spoke in online fraud
14:55:58 [Ian]
...we are expecting this to hit the online market as well
14:56:26 [Ian]
...most of the payments world is focused on card-not-present (CNP) transactions
14:56:50 [Ian]
...these are more vulnerable because (traditionally) they do not benefit from both software and hardware advances
14:57:20 [manu]
q+ to ask specifically about fraud mitigation - is it just "implement EMV?" or is there more? "EMV for the Web"? This sounds like a new W3C WPWG payment method?
14:57:32 [Ian]
...what people consider "CNP" may vary and there are lots of scenarios, but for the purposes of these calls are those related to online commerce.
14:57:33 [Ian]
ack manu
14:57:33 [Zakim]
manu, you wanted to ask specifically about fraud mitigation - is it just "implement EMV?" or is there more? "EMV for the Web"? This sounds like a new W3C WPWG payment method?
14:57:55 [Ian]
Manu: One idea is "implement EMV one the way"
14:58:13 [Ian]
...from what you are saying, it sounds like the web payments WG could implement something like an EMV payment method
14:58:27 [dezell]
q+ (time permitting) to compare with Mobile v2.0
14:58:34 [Ian]
...is that the type of outcome you'd like to see?
14:58:39 [Ian]
Ken: Good question, you are ahead of me
14:58:41 [dezell]
q+ to comment if there's time.
14:58:46 [Ian]
(We are working on a tokenization spec => https://w3c.github.io/webpayments/proposals/tokenized_cards.html )
14:58:52 [Ian]
Ken: I am not focusing on EMV...
14:59:07 [Ian]
...at least in some of my experience participating so far in calls, I don't see what we would consider an adequate focus on security
14:59:33 [Ian]
...it doesn't have to be EMV, it doesn't have to be 3D Secure, or tokenization...the point is that we think the group would benefit by spending more time on security
14:59:44 [Ian]
...we think that there is an opportunity to educate constituents, including about security
15:00:03 [Ian]
...I see great stuff happening from a coding perspective (easier payments) and from a user experience
15:00:07 [Ian]
...and also a merchant experience
15:00:33 [Ian]
...all of that is good, what we are saying here is that there is an opportunity to do more, in part by educating people about how to do more secure payments
15:00:46 [jeff]
q+
15:01:03 [Ian]
...what I will pick up on the next call ... previous breaches and what they have cost, and why it makes sense to address them
15:01:59 [dezell]
I agree strongly with Ken about the value of the discussion in the IG.
15:02:06 [Ian]
ack dezell
15:02:06 [Zakim]
dezell, you wanted to comment if there's time.
15:02:35 [Ian]
dezell: +1 to Ken. One note is that mobile may obviate need for EMV equipment updates
15:02:40 [Ian]
...it's not just crypto, it's about flow
15:02:44 [Ian]
ack jeff
15:03:06 [manu]
+1 for putting more of a focus on security, especially digital signatures on data sent via Payment Request...
15:03:15 [Ian]
jeff: I am most interested in security issues as they relate to specific recommendations that we are doing
15:03:17 [manu]
(and encrypted fields in Payment Request)
15:03:44 [Ian]
...in some cases there may be opportunities to provide feedback on specs in developments in various working groups (and guidelines for usage)
15:03:53 [Ian]
...is there some specific call-out that we need to make to these working groups?
15:04:36 [Ian]
Ken: I hear that. I want to ensure I am not being myopic (Amex perspective only, or traditional ways we would address an issuse)
15:05:13 [Ian]
Ken: Authentication is an important issue; I want to continue to advocate relationships with other organizations such as X9, PCI, EMVCo, [FIDO]
15:06:24 [manu]
Ian: We can try to map the existing security work at W3C to Amex's perspective... where should we focus? That'll help us get more concrete about this.
15:06:30 [Ian]
q?
15:07:07 [Ian]
https://www.w3.org/Payments/IG/wiki/Vision2017
15:07:19 [jeff]
possible regrets next week, traveling in Europe
15:07:20 [manu]
call next week, please... would like to hear more from Ken wrt. security... have a number of thoughts on it.
15:07:40 [Ian]
Topic: Next meeting
15:07:45 [manu]
Ian: Let's hear more about Ken's proposal next week
15:07:45 [Ian]
24 Feb at 9am ET
15:07:51 [Ian]
regrets for that meeting: Jeff
15:08:25 [Ian]
RRSAgent, make minutes
15:08:25 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/02/17-wpay-minutes.html Ian
15:08:28 [Ian]
RRSAgent, set logs public
15:08:38 [Ian]
present+ Todd
15:08:40 [Ian]
RRSAgent, make minutes
15:08:40 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/02/17-wpay-minutes.html Ian
17:54:18 [jeff]
jeff has joined #wpay