Shaping the Futureof Web Payments

Dave Raggett

W3C

www.w3.org

Email: dsr@w3.org

2/20

What is the W3C?

● International standards body for Web technology● Created in 1994 by Web Inventor

Tim Berners-Lee● Full time staff of approximately 80 people● Over 400 Member organisations with a

community of thousands● Liaisons to drive interoperability

– Including ISO TC68 (TG1 and WG10)

3/20

Open Web Platform

The Web is the largest vendor independent open platform for networked applications

4/20

Application Foundations

5/20

Web Payments Landscape

● High-profile stories of theft of sensitive user information

● E-Commerce on mobile is difficult (e.g., form usability)

● Mobile wallet proliferation but limited user acceptance

● E-Commerce interfaces different on every site

● Merchants interested in "commerce" not just payments e.g. loyalty, coupons, buying patterns, search, social

● Web app developers looking for ways to monetize work

6/20

Cost of Online Fraud Increasing

● According to Lexis Nexis data, annual fraud costs reached $32 billion in 2014, a 38% increase over 2013

2014 fraud costs

$32B 38%

Source: pymts.com, February 2015

7/20

Fragmentation Hindering Potential of Mobile Payments

Today’s mobile payment market is changing rapidly and is littered with incompatible choices and no clear winners, with diverse players locked in a high stakes battle for consumer relationships.

— McKinsey, Jan. 2014

8/20

Web PaymentsStandards Landscape

● Many industry standards (e.g., from ISO, EMV, PCI, X9, IEEE, NIST)

● Interfaces between Web stack, applications, underlying payment systems not generally standardized

● No uniform access to payment services for Web developers (across Web pages, apps, in-store)

● Inadequate integration. Specifically, no standard APIs for wallet access, raising implementation costs for payment services providers; tokenization not part of the Web

9/20

Now is the Time forWeb Payment Standards

Security & Privacy Streamlining Checkout

10/20

Web Payments at W3C

● W3C Workshop to assess potential, followed by launch of Web Payments Interest Group– Study use cases, requirements, survey existing

work, prepare ground for standardisation

11/20

Web PaymentsInterest Group

● Co-Chaired by Erik Anderson (Bloomberg)and David Ezell (NACS)

● 91 individuals● 42 organizations from

– Banks & Financial

– Payment ServiceProviders

– Mobile Operators

– Merchants

– Software Providers

– Hardware Providers

12/20

W3C Web PaymentsWorking Group (Nov 2015)

● Charter prepared by the Interest Group

● Scope: simplifying checkout– Initiation of payment from Web application

– User selection of matching payment instrument● From those previously installed in the digital wallet

– Invocation of selected payment instrument● Payment scheme specific steps for authenticating

user and device based upon the amount, etc.● Proof of payment passed back to payee

● Minimal constraints on how wallets and payment instruments are implemented in order to encourage innovation

13/20

Web Payment WG Scope

● Working Group will not define new payment schemes

● Future work may address– Payments initiated from point of sale terminal

– Digital Receipts

– Loyalty schemes, discount coupons and vouchers

– Digital credentials

– Digital Tickets, e.g. for sporting events

– Location services

● Such future work will be preceded by Web Payment Interest Group study– Use cases, requirements, existing approaches, ...

14/20

Security and Privacy

● What we are hearing

– Weakness of online card payments

● Compared to chip and pin in physical stores

– Need to reduce fraud and data storage risks

– Desire to increase consumer confidence and privacy

● Transition to standards

– Improved authentication

● Crypto● Multi-factor● Hardware based

– Data protection and improved algorithms

● Tokenization● Zero knowledge proofs

15/20

Related W3C Work

● Web Crypto Working Group– Launched 2012 and now widely deployed

● XML Signature syntax and processing

● Multi-factor authentication Working Group– In collaboration with FIDO Alliance

– Expected to be launched end of 2015

● Hardware based Web Security Working Group– Trusted execution environment

– Expected to be launched early 2016

16/20

Identity and Credentials

● What we are hearing

– Need to address a spectrum of identity needs

– Need to improve usability

● Require less data, especially on mobile

● Transition to standards

– Support for cryptographically provable and non-repudiable claims

– More discussion on what's needed for credentials

● Preparing for a Web Credentials Working Group

Anonymous(cash-like)

Strong identity(KYC / AML)

Returningcustomer

Spectrum of identity needs

17/20

Expected Benefits

● Improved security and reduced fraud● Volume — ubiquitous Web with billions more people

online by 2020 ● Customer satisfaction — branded wallets that include

Web activities such as social, search; harmonized user experience

● Marketing — loyalty programs, coupons, in-context payments, etc.

● Increased sales — reduction of cart abandonment with more payment options

● Lower cost — security, integration of payment services, compliance

18/20

Get Involved toAccelerate Progress

Bring use cases and helpprioritize standardization

Help ensure compatibilitywith other industry standards

Implement and testto ensure interoperability

About W3C: http://www.w3.org/Consortium/

19/20

Discussion?www.w3.org

20/20

More Detailed Benefits

● Streamlined payment flow and reduced transaction abandonment● Increased customer satisfaction through additional payment

options and a harmonised experience across websites● Improved transparency and confidence in digital payments● Improved security and privacy by providing information only to

those who require it to complete the transaction● Easier integration of new payment schemes by payment service

providers● Easier deployment of digital wallets● Lower costs for merchants due to easier adoption of new payment

instruments● Added value through machine readable payment requests and

responses