shaping the future of web payments2015/10/08 · 6/20 cost of online fraud increasing according to...
TRANSCRIPT
2/20
What is the W3C?
● International standards body for Web technology● Created in 1994 by Web Inventor
Tim Berners-Lee● Full time staff of approximately 80 people● Over 400 Member organisations with a
community of thousands● Liaisons to drive interoperability
– Including ISO TC68 (TG1 and WG10)
3/20
Open Web Platform
The Web is the largest vendor independent open platform for networked applications
4/20
Application Foundations
5/20
Web Payments Landscape
● High-profile stories of theft of sensitive user information
● E-Commerce on mobile is difficult (e.g., form usability)
● Mobile wallet proliferation but limited user acceptance
● E-Commerce interfaces different on every site
● Merchants interested in "commerce" not just payments e.g. loyalty, coupons, buying patterns, search, social
● Web app developers looking for ways to monetize work
6/20
Cost of Online Fraud Increasing
● According to Lexis Nexis data, annual fraud costs reached $32 billion in 2014, a 38% increase over 2013
2014 fraud costs
$32B 38%
Source: pymts.com, February 2015
7/20
Fragmentation Hindering Potential of Mobile Payments
Today’s mobile payment market is changing rapidly and is littered with incompatible choices and no clear winners, with diverse players locked in a high stakes battle for consumer relationships.
— McKinsey, Jan. 2014
8/20
Web PaymentsStandards Landscape
● Many industry standards (e.g., from ISO, EMV, PCI, X9, IEEE, NIST)
● Interfaces between Web stack, applications, underlying payment systems not generally standardized
● No uniform access to payment services for Web developers (across Web pages, apps, in-store)
● Inadequate integration. Specifically, no standard APIs for wallet access, raising implementation costs for payment services providers; tokenization not part of the Web
9/20
Now is the Time forWeb Payment Standards
Security & Privacy Streamlining Checkout
10/20
Web Payments at W3C
● W3C Workshop to assess potential, followed by launch of Web Payments Interest Group– Study use cases, requirements, survey existing
work, prepare ground for standardisation
11/20
Web PaymentsInterest Group
● Co-Chaired by Erik Anderson (Bloomberg)and David Ezell (NACS)
● 91 individuals● 42 organizations from
– Banks & Financial
– Payment ServiceProviders
– Mobile Operators
– Merchants
– Software Providers
– Hardware Providers
12/20
W3C Web PaymentsWorking Group (Nov 2015)
● Charter prepared by the Interest Group
● Scope: simplifying checkout– Initiation of payment from Web application
– User selection of matching payment instrument● From those previously installed in the digital wallet
– Invocation of selected payment instrument● Payment scheme specific steps for authenticating
user and device based upon the amount, etc.● Proof of payment passed back to payee
● Minimal constraints on how wallets and payment instruments are implemented in order to encourage innovation
13/20
Web Payment WG Scope
● Working Group will not define new payment schemes
● Future work may address– Payments initiated from point of sale terminal
– Digital Receipts
– Loyalty schemes, discount coupons and vouchers
– Digital credentials
– Digital Tickets, e.g. for sporting events
– Location services
● Such future work will be preceded by Web Payment Interest Group study– Use cases, requirements, existing approaches, ...
14/20
Security and Privacy
● What we are hearing
– Weakness of online card payments
● Compared to chip and pin in physical stores
– Need to reduce fraud and data storage risks
– Desire to increase consumer confidence and privacy
● Transition to standards
– Improved authentication
● Crypto● Multi-factor● Hardware based
– Data protection and improved algorithms
● Tokenization● Zero knowledge proofs
15/20
Related W3C Work
● Web Crypto Working Group– Launched 2012 and now widely deployed
● XML Signature syntax and processing
● Multi-factor authentication Working Group– In collaboration with FIDO Alliance
– Expected to be launched end of 2015
● Hardware based Web Security Working Group– Trusted execution environment
– Expected to be launched early 2016
16/20
Identity and Credentials
● What we are hearing
– Need to address a spectrum of identity needs
– Need to improve usability
● Require less data, especially on mobile
● Transition to standards
– Support for cryptographically provable and non-repudiable claims
– More discussion on what's needed for credentials
● Preparing for a Web Credentials Working Group
Anonymous(cash-like)
Strong identity(KYC / AML)
Returningcustomer
Spectrum of identity needs
17/20
Expected Benefits
● Improved security and reduced fraud● Volume — ubiquitous Web with billions more people
online by 2020 ● Customer satisfaction — branded wallets that include
Web activities such as social, search; harmonized user experience
● Marketing — loyalty programs, coupons, in-context payments, etc.
● Increased sales — reduction of cart abandonment with more payment options
● Lower cost — security, integration of payment services, compliance
18/20
Get Involved toAccelerate Progress
Bring use cases and helpprioritize standardization
Help ensure compatibilitywith other industry standards
Implement and testto ensure interoperability
About W3C: http://www.w3.org/Consortium/
19/20
Discussion?www.w3.org
20/20
More Detailed Benefits
● Streamlined payment flow and reduced transaction abandonment● Increased customer satisfaction through additional payment
options and a harmonised experience across websites● Improved transparency and confidence in digital payments● Improved security and privacy by providing information only to
those who require it to complete the transaction● Easier integration of new payment schemes by payment service
providers● Easier deployment of digital wallets● Lower costs for merchants due to easier adoption of new payment
instruments● Added value through machine readable payment requests and
responses