Skip to content

overview_revision_2018

ianbjacobs edited this page Jul 19, 2018 · 23 revisions

Status: This is a scratchpad for Adrian, Nick, and Ian to take notes on a revision to the Web Payments Overview specification.

Introduction

Although the Web supports trillions of dollars of e-commerce annually, making purchases on the web, particularly from a mobile device, can be a frustrating experience. Every web site has its own flow, and most require users to manually type in the same addresses, contact information, and payment credentials again and again. This can lead to shopping cart abandonment and lost customer loyalty. Users face other types of friction as well, including very different experiences from site to site, and potentially confusing redirects from e-commerce sites to payment sites. For e-commerce site owners, it can be difficult and time-consuming to create and maintain checkout pages that support a growing number of payment methods.

To address these issues the W3C community is specifying new Web capabilities to streamline checkout and enhance security. These include:

  • Enabling e-commerce sites to request stored payment credentials and related information (shipping addresses, billing addresses, and contact information) through an optimized browser-based user experience. This browser-based user experience replaces traditional checkout forms. The new browser experience allows the user to quickly access information (such as shipping addresses) stored by the browser.
  • Extending the streamlined payment experience to include third party payment handlers (digital wallets). When the e-commerce site accepts a payment method and the user has a corresponding payment handler, the browser makes it easy to launch and interact with the payment handler to complete a payment. This standard hook makes it easier to bring new (and potentially more secure) payment methods to the Web.
  • Increasing payment security by leveraging advances in tokenization and strong authentication.

These capabilities are enabled by a set of specifications that define new browser capabilities. The specifications as well as test suites and developer documentation play a role in ensuring that different browsers exhibit the same (or very similar) behavior.

W3C intends for these new capabilities to support a wide range of the world's payment systems. Working Group participants have focused in particular on card payments and push payments (e.g., European payment systems and regulation).

Impact on the Payments Ecosystem

In the W3C Web payments ecosystem, the browser acts as a mediator between the e-commerce site and the user's payment handlers. This means that the new standards affect in particular:

  • Merchants and their payment service providers
  • Payment handler (digital wallet) providers
  • Browser makers

These standards mostly affect the way that these parties interact (with users) to enable merchants (and their payment service providers) collect data in a more streamlined fashion. These standards do not essentially change how payment processing happens once a merchant has collected data.

Having said that, W3C is engaging with other stakeholders in the ecosystem for security enhancements. These include:

  • Strong customer authentication via the Web Authentication API
  • Data protection (e.g., via credit card tokenization)

Thus, depending on the payment method, W3C also engages with:

  • For debit and credit cards: card networks, token service providers, and issuing banks
  • For push payments: bank and organizations that develop open banking APIs

Terminology

To help communicate the vision of the Web Payments Working Group it is useful to define some terms:

  • Payer: The party that is making a payment, typically and end user on the Web.
  • Payee: The party that is receiving a payment, typically a merchant or e-commerce site.
  • Payment Method: A payment method is characterized by the data that the payee provides to the payer and receives from the payer in order to be paid.
  • Payment Handler: A payment handler is the software that the user uses to pay. A payment handler may support one or more payment methods. Payment handlers may be implemented using a variety of technologies, including those of native operating systems or Web technologies, or a hybrid. Browsers may also act as payment handlers, storing payer credentials such as card information.
  • Open payment method: A payment method for which arbitrary parties may distribute a payment handler. W3C is defining a number of open payment method specifications.
  • URL-identified (or Proprietary) payment method: A payment method owned by an entity that controls the payment handler ecosystem for the payment method.
  • Payment Method Manifest: Instructions from the owner of a URL-identified payment method that tell a browser which payment handlers are authorized for the payment method.

Section heading ideas

  • Introduction/Problem statement
  • How it works
  • Stakeholders
  • Terminology
  • Flows
  • Implementation status
  • Next steps / active work
  • Related work (at W3C or elsewhere)
  • Bibliography / Resources
Clone this wiki locally