Web Payments IG뉴욕미팅보고

2015.7

개요

• Web Payments IG는웹결제표준화를위한 W3C내의표준화그룹

• 2015년 6월 16일 ~ 18일 3일간미국뉴욕에서 F2F 미팅가짐• F2F(Face-to-Face) Meeting은연간 3회정도

•장소 : 블룸버그뉴욕오피스

참석자

•브라우저벤더사 : 애플, 구글, 모질라

• IT업계 : TecSec, Gemalto, 리플, 오라클

•금융업계 : 블룸버그, Rabobank, Dwolla, PayGate, WorldPay

•규제기관 : US FRB

•머천트 : Target, NACS

•표준화기구 : W3C, GS1

•비영리단체 : 빌게이츠재단

•교육기관 : ETS

일정

• 6월 16일화요일• Introduction

• Capabilities

• UseCases

• Browser Perspective

• Card Security

• Identity/Credentials

• Settlement

• Glossary

• 6월 17일수요일• ISO 12812 사례연구

• 표준화로드맵

• Breakout Session for Hot topics

• 6월 18일목요일• UseCases Next Steps

• RoundTable• 뉴욕현지금융기관초청토론회

웹페이먼츠비전

• https://www.w3.org/Payments/IG/wiki/Payment_Agent_Task_force/Vision

•기본적인웹원칙준수• 기존웹아키텍처기초에추가될수있어야함

• 네트웍, 디바이스독립성유지

• 장애인접근성제공

• 자동화및비인격체(IoT)의개입을고려한기계가독성제공

• 모든참여자의프라이버시보호

• 웹에아직연결되지않은사람을포함한모든사람에게유용하고오픈되어야함.

웹결제표준화에대한주요주제

•보안및개인정보보호

•식별(Identity)와자격증명(Credential)

•기존결제환경결합

•정산

웹결제지원기능들(Capabilities)

• Core and Security• 웹결제에대한보안구조제시• Key Management, Cryptographic

Signatures, Encryption

• Identity and Credentials• 거래상대방에대한식별, 승인또는자격증명을포함

• Identity, Credentials, Rights, Authentication, Authorization, Privacy…

• Accounts and Settlement• 결제정산또는상거래교환에사용되는계정의소유권에대한기록

• 거래모니터링,캡처및관리

• Payments and Clearing• 결제가수행되는방식을찾고협상(negotiation)하는능력

• 거래당사자들이결제가어떻게수행되는지에대한방식을수립

• Funding, Payment, Messaging, Clearing…

• Commerce• 구매제안,청구,영수, 로열티,리워드,계약,대출, 보험등

• 법규제고려

Use Cases

• Use Case가중요한이유• 웹결제표준은 Use Cases에서정의한사용성을달성할수있는범위로한정

•회의기간 3일내내논의

•한국/중국쪽매매보호모델추가협의

Use Cases : Negotiation of Payment Terms

• Discovery of Offer• WebSite : 구매자는판매자의오퍼를웹사이트에서검색

• POS : 구매자는원하는식료품을모두스캔한후 POS기계로부터총액을제시받음

• Mobile :

• Agreement on Terms• 자격증명 : PhamCo는구매자의약품구매자격이있는지확인

• Privacy Protection: 구매자는 CandyCo에배송주소만제공

• Application of Marketing Elements• 쿠폰 : JustPopcorn회사는구매자의구매이력고려특별할인쿠폰제공

Use Cases : Negotiation of Payment Instruments• Discovery of Accepted Schemes

• 구매자는판매자가수용가능한결제방식을조회하고선택

• ApplePay, SamsumgPay, Google Wallet, Alipay 등

• Selection of Payment Instruments• 구매자는결제방식에서제공하는결제수단을선택

• VISA 카드선택

• Authentication to Access Instruments• 결제방식에대한인증진행

Use Cases : Payment Processing

• Initiation of Processing• 결제수단에따라구매자,판매자또는제3자가결제시작

• Verification of Available Funds

• Authorization of Transfer

• Completion of Transfer

Use Cases : Delivery of Product/Receipt and Refunds• Delivery of Product

• Delivery of Receipt

• Refunds

Browser Perspective

• By Google

• 10%이상시간을쇼핑하느라소비

• 50%이상모바일에서쇼핑

• History of Payments & browsers• 2010 (Autofill) 2013 (requestAutocomplete) 2015 (back to Autofill)

•웹결제이용자경험은 Terrible• Tiny keyboard, fraud, multi-page checkout, PCI, TEE, ACH, biometric…

•인센티브가필요함• 소비자, 머천트모두에게

Card Security and Web Model

• By Gemalto

• Secure Elements Banking Telecoms

IDTransport

Web two security models

• Permissions: for local, user controlled resources (GPS, storage, etc…)

• Same Origin Policy: for remote, domain-bound resources / entities

SEs Security model

Physical binding to a user’sdevice (for user control)Contained applications are owned and managed by remoteentitiesRemote entity authenticationdoesn’t rely on web domains

Web Payments WG Charter

http://www.w3.org/2015/06/payments-wg-charter.html

Pull Payment via PSP Diagram

Push Payment with validation by payee

Push Payment with validation by PSP