Secure Payment Confirmation (SPC) published as a Candidate Recommendation

Read testimonials from W3C Members and Liaisons

https://www.w3.org/ — 15 June 2023 — The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Secure Payment Confirmation (SPC) enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.

Designed to meet growing demand for strong customer authentication

For the past 15 years, e-commerce has increased as a percentage of all retail sales. The COVID pandemic appears to have slightly accelerated this trend. Improvements to in-person payment security and other factors have led to ongoing increases in online payment fraud.

To combat online payment fraud growth, Europe and other jurisdictions have begun to mandate multifactor authentication for some types of payments. Though multifactor authentication reduces fraud, it also tends to increase checkout friction, which can lead to cart abandonment (cf. for example, Microsoft merchant experiences with SCA under PSD2).

In 2019 the Web Payments Working Group began work on Secure Payment Confirmation to help fulfill Strong Customer Authentication requirements with low checkout friction. Stripe conducted a pilot with an early implementation of SPC and, in March 2020 reported that, compared to one-time passcodes (OTP), SPC authentication led to an 8% increase in conversions at the same time checkout was 3 times faster.

W3C continues to receive feedback about Secure Payment Confirmation through pilot programs, including a second experiment by Stripe. The Web Payments Working Group anticipates more experimental data will be available by September 2023.

SPC benefits from industry collaboration

In the Web Payment Security Interest Group, W3C, the FIDO Alliance, and EMVCo pursue improvements to online payment security through the development of interoperable technical specifications. Secure Payment Confirmation reflects this collaboration: it is built atop Web Authentication and is supported by both EMV® 3-D  Secure (version 2.3) and EMV® Secure Remote Commerce (version 1.3); see the Web Payment Security Interest Group's publication How EMVCo, FIDO, and W3C Technologies Relate for more details.

Secure Payment Confirmation is not just for card payments. The Web Payments Working Group regularly discusses how SPC might be integrated into other payment ecosystems such as Open Banking, PIX (in Brazil), as well as in proprietary payment flows.

"Making it easy for people to pay for things online while improving security has been the vision of our working group since we started in 2015," said Working Group co-Chair Nick Telford-Reed. "Secure Payment Confirmation means that for the first time, there will be a common way of authenticating shoppers across payment methods, platforms, devices and browsers, and builds on the success of W3C's Payment Request and the work of both the FIDO Alliance and EMVCo."

Secure Payment Confirmation shipping today

Secure Payment Confirmation adds a "user consent layer" above Web Authentication. At transaction time, Secure Payment Confirmation prompts the user to consent to the terms of a payment through a "transaction dialog" that is governed by the browser; the Chrome implementation of the transaction dialog is shown above. The transaction details are signed by the user's FIDO authenticator, and the bank or other party can validate the authentication results cryptographically, and thus that the user has consented to the terms of the payment (a requirement under PSD2 called "dynamic linking"). EMV® 3-D Secure and other protocols can be used to communicate the authentication results to banks or other parties for this validation.

SPC is currently available in Chrome and Edge on MacOS, Windows, and Android. During the Candidate Recommendation period the Web Payments Working Group will seek implementation in other browsers and environments.

About the World Wide Web Consortium

The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.

W3C's vision for "One Web" brings together thousands of dedicated technologists representing more than 400 Member organizations and dozens of industry sectors. W3C is a public-interest non-profit organization incorporated in the United States of America, led by a Board of Directors and employing a global staff across the globe. For more information see https://www.w3.org/.

End Press Release

Media Contact

Amy van der Hiel, W3C Media Relations Coordinator <w3t-pr@w3.org>  
+1.617.453.8943 (US, Eastern Time)

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

The Web Payments Working Group today published a Candidate Recommendation for Secure Payment Confirmation (SPC), a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout.

SPC enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

W3C, the FIDO Alliance, and EMVCo pursue improvements to online payment security through the development of interoperable technical specifications. Secure Payment Confirmation reflects this collaboration: it is built atop Web Authentication and is supported by both EMV® 3-D Secure (version 2.3) and EMV® Secure Remote Commerce (version 1.3). See How EMVCo, FIDO, and W3C Technologies Relate for more details.

Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation. Comments are welcome via the GitHub issues by 1 August 2023.

Please read our press release to learn more about this technology to streamline payment authentication.

Have lunch with representatives from FIDO, EMVCo and W3C and learn how their respective specifications and technologies relate to each other and their impacts on the payment space, e-commerce retailers and consumers.

W3C started working on Web Payments after our Workshop in 2014, and support for Streamlined Checkout is now available in most browsers.  While we have had some merchants interested in this work, they have been telling us they need more than that from the Web.

In response to those conversations and the needs of retailers who are increasing their engagement with customers online during the COVID-19 pandemic, the W3C is forming a new Merchant Business Group (charter) on how emerging Web technologies can address customer experience challenges, and what additional Web capabilities may be necessary to address both merchant and customer needs.  We encourage participation in this discussion forum not only from merchants and their service providers, but also from diverse communities involved in payments, advertising, accessibility, and more.

The Merchant Business Group agenda will depend on the interests of the participants, and is expected to include a wide range of topics such as:

• Customer interaction: engage customers in new ways via accessible immersive Web experiences.
• Payments: online checkout experiences, including the value merchants should gain with W3C's Web payments standards;
• Accessibility: creating a good customer experience for all;
• Advertising: the evolution of Web advertising in light of the disappearance of cookies and cross-site tracking;
• Privacy: emerging regulatory requirements and ensuring good customer experience;
• Security: good practices for reducing online fraud, and enhancements to transaction integrity and assurance;
• Mobile: improve mobile Web commerce experiences.

Our initial Chairs will be John O'Brien from FIS and Melanie O'Brien from Coles in Australia.  Nick Telford-Reed has joined W3C to be the staff contact for this work. With this team we expect to see this group driving activities within W3C and to help the Web reach its Full Potential for Merchants around the globe.

The W3C Merchant Business Group is forming now and will formally launch on 1 October 2020 and we anticipate some informal organizing meetings before the formal launch.  If you're interested in more information or in joining this group, contact J. Alan Bird, W3C Global Business Development Leader.

Many forces are driving rapid changes in the payments industry, including the ubiquity of mobile devices, regulatory requirements (e.g., PSD2 in Europe), and real-time payments initiatives. COVID-19 is also changing the landscape as more companies move their activities onto the Web and face new fraud risks.

W3C groups and other organizations are developing new Web capabilities to rise to these challenges. To enable secure end-to-end payment experiences, all of these capabilities need to work well together, taking into account the full user journey. I am involved in a number of coordination activities to help raise awareness and foster interoperability, including:

• The Web Payment Security Interest Group, a forum to pursue interoperability of technologies from EMVCo, the FIDO Alliance, and W3C. This group also liaises with other groups such as the W3C Privacy Interest Group (e.g., about browser privacy trends) and the OpenID Foundation.
• A joint task force between the Web Payments Working Group and the Web Authentication Working Group. The primary mission of this task force is to inform Web Authentication capability discussions based on payments use cases. We seek to create education materials to help the payment industry adopt FIDO2.

Conversations have been very productive, and people are beginning to bring forth concrete proposals for using independently developed technologies in creative ways. In some cases, the proposals appear to improve security, usability, and privacy all at the same time. Since that is rare, these are exciting discussions.

Here are a few of the conversations that are taking place.

Authentication

A variety of forces are driving discussions about authentication, notably European regulatory requirements in PSD2 for strong customer authentication (SCA). Here are a few of the topics that we have discussed in this area:

• How can FIDO be used to address SCA under PSD2? See the FIDO White Paper on this topic.
• EMV® 3-D Secure 2 is also positioned to fulfill PSD2 SCA requirements. However, it relies on browser fingerprinting and third-party cookies. Browser vendors are changing behaviors in this space (e.g., changes to SameSite behaviors in Chrome, for example), and this is having an impact on 3-D Secure implementations. We've been discussing new strategies (e.g., Storage Access) to meet industry requirements with superior privacy protection.
• We have also been discussing how FIDO authentication might be used as input to 3-D Secure processes. EMVCo and FIDO in particular are discussing their connection (see this 2018 press release).

Several recent discussions have also looked at how to streamline authentication during payment flows by leveraging both Web Authentication and Payment Request API in innovative ways:

• Dirk Balfanz (Google) gave a presentation on an idea where a relying party could create Web Authentication credentials usable by itself and another origin. This could allow, for example, a user to enroll with their issuing bank, and for the bank to mint a credential shareable with the user's payment handler. This would enable the payment handler to control the user experience of authentication, and to pass on the authentication assertion to the issuing bank for validation (e.g., as part of a 3-D Secure flow).
• In March the Web Authentication Working Group reached a decision that could also improve the user experience of authentication within a payment handler. The decision allows for cross-origin iframes to call Web Authentication get(). This could be useful during a 3-D Secure flow, where the issuing bank wants to perform FIDO authentication, but without a full top-level redirection from the payment handler's origin.
• Adrian Hope-Bailie (Coil) has proposed streamlining authentication by leveraging the same user gesture to initiate authentication and launch a payment handler.
• The same Adrian Hope-Bailie has been discussing a "minimal UI" experience in Chrome (mentioned during TPAC 2019 last fall ) where the user simply authenticates to confirm a payment. I am looking forward to upcoming working demos of this streamlined experience.

Privacy / Storage

Above I referred to browser trends to limit third-party cookie behaviors. In addition to SameSite changes in Chrome, see also Apple blog posts, Mozilla Enhanced Tracking Protection, and Google's plans to make third-party cookies obsolete. These changes have an impact on a variety of Web activities, including advertising, session management, and payment industry risk engines. Discussions about the evolution of Web capabilities are taking place in various fora, including W3C's Improving Web Advertising Business Group.

The Web Payments Working Group has been discussing a proposal that payment handlers open in a third-party context by default. However, payment handlers by their nature involve sharing data across origins, so we want them to be able to easily request first-party storage access. Current conversations with browser vendors involve optimizing how to make payment handlers readily available to users, how to ensure users are aware of them and consent to using them, and how to manage "powerful features" (such as first-party storage access) that might be granted to trusted parties in a known payments context. One idea is that an explicit but streamlined registration ceremony would enable payment handlers to perform better than other out-of-the-Web-box solutions for some use cases.

Changing storage behavior will also affect session management. In our discussions about how to carry out Secure Remote Commerce (SRC) transactions through Payment Request API, we have been evaluating ideas to reduce the friction of user recognition across transactions, in a way that aligns with evolving browser behavior and user expectations. One question I have: is the right approach to make it "easier to get in" than "harder to get out?" That is: can we make it very easy for users to be logged back into a payment handler (or otherwise recognized by some relying party) via something like the Credential Management API? I noticed some developer documentation on using that API for one-tap sign-in, and even automatic sign-in under some conditions.

Transaction Confirmation

Another topic from PSD2 is dynamic linking, which I have heard summarized as "what you see is what you sign." As I understand it, the goal is to have a trustworthy record that a user agreed to pay some amount to a particular beneficiary.

The Web Authentication Working Group formulated a "transaction confirmation" extension to Web Authentication Level 1 for this use case. However, the group recently removed the feature from Web Authentication Level 2 due to lack of implementation. The use case is still of interest, and so we are discussing alternative approaches in the joint task force between the Web Payments Working Group and the Web Authentication Working Group, as well as in the WPSIG. We have started discussion of an early proposal from Adrian Hope-Bailie that leverages trust enabled by the combination of Payment Request API and Web Authentication.

One note on the Transaction Confirmation Extension in Web Authentication Level 1: it remains in that specification in case anyone wants to take a crack at implementing it.

Open Banking

In a recent meeting, the Web Payments Working Group heard updates from multiple European open banking initiatives, including Open Banking UK, STET, the Berlin Group, and SWIFT. We continue to look for opportunities to leverage Payment Request API and FIDO Authentication in open banking flows.

Also in the context of open banking several people have drawn our attention to the Financial-grade API (FAPI); we are just starting to learn more.

Help us Drive Adoption

First I want to thank all the engineers from the many organizations working on these technologies and proposals to improve Web security, usability, and privacy (in payments and other areas). Please contact me if are interested in getting involved in the efforts I've mentioned above.

I also want to mention a new opportunity. FIDO2 is particularly exciting now that Web Authentication is widely deployed in mobile and desktop browsers and support for built-in authenticators continues to grow. If you'd like to help support the adoption of FIDO2, please consider joining the WebAuthN Adoption Community Group.

We are also finalizing our plans for a new group devoted to the use cases and requirements of merchants. Although we already benefit from the participation of some merchants, the Merchant Advisory Group, and some stakeholders such as integrators that enable checkout experiences, we recognize that we need more direct input from merchants about their priorities, such as payment method choice, protection against fraud (as I mentioned at the top of the post), and user journeys. I look forward to sharing more details in the very near future about this new Merchant Business Group.

In June I had the pleasure of speaking with Coil CEO Stefan Thomas about the Interledger Protocol (ILP), and Coil's vision of using it to support "Web Monetization," essentially bringing micropayments to the Web as an alternative to advertising and subscriptions.

Ian Jacobs (W3C): Do you think of yourself as a "payments guy"?

Stefan Thomas (Coil): Interesting that you should say that. I think of myself first as an open source guy. Payments have been my focus for the past nine years, but from the perspective of applying open source and open standards to payments.

Ian: What problem did you perceive needed to be solved that led you to apply open source to payments?

Stefan: I used to work at a Web agency in London. I remember one of the big problems we had was how to pay freelancers all over the world. It seemed very silly to me that something that is essentially just moving bits and bytes should be so difficult. Why is it so hard to decrement my balance in London and increment someone else's balance in Pakistan? That shouldn't be so hard. When I found out about Bitcoin, that was the first time it felt like somebody was trying to solve this problem in an open source way. So I jumped on that bandwagon, but quickly learned how little we knew about payments, and how much more there is to it. So I spent the next eight years learning and getting up to speed.

Ian: I am also new to payments. When I started I also thought it would mostly be about counters. People in the payments industry laughed at me and said, "It's not simple. It's about distributing liability, and fraud mitigation" and things like that. I was quickly humbled. Once you moved past bits and bytes, what stood out as making payments hard or complex?

Stefan: I would push back on that: I think payments themselves are simple. There are nuances, but I would not call these complexities. At the end of the day, the core is just moving balances up and down. But there are a lot of ways to build payments systems that seem reasonable, but are the wrong way to do it. For example, when we first got into it we thought the faster you can move the money, the better. As it turns out, there are some pretty good reasons why you may want money to move more slowly. If you have a million dollars moving one way and a million dollars moving the other way, you can do that almost for free because those transactions cancel out. Money is fungible and you can net the flows. But you can only do that if there is a settlement period. And so real-time payments turn out to be more expensive than non-real-time payments, and oftentimes that's not worth it.

Ian: That sounds like an engineering or business optimization more than something to address a social need like reducing fraud or managing chargebacks. How do you build support for those features into a payments system?

Stefan: I think that payments were treated for a long time was as this one thing with many aspects to it. With the Interledger Protocol (ILP) we've tried to be much more deliberate with where one layer starts and one layer ends, and the responsibilities of each layer. Our approach is very much inspired by the TCP/IP stack and the Web platform and other successful standards that have had to tackle very multi-faceted problem areas.

Ian: Could you describe how that layered vision for payments has evolved over the years?

Stefan: My initial hypothesis was based on thinking that the reason payments are expensive and they suck is that there are middlemen, and the middlemen take a large cut or are doing a poor job. That was definitely challenged once I spent more time working with people from Mastercard, Visa, and so on. They are really good at their jobs, and it's not like I can point at those systems and say, "You're using an outdated this or that." These are well-architected, and battle-tested systems. And on the flip side, with Bitcoin, we eliminated middlemen, but as soon as the network started to get popular, the transaction fees went up anyway. We thought the transaction fees are only there because the middlemen are so greedy. But with Bitcoin there are no middlemen, so why would the transaction fees go up?

Ian: Why did they go up?

Stefan: To understand why something is expensive you have to ask, "compared to what?" We wondered why it was expensive to send money around compared to sending data around the Internet, which is cheap. I don’t think it is because there are middlemen; I think it’s because payment systems aren’t forced to compete in the same way data networks are.

Stefan: If you want to make Bitcoin more efficient, you have to change it. To change it you have to get everyone already using it to change the software they are running. This makes every change to the system a huge political process and a huge lift. Now compare that to the Internet. If I want to run a faster version of WiFi all I need to do is buy a router that supports it, and a device that works with it, and I can still be connected to the Internet. Inter-networking means each network can run differently and they can still connect to one another. Each network can use different technology in order to meet different use cases. Ethernet is an efficient, ubiquitous network standard, but if I want to get Internet access on an airplane, an Ethernet cable dangling from the plane just wouldn’t work. Better to use a satellite network. Or, if I want to get Internet to a hundred devices in a stadium, I might use WiFi. To have Internet in a rural area, I might put up cell towers. All the complexities of moving the data around are confined to the lower layer, and yet everything still interoperates through the Internet layer. That's what really drives down the cost. If I am an inefficient Internet Service Provider, people will go elsewhere since there are lots of people offering the same service: access to this shared network. Bitcoin is still just a network, not an internetwork. That's how we realized we needed to create something like Interledger.

Ian: Interledger connects disparate payment networks. Based on your comment a moment ago, it sounds like you need competition among the networks (Bitcoin, Ripple, Ethereum, etc.) to drive down costs.

Stefan: At the end of the day, for something to be efficient it needs to be able to take advantage of advances in technology, advances in thinking, trying different approaches and using the one that works best, and being able to optimize for different use cases depending on the context. The Internet is an abstraction layer for how data moves. This allows me to code an application against TCP/IP or the application layer protocols and not have to care about what kind of network my users have. I can even support networks that haven't been invented yet without changing my application. My application is forward compatible to some WiFi standard in 20 years that I can't even conceive of. That's the power of the Internet abstraction layer. But if I want to make an app that uses payments, I have to code against a specific payment network, like PayPal's API or Bitcoin's API. If that network ever changes, my application will break. Any my app won't work if someone uses some other network my app doesn't know how to deal with. On top of all that, even if the API is the same --for example if one of my users uses the Bitcoin network and the other uses the Bitcoin Cash network-- those users can't pay each other. The Internet solves all those problems. We wanted to apply the same concepts to payments.

Ian: You make a good case for abstractions and open standards. But there are two hard problems: getting the right abstractions and convincing people to use them. How do you attack those problems?

Stefan: I would add a third problem: you don't want your abstraction layer to become outdated, otherwise you are back to the same problem as before where you need everybody to upgrade. I think to solve these problems you need to keep your abstraction layer simple. It should have as few opinionated decisions as possible and should leave as much as possible to either the application or transport layers above, or the physical layer below.

Ian: I've heard this called the "principle of least power."

Stefan: In the case of Interledger, a fundamental concept is "I'm giving you something." Interledger does not have an opinion of whether that something is coming from a balance, or is the result of a flat rate subscription (which is how Coil works). Evan Schwartz has a great blog post on all the things we took out of Interledger in the name of the simplicity principle. We ended up with just three essential parts of an Interledger packet:

• Address - where to send the money
• Amount - an integer; how many units you are sending
• Data associated with the transaction

Stefan: That would have been all we needed, but we had to solve one more problem: people tend to want to keep units of value for themselves. If I send packets of money on the open network, there's a chance that someone that money passes through will just keep it. It can be pretty subtle, like an Interledger service provider whose system is down and is thus making a lot of money because packets are coming in but not going out. That provider might be a little slower to fix the problem. So we had to deal with the incentives problem, which payment systems in general struggle with. This is the reason corresponding banking is so strict and so hard to get into: everyone in the system has to be trusted to diligently pass on the money. So to make Interledger an open system, we had to solve the incentive problem. We did that by putting all the packets on hold when you are sending them, and having a return path where the actual obligation is created. This does make each packet stateful, which has a performance penalty. Fortunately we don't need to send quite as many packets as the Internet. But solving this problem required us to add two more fields to the packet: a "condition" to securely identify the return packet and an "expiry date." It's hard to imagine what you would take away to further simplify. One decision that is somewhat opinionated is the choice of hash algorithm. After more than a year of discussion, we picked something (SHA-256) that we thought was available on many platforms, well-vetted and as future-proof as it can be and ran with it.

Ian: How do you make the business case to use Interledger?

Stefan: That question will lead us to Web Monetization. We were thinking about ILP as this great protocol we had in the lab, and we were wondering how to bring it out into the real world. To answer that question it helped to look at the early days of the Internet, and what people used it for. Most of the use cases were compelling because they were difficult or impossible to do using existing technologies, things like file sharing, newsgroups, and email. One common characteristic of these use cases was that you needed to communicate with lots of different people fairly often but with relatively small amounts of information. Applying that to money: where do you need to send small amounts of money to different people, with high frequency, ideally crossing borders? And what use cases demand an open standard? There are contexts like remittances where people don't really care that much if it's open or not. They might care about fees and speed but not really openness. For us one use case really stood out that required an open standard: today if I browse the Web there's no way to pay for a search result or an article or one second of a video. If you wanted to do that, you would need a way to send a tiny amount of money to different people, with high frequency, often across borders. So this seemed like the perfect use case. And the opportunity comes at the right time:

• People are having lots of conversations around privacy, which ties into monetization because of targeted ads.
• We are seeing increased use of ad blockers. There's not a day without some story about a site blocking ad blockers, or someone like Google no longer allowing ad blockers. It's an ongoing arms race. The reason is that the incentives of the user and the incentives of the Web site aren't really aligned that well.
• Netflix used to be the one video streaming service that everyone had and it had everything on it. Now everybody wants to run their own video streaming platform. The subscription model worked really well up to this point, but it has a big flaw. It doesn't scale well to having lots of independent providers.

Stefan: Between subscriptions and the economies of scale in the ad world, we've seen massive consolidation of the Web into fairly few platforms. A large percentage of traffic on the Web has been captured by a small number of sites: ads and subscriptions work better if you are a huge network. But a lot of people don't like that, so it felt like having a third monetization option that scales linearly instead of exponentially would be really valuable.

Ian: How do you get people to start using it?

Stefan: One of the nice things about Web Monetization is that it is pretty simple to adopt. All the Web site has to do is include a <meta> tag. All the user has to do is pick a provider (like Coil) and sign up with a credit card. It doesn't take that much for people who want to experiment with it.

Ian: What approaches are you taking to get both sides to adopt this?

Stefan: The first and most fundamental players that needed to adopt this are the wallet providers. We chose content providers with US bank accounts as our first target audience. So a few months ago we announced a partnership with Stronghold, which has capabilities to make payouts to US bank accounts. That was the first big hurdle that we got over. Now we are working to reach content creators and content platforms. We’re looking for sites that are passionate about the Web, and who are not too tied up with existing business models so they can try something different. We have found that there is a surprising appetite for this, even from companies where there is a risk of cannibalizing other revenue streams. They view it positively, and I think that is due to the urgency of the situation with those other streams. Ad block rates are high and rising. We've talked to Web sites that have ad block rates of 60%. The other day we were talking to a gaming site that has ad block rates of 80%. If you are losing out on 4/5ths of your customer base not generating any revenue whatsoever, that's a strong argument for you to try this. If you can convert even half of those users, you are doubling your revenue base. Tech-savvy users are the ones who tend to use ad blockers, so Web sites catering to those audiences tend to be hit hardest by ad blockers. I think that they will be the early adopters. These are also the folks who tend to care about the Web, and, being tech-savvy, they are more likely to be able to adopt the technology, so that aligns well.

Ian: Web Monetization supports streaming payments in small packets...

Stefan: One note on that: we made that architectural choice of payment switching using small packets not because we were interested in micropayments, but because we wanted to handle a wide range of payment sizes. Today, the companies that handle large payments are different than the ones that handle small payments, which means there are different paths for different size payments, making the routing protocol ridiculously complex. We looked to the Internet protocols for a solution: quantizing the problem by breaking large files into small packets. Also drawing from the Internet architecture, the packets don't know about each other. We've developed a higher level transport protocol called "STREAM" which introduces the concept of "data streams" and "money streams"; this is Interledger’s TCP equivalent. It handles things like resending money packets when they get lost, managing exchange rate fluctuations, and so on. On top of that you can build different application-layer protocols. This architecture comes back to my earlier point: the protocol for transferring value is simple; the complexity comes from the diversity of use cases. You can use different application protocols to meet different use cases so you don't need to complicate the underlying standards.

Ian: The streaming approach seems to lend itself to time-based content like video. But what about content like articles in a newspaper?

Stefan: Note that the rhythm of the payment is not dictated by Web Monetization. A web site tells the browser where people can pay to, but not how much to pay or how often. It's up to the browser and providers like Coil to figure out how to pay, and to give the user the best user experience. Suppose a newspaper site has articles that will unlock once you’ve paid $1. If a Coil user visits that site, we will try to make a determination: is it worth spending $1 of that user's money in order for them not to see a paywall here? Obviously, if your budget is $5 you're not going to get hundreds of dollars worth of content. Where providers like Coil will compete is on how intelligently we can spend the money and give the user the best possible experience for their money.

Ian: Thank you for clarifying. So do you think people will use this to pay for articles or other content that is not time-based?

Stefan: There are two ways to look at articles. You know how on some sites the site gives you an estimate of how long it will take to read the article? So the article loads right away, but you assume the user will spend a certain amount of time on that page, and thus the content provider could make a certain amount of revenue. In theory, you could even have the article load paragraph by paragraph as the user is streaming funds. Or, the site could unlock the article once a certain amount has been paid, which would incentivize providers like us to pay out that amount right away so the user doesn’t have to wait.

Ian: Are there opportunities for advertisers to leverage Web Monetization?

Stefan: I think there are huge opportunities. There is a spectrum from cheap-to-produce content all the way to the most premium content (think "Avengers: Endgame"). A good place to start may be content that you don’t charge anything for but perhaps you allow people to tip you. The next level up would be content that’s currently monetized with ads, such as smaller publications and blogs. After that, there is a bit of a glass ceiling because the next step up is the subscription model. But to get to the subscription model a site needs to be a lot bigger and have a lot more premium content than your average ad-financed site. That's the gap that we think Web Monetization can fill. I think it provides an option that would be incredibly attractive for all the smaller Web sites that are trying to get into slightly more premium content.

Ian: I like that idea. Suppose I'm watching Amazon Prime and I see a movie available from Starz but I don't have a subscription. I would love to be able to push the "Watch this now" button and pay on the spot because I'm not ready to subscribe to the full service. Surely there is some way for these companies to negotiate a sweet spot.

Stefan: Walled gardens —going all the way back to AOL and Compuserve— are annoying for content providers. They have to maintain all these relationships, and different versions of their content, and they have to negotiate pricing every time. The idea of the Internet was to create an open pool where creators could provide content and services, and service providers had access to that open pool. Initially the pool was not as attractive as AOL, but eventually it became big enough to become more interesting than what any commercial provider could offer, and suddenly it became the most interesting pool. The result is that the providers that don't have the expense of having their own content and growing their own content pool suddenly do much better. That's because people start to care about "Internet access" and not the value added on top of that.

Stefan: This hasn’t happened for premium content because the open Web hasn’t had a monetization model. But the same rules apply, which is why we expect Web Monetization to catch on quickly once it reaches a certain critical mass. As soon as you can get content through Web Monetization that is similar in quality and quantity as what you can get from a subscription service like Disney+ or YouTube Premium, suddenly it becomes a very attractive alternative. A lot more of the money would go to the actual creators so more and more creators would want to offer their content on the open system. At that point, it snaps over so that if you are a provider that tries to get exclusive content and put it behind a wall, you're just spending a lot of money for not a lot of value-add compared to all the stuff that's in the open system. I think by being out there early with an open standard, we have a chance to build that out before any proprietary provider has a chance to own it.

Ian: Where can an early adopter play with Web Monetization?

Stefan: For people creating content, the simplest thing would be to get an Interledger-enabled wallet and put the Web Monetization <meta> tag on your site. If you don't have a site, then you can also post content on a Web Monetization-enabled platform: There is coil.com for articles and Cinnamon for videos. We’re also working closely with Imgur on creating a way to get paid for sharing images. Hopefully, there will be many other platforms available soon!

Stefan: For people who want to consume this content, the easiest thing is to sign up for Coil (currently available for Chrome and Firefox). If you don’t mind getting a bit technical, there is also an open source browser extension that implements Web Monetization without going through Coil.

Ian: W3C holds its big annual meeting in September: TPAC 2019. I expect between 500-600 attendees. I also expect to hear a lot about Web Monetization then. What are your goals for that meeting?

Stefan: Our goals are to introduce this technology to the broader Web community and stakeholders such as browsers, Web site developers, users, merchants —everybody who has an interest in the Web. We think this will impact a lot of different things. For example, initially we thought that Web Monetization might not be relevant for online shops because they are not selling "content." But we've found that Web Monetization might let smaller merchants compete with Amazon’s “Prime” subscription: Users who show up with Web Monetization might pay a little money to browse the store front and in exchange get free shipping. We look forward to discussing these and other interesting possibilities at the event!

Ian: Thank you for your time, Stefan, and see you at TPAC!

From time to time W3C conducts interviews of its Members; please contact me if you are interested.

I will be attending the Financial Innovation and Payments Summit (#FIPS) for the third year in a row!  Last year, I moderated a panel, this year I'm doing that again as well as participating on another panel.

I'm excited to be the moderator for the Evolution of Digital Payments panel and to be joined by Solomon Choi (@Solohandles) of 16 handles (@16Handles),  Frank Liddy (@FrankLiddy) of PayPal (@PayPal), Abhi Kulkarni (@TalentbeatInc) of Aurus, Inc.,  Brian DuCharme (@BrianMobileGuy) of STAR Network, and Rachel Siegel of Pew Charitable Trusts!  This panel brings the experiences from a diverse set of organizations in the Digital Payments space.  We plan to cover both the recent (past 3 - 5 years) changes in Digital Payments as well as looking at what might be next focusing on foreseeable future and playing a little bit of crystal ball beyond that.   Hopefully we'll have some thought provoking discussions and engage the audience as well!  We're on at 4:00P on Wednesday 10 July, so if you're in Newport we'd love to see you!

On Thursday, at 2:15P, I'm honored to be on the Digital Payments Creating Smarter Cities Panel being moderated by Bryan Jurewicz (@bryanjurewicz) of Arrow Payments (@ArrowPayments).  We had our organizing call today and Bryan has put a great set of discussion points together that I think the audience will love and I suspect will cause a level of questioning to occur.

As always, I'm available for anyone attending that wants to learn about the exciting things going on in W3C around Payments, Automotive, Entertainment and Media, Privacy, Security and much, much more.  You can find me on @JAlanBirdW3C, or on the @Opal_Group #FIPS app.

J. Alan Bird will be a panelist on "Standards - the relevance of standards in creating real value in the payments eco system".    The interoperability of payment solutions is something that Vendorcom has been a strong advocate of since our inception and so, we welcome the work done by nexo standards, who, 'promote the widespread acceptance of protocols...' through 'a series of standards to ensure interoperability among card acceptance and acquiring solutions, retail payment solutions, and terminal management systems.'

(This post is part of a series recapping the October 2018 W3C Strategic Highlights. This post does not include significant updates since the October 2018 report. For more recent news, please see the Web Payments Working Group home page.)

The mission of the Web Payments Working Group is to make payments easier and more secure on the Web.  W3C's payments standards aim to streamline the Web checkout experience and increase payment security.

Reports of early experiments from Shopify and J.Crew suggest that the new standards can significantly speed up checkout. Users can store and reuse information to complete online transactions —on mobile, desktop, and other devices— more quickly and accurately.

Deployment Status of Payments Standards

Chrome, Edge, Safari, and Samsung Internet Browser now ship with support for the Payment Request API to enable streamlined checkout. Stripe, Braintree, WePay, Payone, Paysafe, Bluesnap and other merchant services providers have begun to support the API in libraries for their customers.

The Web Payments Working Group has also published Payment Handler API and Payment Method Manifest to foster payment innovation on the Web. These specifications make it possible for users to make payments via third party Web-based "payment handlers," an avenue for payment method and security innovation. Chrome (as of release 68) supports the Payment Handler API.

Liaisons; new W3C Members

• W3C team has been in conversations with several European organizations working on "open banking APIs" in light of European payments regulation (Payment Services Directive 2(PSD2)).
• W3C team continues to engage with related organizations including EMVCo, PCI Security Standards Council, ISO 20022 RA, US Payments Forum, Global Platform, NACHA, and others.
• Since May 2018, a number of organizations have joined W3C for payments work, including Bank of America, Barclays Bank, Beem It, Coil, NACHA, Reach, and Wells Fargo.

At the TPAC

At the October  2018 TPAC the Web Payments WG announced that they are closer to advancing Payment Request API to Proposed Recommendation; they clarified  the meaning of "canMakePayment";  have dropped supportedTypes from Basic Card;  discussed Merchant Adoption and User Experience; as well as hosted a joint meeting on Internationalization.

Please see more information on the Web Payments WG site if you're interested in joining in this exciting area.

W3C's work enables the Web to scale to meet the new challenges and opportunities while selected technologies and features continue to give way to incredible core innovation once again.

Next week W3C will host its annual Technical Plenary and Advisory Committee meeting in Lyon, France at which our CEO, Jeff Jaffe, will present our Strategic Highlights from May to October 2018.

In the last Strategic Highlights we released in May 2018, we mentioned progress in many areas that demonstrate both the vitality of the W3C and the Web community. Of particular note were:

Web Content Accessibility Guidelines

In May we noted that 2018 would see the first normative update in a decade of the Web Content Accessibility Guidelines. In June WCAG 2.1 became a W3C Recommendation. WCAG 2 has had an incredible influence; having been adopted as a regulatory requirement in various countries, and also used widely for business and non-governmental sites. Web Content Accessibility Guidelines (WCAG) 2.1 expands upon guidance developed by W3C's Web Accessibility Initiative (WAI) over the years, and is used widely around the world to make web content more accessible to people with disabilities.

Moreover, in September the European Union fully adopted WCAG 2.1 in its revision of EN 301 549, the Directive for "Accessibility requirements suitable for public procurement of ICT products and services in Europe".

Web Authentication

In April 2018, Web Authentication progressed to Candidate Recommendation. Web Authentication (WebAuthn) is a standard web API that can be incorporated into browsers and related web platform infrastructure, enables strong, unique, public key-based credentials for each site, eliminating the risk that a password stolen from one site can be used on another. WebAuthn has been developed in coordination with FIDO Alliance and is a core component of the FIDO2 Project along with FIDO’s Client to Authenticator Protocol (CTAP) specification.

Telecommunications opportunities for the Web

WebRTC is now a cornerstone of the telecommunications industry. The May 2018 W3C Web5G workshop brought together telecommunications operators, network equipment providers, content delivery networks, browser vendors, and application developers to evaluate and prepare for the impact of 5G and other network-layer technologies on Web standards. During the two days, participants reviewed opportunities that new emerging innovations and capabilities at the application layers can bring to the 5G network. The workshop concluded with the proposed creation of a task force of participants to explore how the 5G and Web communities might work in a productive and cohesive manner.

Testing the Web

The Web Platform Tests suite – a project W3C and its members have given a lot of attention and resources – continues to be very active. The web-platform-tests dashboard, first delivered in 2017 following the integration of automatic generation of test results, will provide a daily snapshot of the evolution of Web interoperability, with continuous improvement. The WebDriver specification, which  became a W3C Recommendation in June, complements this project by adding additional automatic tests of Web browsers to improve interoperability.

Strengthening the Core of the Web; Meeting Industry Needs

The highlights document gave updates on the standards which are core of the Web including: CSS, SVG, HTML, Testing and Performance (including WebAssembly) as well as the Web of Data. At the same time, W3C meets Industry needs with vital work such as: Digital Publishing, Web Payments, Media and Entertainment, Web & Telecommunications (including:  Virtual / Mixed / Augmented Reality → XR, Web5G and WebRTC) as well as Automotive and the Web of Things. W3C’s mission to make a Web for all includes essential work such as Security, Privacy, Internationalization (i18n) and Web Accessibility.

Future Web Standards

The Strategy Funnel documents the staff's exploration of potential new work at various phases: Exploration and Investigation, Incubation and Evaluation, and eventually the chartering of a new standards group.

All of this work and more has proceeded since May. Next week Jeff Jaffe will give an overview of all that exciting work. We will then release publicly our October W3C Strategic Highlights. Stay tuned for more!

Next week I will be attending the Opal Group's Financial Innovation and Payments Summit for the 2nd year.  Last year was phenomenally productive for W3C and I expect this year to be even more so!  This event attracts a few hundred of the key organizations aligned with the various parts of the Payments and Ecommerce industries, which is perfect for W3C.

While we have significant participation in our work in these areas, we ALWAYS need more views and voices in our Membership. This event gives us the opportunity to both speak with some of our current Members and to have discussions with those considering joining or that are unaware of our work. You can learn more about our Web Commerce or Payments activities.

I have been given the honor of being the Panel Moderator for the Sreamlining Ecommerce session on Thursday afternoon at 4:30P. While we are still finalizing the panel, I'm pleased that we'll have Rachel Yager from Fortune Times Group and Frank Liddy from PayPal! You can expect a lively discussion covering various topics that are affecting the various participants in the Ecommerce industry.

If you haven't already, register with a 15% discount by using code W3FIPAS2018. If you're going to be there and want to meet, just drop me a note to abird@w3.org.

J. Alan Bird, W3C Global Business Development Leader, will be moderating a panel on Streamlining Ecommerce on Thursday, 19 July at 1630P during the Opal Group's Financial Innovations and Payments Summit 2018. We'll discuss what innovations are having an impact, what role standards can play in this and what implications are there for cross-border transactions.

At the Payments Canada Summit, 9-11 May 2018 in Toronto, the historically conservative Canadian Financial Industry heard some consistent themes from many of the conference speakers: technology change is happening now and will continue to accelerate, so adapt quickly or be left behind. And data is the new currency.

The World Wide Web Consortium’s (W3C) Web Payments lead Ian Jacobs was invited to moderate one of the first panels titled, “Streamlined Checkout on the Web,” together with Shopify’s Andre Lyver, Director of Engineering, and Google’s Anthony Vallee-Dubois, Software Developer, who are active contributors to the technical work.

Andre Lyver, Anthony Valle Dubois and Ian Jacobs speaking at Payments Canada Summit 2018

The trio presented an overview of the W3C’s royalty-free standards work to make online checkout faster and more secure on the Web, and showed demos of implementations by Shopify and in the Google Chrome browser that are working today. At the W3C table in the exhibit hall, Jacobs and Lyver demonstrated how using the simplified “buy button”, and reusing browser-stored data, enables the completion of shopping transactions more quickly and securely.

Lyver presented some very early findings based on Shopify’s experimentation with the W3C’s Payment Request API, including findings of reduced checkout times through the browser interface, and popularity amongst shoppers around surfaced discount codes. Coupons, discount codes, and loyalty programs are under discussion in the W3C’s Web Payments Working Group and Commerce Interest Group.

Following the W3C panel session on Web Payments, the opening day keynote presentations previewed technology changes happening today, or arriving in the very near future. Stacey Madge, Country Manager and President at Visa Canada, envisioned a “wave a connectivity of everything” where Visa will embed credentials into all types of connected devices. Madge referenced a partnership between Visa and Honda to develop APIs for pay-at-the-pump and parking location and payment scenarios. W3C’s Automotive Web Payments Task Force is currently looking at how the Web m to these same use cases.

MasterCard’s Jessica Turner, EVP Digital Payments and Labs, emphasized EMVCo’s secure approach to payments using tokenization technology and echoed the coming ubiquity of IoT payments across devices.

Asheesh Birla, SVP of Product at Ripple, explained how Blockchain technology is solving problems such as close cross-border payments and smart contracts that will help to reduce costs and help to build “the Internet of Value.” Ripple is building community around the related Interledger protocol in the W3C Interledger Payments Community Group.

Ulku Rowe, Technical Director Financial Services at Google, stressed the need for financial institutions to create a culture of innovation to keep pace with today’s environments of cloud computing, machine learning modules, and data analytics. Rowe said the old model of ‘big versus small’ is no longer relevant; it’s whether you are ‘fast or slow’ and can accelerate the transformation of financial services companies to become technology companies.

From a more personal perspective, Frank W. Abagnale, Jr., cybersecurity, fraud and identify theft prevention consultant and author (Catch me if you can), addressed attendees via videoconference on the final day of the summit. Abagnale offered pragmatic tips for companies and individuals to be more responsible for instilling rigorous security practices.

To protect personal identities, Abagnale advised: avoid paying with checks whenever possible because of the personal and bank account information printed on them; use confetti rather than strip shredders for any paper documents, even direct mail flyers, that have any personal information; use credit monitoring services and follow-up immediately on any anomalies; use credit cards rather than debit cards for purchases because the liability protections are better.

In closing comments, main stage host Bruce Croxon, recognized in Canada for his success as an entrepreneur, venture capitalist for startups, and media personality on CBC-TV’s “Dragons’ Den” and now BNN’s “The Disruptors,” encouraged fintech entrepreneurs to create solutions to real problems that have the potential for large market impact.

Payments Canada CEO Jan Pilbauer’s closing keynote painted a future of many innovations for the financial services and payments industry, including embedded payment systems as part of connected devices in home, work and outdoor environments.

Jan Pilbauer, Payments Canada CEO at closing keynote, Payments Canada Summit 2018

Payments Canada, a W3C member organization headquartered in Ottawa, Ontario, ensures that financial transactions in Canada are carried out safely and securely each day. The organization underpins the Canadian’s financial system and economy by owning and operating Canada’s payment clearing and settlement infrastructure, including associated systems, bylaws, rules and standards. The value of payments cleared by Payments Canada’s systems in 2017 was approximately $50 trillion or $200 billion every business day. These encompass a wide range of payments made by Canadians and businesses involving inter-bank transactions, including those made with debit cards, pre-authorized debits, direct deposits, bill payments, wire payments and cheques.

Payments Canada is currently undergoing a multi-year modernization initiative  based on a comprehensive roadmap for policy, process and technological improvements for all ecosystem participants.

The W3C Web Payments Working Group produced the Web Payment API which has been adopted by the major Web Browsers and we're continuing to see adoption by others in the Payments Ecosystem. With the rechartering of the Web Commerce Interest Group we're seeing a lot of exciting new work starting in areas that are of interest to merchants, retailers, banks and others in the Commerce segment of the Payments Industry.

While our participation has been fairly broad in coverage, we would like to see more participation from the Commerce and Payments Industry in the Asian countries. To bring our message to this community W3C has chosen to participate in Seamless Payments Asia on 3 and 4 May 2018 in Singapore.

Our participation at this event is in three dimensions. I am chairing a Keynote Panel in the afternoon of the first day , will have a booth in the Exhibition area and be doing a presentation in the Exhibition Theater.

I'm really excited about our Panel! The topic is "Frictionless Commerce: How to Make Cross-Boarder Payments, e-Commerce and Retail Easier". On that panel we have two W3C Members, Airbnb and Rakuten, and two non-Members in National Australia Bank and Rocket International. I think it will be an exciting conversation.

In the booth we are finalizing our agenda but our goal is to have over 10 demonstrations from W3C Members about how the work in various parts of W3C is impacting their products and business.

Last, but not least, I will be doing a presentation in the Exhibition Theater on the 2nd morning at 1000A on "Improving Payments on the Web - an update from W3C".

If you or others from your company are going to be at the event, let's get together! Contact either myself or Naomi Yoshizawa to set up a time.

“In just 20 years the Web has grown to encompass the world. Now very little of what we see or do is outside its bounds. The Web travels with us everywhere; it’s at the end of our hands. The Web has organized human thought and it has revealed our best and worst. So we need to ask: why is the Web? What precisely are we doing? The Web has fulfilled its vision but the project of the Web is incomplete; some is technical, some is human. The Web is now off the screen in worlds both synthetic and real. The future of Web emerges from the choices we make today for ourselves and our children. The space we create for the open Web is the breathing room we get in the future.”- Mark Pesce

Technical promise, the intersection of humans and computers, and the past and future of the Web were explored during four exciting panels of executives, futurists, and inventors at the W3C Web Executive Forum on 8 November 2017 in Burlingame, CA.

In Session 1: "The Future of Payments on the Web" Nick Telford-Reed, Director of Technology Innovation, Worldpay moderated a panel with global Executives: Karen Czack, Vice President, Industry Engagement & Regulation of American Express; Sang Ahn, VP & GM, Samsung Pay and Souheil Badran, President, Alipay North America.

Telford-Reed, Czack, Ahn and Badran discussed the intersections of humanity, commerce, technology and trust. They outlined how, with the advent of the Web and Web Payment technology, the world is moving from the limits of physical currencies and boundaries toward global payments systems. The panelists noted that while there is a great deal of exciting work happening in the area of Web Payments there is still a challenge to get where we need to be. They noted that good user experience and a high degree of security were vital for Web Payments. The panelists also noted that standards are very important to make sure that this work is done well. However, they said, as this work is needed right away companies who have a stake in the work should be at the table and participate.

In Session 2: "Connected Cars, Cities and the Web" Steve Crumb, Executive Director, GENIVI Alliance, moderated speakers: Tina Quigley, Regional Transportation Commission of Southern Nevada; Steve Surhigh, Harman Connected Services; Dr. Scott Steedman, Director of Standards, BSI Group; and Patricia (Patti) Robb, Head of the Silicon Valley Innovation Center, Intel.

Surhigh, Robb, Quigley, Crumb and Steedman discussed the “triangle” of connected cars, smart cities, and citizens.  They outlined the  potential intersections of our cities, our cars, and all the data we generate as we move about the world. They emphasized how connected technologies can not just make our lives more convenient but safer.

The panelists noted that as the world becomes more and more urbanized, connected technologies will provide huge opportunities for the next big businesses. Panelists predicted that the data generated by our devices and vehicles will be an area ripe for opportunity. In addition, they said that the next step on from the "passenger economy" will spawn new services as well as productivity increases, fuel savings and fewer accidents. They emphasized that with an order of magnitude increase in safety, we have an opportunity to transform world of transport by saving lives. The panelists said that we need both cities and companies willing to pilot new technologies as well as standards organizations to drive implementation to accelerate value for users and to ensure quality and trust.

Session 3 "WebVR, Emerging Trends: Seeing, Interacting and Securing the Future Web" was moderated by futurist Mark Pesce with speakers: Stina Ehrensvard, CEO & Founder, Yubico; Sean White, SVP, Emerging Technologies at Mozilla; and Megan Lindsay, VR Product Manager, Google.

Ehrensvard, Pesce, Lindsay and White noted that the difference between the start of the Web and the Web today is striking and the differences we will see in 2040 will be incredible. The panelists predicated that WebVR, WebAR will make the open Web a place of exploration and innovation and be the biggest computing paradigm shift since smart phones, and warned however that security will be vital for the success of these new technologies and innovations. Panelists noted the importance of working with W3C to expand the Web beyond the screen.

Session 4:  "Web Future Impact" featured Bloomberg/Business Week Senior Executive Editor Brad Stone interviewing Web Inventor and W3C Director, Sir Tim Berners-Lee.

Stone and Berners-Lee discussed the most urgent work for companies creating standards and the Web community. They noted the common worry that big tech companies have too much control. They discussed that they have seen over time the rise and decline of the influence and dominance of one big company, noted how these big influencers can impact the way we browse the Web, the news we see, what we find when we search, and even our democracy and voting. Berners-Lee and Stone noted that when there is a great deal of dominance by one company there can be reduced innovation for a time but then new companies come along and new innovations arise again.

Stone and Berners-Lee discussed that as more and more people get on the Web the spirit of collaboration continues. They noted that continued collaboration between engineers and designers means the Web is an exciting place which is just as fierce, exciting and international as ever. They identified new tools for collaboration which increase this spirit of collaboration and what people are able to achieve together.

Looking back, they did note that during the first 25 years of the Web, as the Web got more and more powerful, it was thought openness alone was sufficient for good to result. However, they said that now they see that we need to study the Web as a complex system, much like the brain, to be sure we are considering the unintended consequences of what we're building on the Web. They declared we must ask whether what we build amplifies misinformation and nastiness, or goodness and truth. They stated the need to consider not just if a company is profitable but whether it is generating value for user. They warned we risk the standing of our country if the neutrality, openness and security of the Web is not protected. Stone and Berners-Lee urged that we all need to work to protect the Web, its neutrality and its openness.

Please see Brad Stone's article on the discussion "Father of the Web Confronts His Creation in the Era of Fake News".

Many thanks to the moderators and speakers of this event and special thanks to our superb producer, Karen Myers, from the W3C Business Development Team.

Our mission is to lead the Web to its full potential. For decades W3C, with our members, have had a leadership role in driving strategic conversations about emerging technologies and their impact on business. On November 8 2017, in the heart of Silicon Valley,  W3C will host the inaugural W3C Executive Forum with industry leaders, thought leaders and futurists to engage with senior executives about the technologies and innovations which will harness and transform the power of the Web.

The day will feature sessions on Payments on the Web, Connected Cars and Connected Cities, and WebVR and will end with a conversation between Brad Stone of Bloomberg and our Director and Inventor of the Web, Sir Tim Berners-Lee.

Session 1: "The Future of Payments on the Web"

The Web continues to transform our world, the way we communicate and share the things we value. How we get to where we need to go; the meals we order, the gifts we buy; experiences we share - all these purchases are part of our modern lives and they frequently happen via the Web.

Nick Telford-Reed, Director of Technology Innovation, Worldpay will moderate the Future of Payments on the Web panel with global Executives Souheil Badran, President, Alipay North America; Karen Czack Vice President, Industry Engagement & Regulation of American Express and Sang Ahn, VP & GM, Samsung Pay.

Session 2: "Connected Cars, Cities and the Web"

A new wave of transformation is already under way as cars and city infrastructures are being connected. The impacts on physical and digital infrastructure, automation, data management, lifestyle and new business models are enormous. Connected cars in connected cities can revolutionize the way we drive with: greater safety, increased mobility, fewer cars and roads and hence, more green space.

The Open Web Platform offers unprecedented opportunities to serve as the nexus of solutions and services for a whole new multi-industry ecosystem. Business Insider reports that 381 million connected cars are expected to be on the road by 2020, and 82% of all cars shipped in that year to be connected, generating $8.1 trillion between 2015 and 2020.

The session on Connected Cars, Cities and the Web will be moderated by Steve Crumb, Executive Director, GENIVI Alliance with speakers: Tina Quigley, Regional Transportation Commission of Southern Nevada; Steve Surhigh, Harman Connected Services, Patricia (Patti) Robb, Head of the Silicon Valley Innovation Center and Scott Steedman, Director of Standards, BSI Group.

Session 3: "WebVR, Emerging Trends: Seeing, Interacting and Securing the Future Web"

By the mid 2020s, the Web will come to us in many new forms, such as virtual and mixed reality and voice interfaces. How will that change our expectations and experience - and how do we ensure that experience is a safe and secure one? Futurist and 3D Web pioneer Mark Pesce will be joined by a panel of experts on VR, user experience and security - for an immersive tour of a future that we can begin to plan for today.

Mark Pesce, who created the original Virtual Reality Modeling Language (VRML) will moderate the "WebVR, Emerging Trends: Seeing, Interacting and Securing the Future Web"session with speakers: Stina Ehrensvard, CEO & Founder, Yubico and expert on authentication; Sean White, SVP, Emerging Technologies at Mozilla and Megan Lindsay of Google.

Session 4: The Future Impact of the Web

The final session of the day will be a conversation with our Director Sir Tim Berners-Lee, the inventor of the Web and with Brad Stone of Bloomberg on The Future Impact of the Web.

We invite you to join us at this event with top-tier cutting-edge speakers to learn about the newest innovations in tech and the work of the W3C to imagine together, build and implement new technologies for the future of the Web.

Registration for the W3C Web Executive Forum on 8 November 2017 is open to all. For more information see the W3C Media Advisory.

I'm fresh from Money20/20 (my second time, along with Alan Bird), which was very productive in two ways.

The first was in raising awareness about the maturing Payment Request standard for streamlined Web payments. I moderated a session where Zach Koch from Google, Michel Weksler from Airbnb, and James Anderson from Mastercard demonstrated the user experiences that we expect to see increasingly across the Web. Mastercard’s demo featured strong authentication and tokenization used in conjunction with Payment Request. Earlier in the day, Google and FIDO also demonstrated Payment Request API, using a Web-based payment app, the Web Authentication spec, and a pre-production Android fingerprint API compliant with FIDO 2 specifications.

The second was in meetings. Something like 11,000 people attend Money20/20, including many decision makers, so it's a great opportunity to schedule back-to-back meetings. I had the opportunity to chat with a number of organizations considering joining W3C, and to introduce W3C to a number of other organizations not yet familiar with our work.

As a result of that packed schedule, I only got to attend a small number of sessions. That was unfortunate because the conference is a good source of information about industry hot topics. I did, however, get to spend time with colleagues from Airbnb, American Express, Capital One, Google, Mastercard, and Shopify who are involved in the standards group.

W3C is also beginning discussions about participation in future Money20/20 conferences in Europe and Asia; stay tuned.

Thanks to Manash Bhattacharjee for the photos of our session!

Slides.

Please join me on Monday, 23 October at Money20/20, where my colleagues from Google, Mastercard, and Airbnb will demonstrate how to streamline online checkout using new Web standards from W3C.

In our session, Zach Koch (Google) will highlight new browser features to accelerate checkout. James Anderson (Mastercard) will show how native mobile applications could integrate with this checkout experience, and also enhance payment security through tokenization and multi-factor authentication. Michel Weksler (Airbnb) will provide the merchant site driving the demos.

Industry leaders are collaborating on these open standards at W3C to enable a streamlined and consistent user experience across the Web, designed to increase conversions and lower merchant integration costs. All major browser makers are now implementing Payment Request API, the heart of the new Web checkout experience. So Money20/20 will be a great opportunity to check out the future of Web payments. Please join us!

Ian Jacobs will present new standards for streamlining checkout from the W3C Web Payments Working Group, as well as other payments-related activities.

Slides.

In June, W3C hosted a workshop to determine whether there were any aspects of blockchains that intersected with Web technologies, and if there were any specific technologies that were mature enough to consider for incubation toward standardization. We had lots of promising discussions and identified several next steps. You can read more details in the W3C Blockchains and the Web workshop report, released today.

Following the success of the workshop, we have begun to coordinate blockchain activities in the newly-formed Blockchain Community Group, which has chairs from Asia (Youngwhan "Nick" Lee), Europe (Marta Piekarska), and North America (Doug Schepers). The Blockchain CG has a regular coordination meeting on Thursdays, and is planning to start topic-specific short-term technical teleconferences as needed.

Blockchain is comprised of a broad set of cross-domain technologies, and thus our two chief tasks are to:

1. monitor the work of other groups (Web Payments, Internet of Things, etc) to make sure we are aware of what is happening in those fields, as well as groups outside of W3C, so we can complement their work); and
2. propose use cases beyond what is happening in existing working groups to ensure we identify the applications of blockchain that do and do not make sense. There is not yet consensus on which applications of blockchain technology are appropriate uses of the technology, but there is general agreement on a subset of useful applications, and these are the ones which we plan to dedicate resources to.

The Blockchain CG is intended partly to coordinate the activities of other topic-specific CGs, in addition to working on its own reports and deliverables. We will continue to work closely together with the new Blockchain Digital Assets Community Group (formed as an outcome of the workshop), and participate in the already-active Interledger Payments CG. Moreover we will collaborate with the Verifiable Claims task force of the Web Payments Interest Group.

As part of this ongoing coordination, we are planning an informal meeting during the W3C's TPAC meeting in Lisbon, Portugal. It will take place on Tuesday 20th of September at 10:30–12:30, and will also have a short session during the Web Payments Interest Group f2f on Friday 23 September; the Interledger Payments CG is also meeting at TPAC, on Thursday, 23rd of September. Leading up to TPAC, we will build an agenda to make the best use the time we have together in Lisbon. If you wish to attend TPAC, you must be a member of one of the Community Groups or Working Groups meeting there, and register by September 2.

After the September face-to-face meeting, the Blockchain CG will continue with regular calls, and will incubate low-hanging fruit by beginning to draft specifications and build community interested in Recommendation-track work, perhaps including the Chainpoint specification, which was discussed in detail at the workshop.

We are also considering a second blockchain workshop, possibly on the US West Coast, where we will work on more technical aspects and specifications that can contribute to W3C standardization, with particular focus on client-side technologies.

By the end of the year, we hope to have laid the groundwork for possible candidates for formal standardization.

We encourage interested people and organizations to join the W3C Blockchain Community Group to keep informed about future developments. We are expanding the scope of that group to include coordination for our various activities around blockchains, including links to related specific-topic community groups, such as the new Blockchain Digital Assets CG.

This post was co-written by Marta Piekarska and Doug Schepers.

W3C20 ASIA is the celebration of the 20th anniversary of the founding of the first W3C Asian host at Keio University in Japan in September 1996. The celebration consisted of three parts: a technical seminar, keynotes and the reception. The celebration gathered evangelists, specialists and experts to talk about various areas and use cases and topics, including future visions.

One forward-looking highlight of the event was a presentation about how the Tokyo Organising Committee of the Olympics and Paralympics Games is placing high importance on the Web accessibility of their Web pages and digital media, showing how much Web accessibility continues to be vital in the world.

The keynote panel discussion showed a clear strong tie among Asian countries.The speakers from mainland China, Hong Kong, Korea, and Japan discussed topics including accessibility, IoT (Internet of Things), WoT (Web of Things), data, Fintech (Financial technology), RegTech (Regulatory technology) and society-facing issues around trust on the Internet and Web.

That’s why W3C in ASIA is so important. This population is coming online and we are all coming connected. The speed of light is not fast enough; traditional distinctions are disappearing—things like analog vs. digital, physical vs. virtual, real time vs. not real time, human vs. not human, but application or agent—and the disappearance of those distinctions will enable the next digital generation to overcome the speed of light.

An expectation for the W3C is to work with the rest of society to manage what’s coming next, since all people, life, industry segments, jobs or even virtual worlds are on the Internet and Web. Though the next 20 years will be very challenging, the panelists were confident that the W3C is the place for it to be brought to realization.

The reception opened with a Web visualization demonstrated by a budding artist and featured interesting talks from widely known speakers, as well as other demonstrations. This remarkable event made a strong impression about the importance of W3C in Asia.

W3C had its annual meeting last week in Boston and it was one of the most interactive meetings we have had in recent memory. During the meeting we released the W3C highlights for Spring 2016, a comprehensive report of W3C's vision and focus; and had informative discussions from industry presenters and keynote speakers.

We also had an opportunity to discuss a proposal from the Electronic Frontier Foundation about a covenant related to our Encrypted Media Extensions specification; see the information on EME work at W3C we recently made available.

Participants were most energized by a discussion about what is the Next Big Thing for the Web. Everyone seemed to think there was so much more work to do in moving the Web forward. In a straw poll, the leading topics were Web Security, Web Payments, Web of Things, and (of course) the core platform. These definitely map to where we are seeing the most excitement in W3C groups. More details can be found in our recent security blog posts; my recent payments blog post; my recent WoT post; and the Web Platform Working Group's co-chairs next steps for the core platform blog post.

Other Highlights of the meeting:

• We spent half a day looking at how the Web leads industry to its full potential and vice versa. The speakers - principally from industry - taught us a great deal about how Web technologies impact their industries. See our efforts in Telecommunications, Web Payments, Web of Things, Digital Publishing, Automotive and Entertainment.
• We had about 10 BOF sessions over lunch as Advisory Committee representatives and the Team thought through diverse topics such as Digital Marketing, executive focus on Web technologies, and blockchain.
• We spent an afternoon getting an update on technical topics and tooling. A highlight was Nigel Megitt's professionally delivered video speech as we all celebrated getting our first Emmy. Several attendees were seen getting their pictures taken with the Emmy.
• Bruce Schneier delivered an impressive keynote about the growing impact of what he called "the World-Sized Web" as the Internet of Things brings more parts of world infrastructure within the domain of Web technology. A particular focus was on how to secure this infrastructure.