Re: W3C / Use case / proposal for direct debit and credit transfert from Anders Rundgren on 2015-07-06 (public-webpayments-ig@w3.org from July 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 6 Jul 2015 16:43:16 +0200
To: VIGNET cyril <Cyril.VIGNET@bpce.fr>, Web Payments IG <public-webpayments-ig@w3.org>
Cc: VERONNEAU Eric <Eric.VERONNEAU@bpce.fr>
Message-ID: <559A9404.7000708@gmail.com>
On 2015-07-06 15:15, VIGNET cyril wrote:
> Hello All,
>
> Here is my proposal to complete the use cases for 7.6 Direct Debit and 7.7 Credit Transfer.

Hello Cyril,

May I (a non-member) comment on 7.6?
This sounds like what in Sweden is called AutoGiro and is a very interesting use-case.

In some countries you need to sign a (physical) paper in order to get such a setup rolling.

To make this usable in the way SEPA was designed for (cross-border), I think we need to (in some way) emulate/replicate the paper signature.

I would propose something along the following lines:

1. Anna visits the Utility site and finds the conditions reasonable.
2. Anna selects the SEPA direct debit payment method.
3. The Utility digitally signs a "SEPA direct debit authorization request" for the (yet unverified customer) who have signed up.
4. This opens a user SEPA authorization form in a Payment Agent which after Anna has given a PIN or similar (which activates a signature key), routes the (now authorized) request to Anna's SEPA Bank.
5. Anna's SEPA Bank verifies both the request and the user authorization.
6. After successful verification Anna's SEPA Bank returns a digitally signed authorization document which contains all data needed for performing SEPA direct debit.
7. The Payment Agent routes the authorization document to the Utility.
8. The Utility verifies the authorization document and can now start to pull money from Anna's account.

There's no apparent need for Anna to authenticate to the Utility site, Anna's SEPA Bank should provide validated information.
The Utility's SEPA Bank may be involved step 3 and 8.

This scheme eliminates all fuzz with IBAN numbers.

The same principles ought to be applicable to any of the myriad of local giro-systems in use today.

I didn't understand this paragraph in your writeup:
   "Delivery of Receipt: The utility website sees that Anna's
    direct debit mandate has been validated and sends a receipt
    message to her digital wallet"

How does the website see that Anna's mandate is validated?
What digital wallet?

Disclaimer:
My knowledge of SEPA payment messages is close to null...I only looked at this from a process and authorization point of view.

Regards,
Anders

>
> I am not able to change directly the webpage. Sorry about that.
>
> Best regards
>
> Cyril
>
> *    Cyril VIGNET* (cyril.vignet@bpce.fr)
>
> **
>
> ***Département R&D Innovation***
>
> *    BCA/**Direction des Paiements Groupe*
>
> ***Groupe BPCE
> *50, avenue Pierre Mendès France 75201 Paris cedex 13
>
> Tél. : +33 1 58 40 02 34 - Port. : +33 6 22 04 08 56//
>
> //*//**/ ________________________________________/*
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Ce message et toutes les pièces jointes (ci-après le 'message') sont confidentiels et établis à l'intention exclusive de ses destinataires. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'en avertir immédiatement l'expéditeur.
> Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération.
> BPCE décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié.
>
> This message and any attachments (the 'message') are confidential and intended solely for the addressee(s). If you receive this message in error, please delete it and immediately notify the sender. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. « BPCE » will not be liable for the message if altered, changed or falsified.
Received on Monday, 6 July 2015 14:43:56 UTC