W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2018

Re: [Tokenization] Attempt to synthesize Token Usage Type from 1 May discussion

From: <giulio@apple.com>
Date: Fri, 11 May 2018 14:16:21 -0700
Message-id: <BB33CD1F-1570-472D-836C-10A02D434CAC@apple.com>
Cc: Ian Jacobs <ij@w3.org>, Michel Weksler <michel.weksler@airbnb.com>, Peter Saint-Andre <stpeter@mozilla.com>, "Patel, Keyur" <keyur.patel@mastercard.com>, Richard Garreth Waller <Richard.G.Waller@aexp.com>, "Dix, Simon" <Simon.Dix@mastercard.com>
To: Web Payments Working Group <public-payments-wg@w3.org>
> "one-time"
> The payee expects to use the token for a single authorization. How exactly the payee can use the token (e.g., for a charge, an update to the authorization, a partial refun, a second partial shipment, or incremental charges) is outside the scope of this specification.
> "card-on-file"
> The payee expects to re-use the token for as yet uknown future transactions, including payer-initiated transactions and payee-initiated transactions (e.g., for partial shipment, incremental charges, and resubmission use cases). Whether and how the payee requests a new Token Cryptogram <https://www.emvco.com/emv-technologies/payment-tokenisation/> for future transactions is outside the scope of this specification.
> "recurring"
> The payee expects to re-use the token exclusively for a recurring payment according to an agreement with the payer.

Assume I book a vacation on a travel site such as expedia.com <http://expedia.com/>. Expedia may use my payment credentials to pay for the flight, then it may want to pass the credential to a car rental, which could execute a $0 auth to reserve my car; Expedia is also going to want to pass my payment credential to one of dozens of hotel chains that they work with to reserve a room (some hotels may charge the full amount upfront, others just the first night, others will just run a $0 auth); another transaction could be needed for yet another company for travel insurance.

Many merchants in travel and marketplaces operate in this model today with the card number collected (once) is being passed through the partners chain. 
I am not clear on what types of tokens or what combination of tokens would achieve the same result, under the premise that the user would still need to authorize just one payment on Expedia’s web site.

This is relevant to the discussion, as the API needs to account for the correct type/number of parameters.  

Would it be possible for representative from VISA, MC, Amex and Discover to share how their respective network token services address this use case? 


Giulio Andreoli
 Pay
+1 (415) 218-1787

> On May 3, 2018, at 7:42 AM, Peter Saint-Andre <stpeter@mozilla.com> wrote:
> On 5/3/18 7:31 AM, Ian Jacobs wrote:
>>> On May 2, 2018, at 11:53 PM, Michel Weksler <michel.weksler@airbnb.com> wrote:
>>> Please see below…
>> Michel,
>> Thank you for the comments. I have further updated the text:
>> https://w3c.github.io/webpayments-methods-tokenization/index.html#tokenusagetype-enum
> Much better. Thanks to Michel for the feedback!
> Peter
Received on Friday, 11 May 2018 21:17:09 UTC

This archive was generated by hypermail 2.3.1 : Friday, 11 May 2018 21:17:10 UTC