W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2018

Re: [Tokenization] Attempt to synthesize Token Usage Type from 1 May discussion

From: Ian Jacobs <ij@w3.org>
Date: Mon, 14 May 2018 07:15:13 -0500
Cc: Web Payments Working Group <public-payments-wg@w3.org>, Michel Weksler <michel.weksler@airbnb.com>, Peter Saint-Andre <stpeter@mozilla.com>, "Patel, Keyur" <keyur.patel@mastercard.com>, Richard Garreth Waller <Richard.G.Waller@aexp.com>, "Dix, Simon" <Simon.Dix@mastercard.com>
Message-Id: <101F17A6-7E2B-4DD6-8D0F-4945D77E81D7@w3.org>
To: giulio@apple.com
Thank you, Giulio. I’ll put this on this week’s tokenization call agenda (15 May, 11:30-12:30 ET). Can you join the call?

Ian



> On May 11, 2018, at 4:16 PM, giulio@apple.com wrote:
> 
>> "one-time"
>> The payee expects to use the token for a single authorization. How exactly the payee can use the token (e.g., for a charge, an update to the authorization, a partial refun, a second partial shipment, or incremental charges) is outside the scope of this specification.
>> "card-on-file"
>> The payee expects to re-use the token for as yet uknown future transactions, including payer-initiated transactions and payee-initiated transactions (e.g., for partial shipment, incremental charges, and resubmission use cases). Whether and how the payee requests a new Token Cryptogram for future transactions is outside the scope of this specification.
>> "recurring"
>> The payee expects to re-use the token exclusively for a recurring payment according to an agreement with the payer.
> 
> Assume I book a vacation on a travel site such as expedia.com. Expedia may use my payment credentials to pay for the flight, then it may want to pass the credential to a car rental, which could execute a $0 auth to reserve my car; Expedia is also going to want to pass my payment credential to one of dozens of hotel chains that they work with to reserve a room (some hotels may charge the full amount upfront, others just the first night, others will just run a $0 auth); another transaction could be needed for yet another company for travel insurance.
> 
> Many merchants in travel and marketplaces operate in this model today with the card number collected (once) is being passed through the partners chain. 
> I am not clear on what types of tokens or what combination of tokens would achieve the same result, under the premise that the user would still need to authorize just one payment on Expedia’s web site.
> 
> This is relevant to the discussion, as the API needs to account for the correct type/number of parameters.  
> 
> Would it be possible for representative from VISA, MC, Amex and Discover to share how their respective network token services address this use case? 
> 
> Thanks
> Giulio
>  
> 
> 
> 
> Giulio Andreoli
>  Pay
> giulio@apple.com
> +1 (415) 218-1787
> 
>> On May 3, 2018, at 7:42 AM, Peter Saint-Andre <stpeter@mozilla.com> wrote:
>> 
>> On 5/3/18 7:31 AM, Ian Jacobs wrote:
>>> 
>>> 
>>>> On May 2, 2018, at 11:53 PM, Michel Weksler <michel.weksler@airbnb.com> wrote:
>>>> 
>>>> Please see below…
>>> 
>>> Michel,
>>> 
>>> Thank you for the comments. I have further updated the text:
>>> https://w3c.github.io/webpayments-methods-tokenization/index.html#tokenusagetype-enum
>> 
>> Much better. Thanks to Michel for the feedback!
>> 
>> Peter
>> 
>> 
> 

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 718 260 9447
Received on Monday, 14 May 2018 12:15:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 14 May 2018 12:15:29 UTC