Re: FYI: First Public Working Draft of Web Payments Use Cases

http://www.w3.org/TR/2015/WD-web-payments-use-cases-20150416/

>     Not everyone can provide fingerprints or detailed iris scans. Therefore, it is important to offer multiple forms biometric verification to improev [sic] accessibility.

>         Carson (in New York City) sends money to Vladamir [sic] (in Moscow) using his Ripple client, which converts the currency from US Dollars to Rubels [sic] in transit.

Typically `Vladimir`
Google says: Showing results for Vladimir [191,000,000 results] Search
instead for Vladamir [355,000 results]

`The ruble or rouble (Russian: рубль, rublʹ, plural рубли́, rubli; see
note on English spelling)`

plural: rubles

> The roadmap will include payment schemes in use today (such as electronic cheques [sic], credit cards, direct debit, and cryptocurrencies) and those of the future.

w3c is en-us, and the web follows en-us: Google says "electronic
cheques" [6,160 results] "electronic checks" [233,000 results]

pattern: "checks"

> The unbanked often live pay cheque [sic] to pay cheque [sic],

en-us/Google says: "pay cheque" [409,000 results] paycheck [22,300,000 results]

pattern: "paycheck"

> Section 2 defines basic payment terms.

Please make these things links.

> A mechanism used to transfer value from a payer to a payee. Examples: Corporate Visa card, personal Visa card, a bitcoin account, a PayPal account, an Alipay account, etc.

you don't always use `etc.` at the end of examples, as below, I'd
suggest not including it above...

> An entity that submits and processes payments using a particular payment instrument to a payment network. Examples: Stripe, PayPal, Authorize.net, Atos, FedACH.


> payment scheme

en-us warning: `scheme` is a Britishism, if you google "payment
scheme", the hits are all European. I have no idea what you mean and
respectfully request you find an appropriate en-us term for this.
Note: w3c is officially en-us and since this is designed as a w3c
document, it should adhere to this.

> Activities surrounding and including a transaction (e.g., discovery of an offer, negotiation of terms, selection of payment instrument, delivery, etc.).

pattern:
e.g. ... etc.

Don't include both (see earlier flag for `Example:...etc.`)

> The descriptions below only discuss the interactions between the payer and the payee.

payee is linked here, but not payer....

> 3. An Overview of the Payment Phases

Doesn't cover pay-later cases such as Boleto [1] or really any house
billing system -- where goods / services are provided up front and
people settle debts ... somehow...

> Jill can't decide whether the dress displayed online is blue with black stripes or white with gold stripes,

this is cute, but I don't think future readers will get this Meme.
Unless you're willing to include a citation (which you could, but
please use web.archive.org to anchor it), then I'd suggest changing
it.

> That same evening at home, Jill logs into her account on the PayToParty Web site, adding her preferred items to her shopping cart.

`preferred` isn't the right word. She added the items she has chosen.
I can prefer something out of my price range (and she's entitled to do
the same).

> 3.1 Negotiation of Payment Terms
> Application of Marketing Elements. The payer discovers and applies any loyalty programs, coupons, and other special offers to the payment terms.

> 4.1 Negotiation of Purchase Terms
> Application of Marketing Elements: As Jill prepares to check out, PayToParty offers her a discount of 10% if she uses the store's loyalty card to pay.

There's a mismatch here. In 3.1 you used the word `applies`. Here, you
use the word `offers`.

> Authentication to Access Instruments: Jill selects the PayToParty loyalty card, which she enabled with theft-protection [awk], and is asked to input a code that is sent to her phone before the purchase can be completed.

Google: "theft protection" -identity -car -auto -bicycle
doesn't yield `theft-protection` used the way you're using it.

You could (and should) mention Two Factor Authentication (2FA).
Also, the code is really an anti-skimming feature, not an anti-theft feature.

But the main problem ([awk]) is that Jill didn't enable the card, she
got the card and enabled a feature for the card.

> Identity. There will be a consistent, interoperable identifier used to identify the participants and accounts in a Web Payments transaction.

I somewhat object to `consistent`. The credit industry is slowly
moving to tokenized transactions. There are a number of variations of
this, an old one is Secure Online Account Numbers....

>> Secure Online Account Number service allows you to generate a temporary card number for safer checkout—anytime you shop online. With Secure Online Account Numbers you can. Generate a temporary card number so your real account number is not revealed. Create and save a number for every online purchase you make.

> Website Penny uses the HobbyCo website to select a $15 model train for purchase.
> Goals rapid, widespread adoption.

I don't understand `Goals`, whose goals?
How is this a goal?
Why is `rapid` not Capitalized?

> Goals Improved user experience, Greater security, Innovation, Automatability, and rapid, widespread adoption.

why are words here randomly capitalized?

> Exceptions No mobile phone connectivity (visiting a different country, trip occurs outside the range of a mobile network, etc.)

missing trailing period

> Freemium Ricki plays his favorite native app game and wants to upgrade his avatar with a few extra "power-ups." Clicking on a power-up displays the price.

I know you were taught to put punctuation inside quotation marks.
Please don't, it makes parsing sentences much harder (especially when
silly spec writers actually have section headings w/ punctuation that
they're really quoting... *sigh*).

> Goals Improved user experience, Innovation, and Transparency.

why are words here randomly capitalized?

> E-mail [sic] A GroupBuyCo customer receives an offer by email to purchase the deal of the day.

Email
(you aren't consistent within this one row...)

> Goals Improved user experience, Increased user choice, and rapid, widespread adoption.

why are words here randomly capitalized?
(I'm not flagging all instances, I'm randomly flagging...)

> Exceptions Software acting on the payer's behalf may keep track of exactly how much money the payer has and not allow them to process the offer.

`has` or `has available`?

> Security Automated purchases (e.g,. by a vehicle) should involve increased security (e.g., a second factor of authentication).

Why?
It might be reasonable to say they should have more Logging/Auditing.
But I don't think that being asked to present my Passport at every gas
station is a good idea.

> Goals Increased user choice, Improved user experience, Innovation, Transparency, and Automatability

Missing period

> Trial-ware

Remove the dash [2]

> Accessibility For safety reasons, the interface used to interact with the digital offer must not distract the driver of the vehicle. Voice controls and other techniques can be used to reduce driver distraction.

Um. No [3].
Let's work on Vision Zero [4] instead of increasing distracted driving
fatalities [5].

> Privacy Protection Tibor orders assorted chocolates from CandyCo. CandyCo only needs Tibor's verified shipping address to send him the chocolates.

Why does CandyCo need a verified shipping address? People orIder to
unverified addresses all the time (plenty of movies involve pizza /
delivery / catering being sent to police officers in jails or on
stakeouts).

It might be in Tibor's interest to ship candy to his own address
instead of accidentally shipping it to his neighbors, but,...

That said, this form of security is totally bogus.

You could make half a claim for Canada Post's Flex Delivery [6] or for
the classic postal box/reshipper. But you can't claim that only
sending an address w/o a name yields even a modicum of privacy. If the
address doesn't include a name, then odds are there's a unique
individual residing there, and a reverse directory, or a web search
will yield the name. (* To get Flex Delivery [6] to do the right thing
would probably involve creating/destroying identifiers, since I think
identifiers tend to be pinned to a customer.)

> Need to Know PayCo is required to keep a certain amount of information on their customers for anti-money laundering / know your customer regulatory purposes.

It's unclear that PayCo is a payment processor and not a vendor.

> Goals Improved user experience

missing period

> Seth participates in a loyalty program with his local grocery store and can apply a variety of digital coupons when he visits the store. Is a loyalty card a payment instrument, or a credential?

A loyalty card is the wrong payment instrument. This is a store Charge Card...

> David wants to be able to manually arrange available payment instruments when they are presented to him. Why does this need to be standardized? Isn't this just a part of the wallet UI?

If I need to split a payment across three payment instruments...

> Lalana does not like to scroll. She wants the instruments she uses most often to appear at top of the displayed list of available payment instruments.

This should be done by the UA using frecency [7].

> Wes has configured his debit card to require a fingerprint scan from his mobile device and a Universal Two Factor (U2F) device to be used when performing a purchase over $1,000.

I had a whole bunch of citations for why this stuff is awful
(MacGuyver [8], James Bond [9], Spaceballs, Demolition man [10]), but
my computer ate the citations.

Note that banks discourage [11] certain "protections" because they
just put their customers at risk:

"There are ... concerns that customers under stress may be unlikely to
remember the reverse of their PIN, which may place them in greater
danger should the perpetrator figure out what they are attempting to
do and escalate the situation,"

> Nadia's bank asks her to use her two-factor authentication device and at least one of their in-branch retinal scanners or palm-vein readers before she is allowed to withdraw $25,000.

Defeating scanners is a fairly standard thing, which has been done for
decades. Roughly, any technology that encodes based on something that
is measurably you makes it fairly easy for someone to measure, record,
and reproduce for the purposes of claiming to be you.

> In current online and offline payment transactions, biometric authentication can be used instead of password-based authentication:
> John registers his fingerprint with his payment provider so that he can just use a fingerprint to pay for low-value items.

MacGuyver and gummy bear attacks against fingerprints

> Sarah registers her voiceprint and face with her payment provider for use in transactions greater than $1,000.

Sneakers [12] "Hi, my name is Werner Brandes. My voice is my passport.
Verify Me."

> Rico buys a $5,000 car for his daughter through an online dealership. His payment processor requires a password plus two forms of biometric identification. Rico doesn't have hands, so he uses a face and iris scan to perform the authentication.

This is not two additional forms, it's only one, if someone captures
Rico, they have his face and iris. If they decapitate him, they have
his face and iris. If someone kidnaps a loved one, they can coerce
Rico.

Faces can be transplanted [13].

> Biometrics can be utilized on Point of Sale terminals

Skimming point of sale terminals isn't new [14][15].

> 4 corner model
> "three-corner model payments"
> "four corner model payments"

please spell this consistently, and please introduce it before you use it.

> A payee may want to limit access to certain services to only those who they know can afford the good or service because the act of engaging the payer may be costly.

"engaging" is an odd word -- it's probably the wrong word too..

> The bicycle is delivered a few days later with a QRCode attached to the package that only Giralt can access.

I don't understand what this means. If you mean "included inside the
box", you should probably say this.

> Goals rapid, widespread adoption.

You probably wanted to capitalize the first word (Rapid) here...

> Electronic receipts will make it easier to track expenses, prove that certain purchases were made, file tax returns, and simplify management of unnecessary paper.

This is nonsense. People have been tracking expenses since the 80s,
filing taxes using electronic software since the 80s (1986) TurboTax
[16], importing receipts since 1994 (Quicken 3 [17]).

I also had an explanation of why paper receipts are pointless (your
credit card company is quite happy to produce a general bill, it does
so monthly -- often electronically, and if the vendor is being evil,
as an airline was to me once, the credit card company will be happy to
void the charge).

As for donations, that's been available for a long time too (Canada
Helps [18] does it for all Canadian charities).

The most important thing about a receipt is that it be meaningfully
signed and not trivially forgeable / maleable.

> Bongani reserves a bus ticket online using his mobile phone. At the bus terminal he taps his phone to a kiosk and receives a printed physical receipt that he can use on the bus.

Electronic tickets [19] were common in the late 1990s. They have
already reached widespread adoption.

> Teo claims that a blender they purchased online was faulty and returns the product to the merchant.

Unless you're trying to honor Teo's gender preference (they) please
consider using a more traditional singular personal pronoun.

> Janet selects her Discover points card

Discover is a Credit Card [20], not a points card -- often called a
Rewards Credit Card.

> Terrific-Tools, Inc. ships the ax to Tom.

Suddenly Incorporated (quite late in the example).

> Anna is told that she will pay for the airline ticket with 600RMB and she confirms it.

This is less than 100 USD. That seems unlikely, TravelChinaGuide [21]
shows 111 USD as the cheapest flight for Jul 21 from PEK to SHA. (It
might be occasionally possible.)



[1] https://en.wikipedia.org/wiki/Boleto
[2] http://en.wiktionary.org/wiki/trialware
[3] http://www.ctvnews.ca/canada/hands-free-isn-t-brain-free-distracted-driving-researchers-say-1.1175293
[4] https://en.wikipedia.org/wiki/Vision_Zero
[5] http://www.citynews.ca/2014/03/04/distracted-driving-caused-more-2013-deaths-than-impaired-driving-opp/
[6] http://www.canadapost.ca/flexdelivery‎
[7] https://en.wikipedia.org/wiki/Frecency
[8] http://macgyver.wikia.com/wiki/List_of_problems_solved_by_MacGyver
[9] http://tvtropes.org/pmwiki/pmwiki.php/Main/BorrowedBiometricBypass
[10] https://www.youtube.com/watch?v=CbM--4-z0cs
[11] http://usgovinfo.about.com/od/censusandstatistics/a/Why-Reverse-PIN-Is-Not-in-Use.htm
[12] http://www.imdb.com/title/tt0105435/quotes
[13] http://www.dailymail.co.uk/news/article-3100288/This-face-grew-Incredible-moment-woman-sees-dead-brother-s-FACE-man-s-body-time-life-saving-transplant-surgery.html
[14] http://krebsonsecurity.com/category/sunshine/
[15] http://krebsonsecurity.com/category/all-about-skimmers/
[16] http://www.amazon.com/TurboTax-Deluxe-State-Software-Refund/product-reviews/B00NG7JVSQ?pageNumber=5
[17] http://www.atarimagazines.com/compute/issue163/_76_Quicken_3_for_Window.php
[18] https://www.canadahelps.org/en/why-canadahelps/frequently-asked-questions/your-canadahelps-donor-account/
[19] https://en.wikipedia.org/w/index.php?title=E-ticket&direction=next&oldid=18533086
[20] https://www.discover.com/credit-cards/
[21] http://www.travelchinaguide.com/china-flights/flightsearch.aspx

Received on Friday, 26 June 2015 20:50:49 UTC