SCA and Google Pay API

AI-generated Key Takeaways

outlined_flag

• Online payment transactions within the European Economic Area (EEA) must meet Strong Customer Authentication (SCA) requirements as defined by PSD2.

• Google Pay API integrations need updates to support SCA, primarily by modifying the PaymentDataRequest object with details like merchant name, transaction country, and total price.

• Merchants will receive either an authenticated payload ready for processing or a PAN requiring 3D Secure 2.0 authentication via a chosen solution.

• When assuranceDetails.cardHolderAuthenticated is false, merchants should implement risk checks and potentially 3D Secure authentication for enhanced security.

Strong Customer Authentication

To enable Google Pay to return appropriate payment credentials for transactions subject to Strong Customer Authentication (SCA), you might need to update your implementation.

If you've completed a Google Pay API V2 integration, the following changes are required.

Update your PaymentDataRequest object

Update your PaymentDataRequest object with the following properties:

• merchantInfo.merchantName : The merchant name is rendered in the payment sheet.
• transactionInfo.countryCode : This indicates where the transaction is processed. You must specify the acquirer bank country.
• transactionInfo.totalPrice : The total monetary value of the transaction, with an optional decimal precision of two decimal places.

Updated PaymentDataRequest object example

The following is an example of an updated PaymentDataRequest object:

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "merchantInfo": {
    "merchantName": "Example Merchant"
  },
  "allowedPaymentMethods": [
    {
      "type": "CARD",
      "parameters": {
        "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
        "allowedCardNetworks": ["AMEX", "DISCOVER", "INTERAC", "JCB", "MASTERCARD", "VISA"]
      },
      "tokenizationSpecification": {
        "type": "PAYMENT_GATEWAY",
        "parameters": {
          "gateway": "example",
          "gatewayMerchantId": "exampleGatewayMerchantId"
        }
      }
    }
  ],
  "transactionInfo": {
    "totalPriceStatus": "FINAL",
    "totalPrice": "12.34",
    "countryCode": "GB",
    "currencyCode": "GBP"
  }
}

Handle the response object

Merchants receive one of the following:

• An authenticated payload that can be processed without any further step-up or challenge.
• A PAN that requires 3D Secure 2.0 through a solution provided in-house or through payment service provider partners (PSP)

Most of our PSP offer the ability to apply appropriate instrument risk checks and step-up transactions. Where applicable, this includes 3D Secure for Google Pay PAN PAN_ONLY transactions.

If you have an in-house risk management tool, use the assuranceDetailsRequired parameter to get more details about the transactions.

If assuranceDetails.cardHolderAuthenticated returns false, apply appropriate instrument risk checks and step-up transactions. Where applicable, include 3D Secure.