SCA and Google Pay API

AI-generated Key Takeaways

outlined_flag

• Online payment transactions within the European Economic Area (EEA) must adhere to Strong Customer Authentication (SCA) standards as part of PSD2 regulations.

• Google Pay integrations need to be updated to the latest API version (V2) to support SCA and ensure proper payment credential handling.

• Developers must update their PaymentDataRequest object to include merchant name, transaction country code, and total price to facilitate SCA compliance.

• Google Pay will provide either an authenticated payload or a PAN requiring 3D Secure 2.0 processing, depending on the transaction risk assessment.

• Merchants should utilize their PSP or in-house risk management tools to perform additional checks and apply 3D Secure when necessary for transactions flagged as requiring further authentication.

Strong Customer Authentication

To enable Google Pay to return appropriate payment credentials for transactions subject to Strong Customer Authentication (SCA), you might need to update your implementation.

If you've completed a Google Pay API V2 integration, the following changes are required.

Update your PaymentDataRequest object

Update your PaymentDataRequest object with the following properties:

• merchantInfo.merchantName : The merchant name is rendered in the payment sheet.
• transactionInfo.countryCode : This indicates where the transaction is processed. You must specify the acquirer bank country.
• transactionInfo.totalPrice : The total monetary value of the transaction, with an optional decimal precision of two decimal places.

Updated PaymentDataRequest object example

The following is an example of an updated PaymentDataRequest object:

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "merchantInfo": {
    "merchantName": "Example Merchant"
  },
  "allowedPaymentMethods": [
    {
      "type": "CARD",
      "parameters": {
        "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
        "allowedCardNetworks": ["AMEX", "DISCOVER", "INTERAC", "JCB", "MASTERCARD", "VISA"]
      },
      "tokenizationSpecification": {
        "type": "PAYMENT_GATEWAY",
        "parameters": {
          "gateway": "example",
          "gatewayMerchantId": "exampleGatewayMerchantId"
        }
      }
    }
  ],
  "transactionInfo": {
    "totalPriceStatus": "FINAL",
    "totalPrice": "12.34",
    "countryCode": "GB",
    "currencyCode": "GBP"
  }
}

Handle the response object

Merchants receive one of the following:

• An authenticated payload that can be processed without any further step-up or challenge.
• A PAN that requires 3D Secure 2.0 through a solution provided in-house or through payment service provider partners (PSP)

Most of our PSP offer the ability to apply appropriate instrument risk checks and step-up transactions. Where applicable, this includes 3D Secure for Google Pay PAN PAN_ONLY transactions.

If you have an in-house risk management tool, use the assuranceDetailsRequired parameter to get more details about the transactions.

If assuranceDetails.cardHolderAuthenticated returns false, apply appropriate instrument risk checks and step-up transactions. Where applicable, include 3D Secure.