Click to Pay Direct API Token Passthrough
Overview
Click to Pay is an intelligent, password-free online checkout option that provides a quick and easy checkout experience designed to make 'guest checkout' faster and easier across all devices.
Click to Pay provides a single checkout button and a standardized checkout flow for all participating card schemes, including Mastercard, Visa, American Express, Discover and others.
Click to Pay is built off EMVCo's SRC specification and replaces Masterpass, Visa Checkout and Amex Express Checkout.
A payer can create a Click to Pay profile using their email address. During checkout, the payer must then provide this email address and perform an additional verification step with a one-time passcode (OTP). They can also choose the "Remember me" option to subsequently skip the verification when using the same browser in a subsequent checkout.
The payer can store multiple credit, debit or prepaid cards, the associated billing addresses, and multiple shipping addresses in their Click to Pay profile. Card details are securely stored, and additional security is provided by offering network tokenization where possible (market acceptance of network tokenization must be enabled).
Click to Pay allows your payer to select the payment details to be used for the payment; however, the payment itself is processed using the acquirer configured for your merchant profile in the gateway.
You will need to build your integration using the MTF environment first and then go live on the production environment.
Key benefits
Click to Pay offers the following benefits:
- Intelligent consumer recognition, 'embedded' into the checkout flow, to initiate faster guest checkout across all devices (with no passwords to remember).
- A reduction in clicks and manual card entry to ultimately increase conversion and create frictionless experiences.
- Potential for higher authorization approval rates, via network tokenization, assisting in the reduction of preventable declines.
- Built upon EMVCo Secure Remote Commerce standards to create a consistent user experience and lower fraud rates in eCommerce guest checkout payment moments.
- Secure exchange of payment data including card details, billing, and shipping address details
Prerequisites
If you want to offer Click to Pay as a checkout option to your payers:
- Work with Click to Pay team to onboard to Mastercard SRCi
- Please ensure to use Direct API version 57 and above
- If using Scheme Tokens over FPANS ensure that Network Tokenization via Merchant Manager is enabled
- If using FPANs, please work with the Click to Pay team to ensure they are provided from the Mastercard SRCi. Then, please see the Send the Transaction Request page for the steps required to process FPANs.
Click to Pay Integration Contact Information
Integration guide link for Mastercard SRCi: https://developer.mastercard.com/unified-checkout-solutions/documentation/
Support page for Mastercard SRCi: https://developer.mastercard.com/unified-checkout-solutions/documentation/support/
Perform payment operation
Token payments
When you integrate directly with the network token service provider, you must obtain the token details from the provider, and provide these details to the gateway on an Authorization/Pay request to process payments.
Transaction request
In addition to the standard fields, provide the following fields in an Authorization/Pay request to process payments using network tokens issued by the network tokenization service providers.
- walletProvider=SECURE_REMOTE_COMMERCE:Details about the source of the payment used for digital payment methods.
- type=SCHEME_TOKEN:Enables the gateway to identify the source of fund provided in the request as a network token.
- provided.card.number:The network token.
- provided.card.expiry:The network token expiry.
- provided.card.devicePayment.onlinePaymentCryptogram:Use the cryptogram directly from the decrypted transaction credentials.
- provided.card.devicePayment.eciIndicator=07:The Electronic Commerce Indicator.
- provided.card.securityCode:The token verification code if issued by the tokenization service.
- source=INTERNET:Indicates the channel through which you received authorization for the payment for this order from the payer.
Transaction response
When a network token is provided in the Authorization/Pay request, the Retrieve Transaction response will return the following:
- type=SCHEME_TOKEN- if a network token was used in the Authorization/Pay transaction.
If the acquirer returns an FPAN
- provided.card.number:The masked FPAN (Funding PAN).
- provided.card.expiry:The FPAN expiry.
- provided.card.deviceSpecificNumber:The network token from MDES ("Token PAN") or VTS ("Token") or AETS ("Token").
- provided.card.deviceSpecificExpiry:The network token expiry.
If the acquirer does not return an FPAN:
- provided.card.number:The fully masked value.
- provided.card.deviceSpecificNumber:The network token from MDES ("Token PAN") or VTS ("Token") or AETS ("Token").
- provided.card.deviceSpecificExpiry:The network token expiry.
Testing details
Supported testing methods
Due to complexity with the Token Passthrough method, merchants must currently test with their LIVE Production merchant.
Region | Live or Test Merchant? | Card Type Used | Functionality/Purpose |
---|---|---|---|
MTF | Live | Click to Pay Provided – Sandbox Test Card | You can integrate with the Mastercard SRCi sandbox environment to test the flow of Token Passthrough. |
Prod | Live | Live cards owned by the merchant | Full end to end testing with ANZ eGate payment gateway and Click to Pay Token Passthrough Method. |