Google Pay

Google Pay™ transactions can be processed via the Saferpay Payment Page, without much effort from you side. Note that Google Pay is not a classic means of payment, but rather a digital wallet. Your customers will still pay with Visa, Mastercard, or whatever credit card has been saved inside the wallet, thus the actual recorded payment method will correspond to this. However, Saferpay will also return information that this transaction has been performed through Google Pay. Furthermore, all options and limitations of the used means of payment apply, if not mentioned otherwise in this chapter.

The following chapter will guide you through the steps required in order to activate and use Google Pay.

Requirements

The handling of Google Pay payments with Saferpay requires:

  • The corresponding Saferpay eCommerce licence and thus the existence of a valid identification with a username and password for the Saferpay system.

  • Availability of at least one active Saferpay terminal by which payments can be carried out and availability of the associated Saferpay TerminalId.

  • An active card acquiring contract with an acquirer who supports Google Pay for at least one of the following brands: Visa/V PAY, Mastercard, American Express.

Supported features

Since Google Pay is not a classical payment method, but a digital wallet, the supported features depend on the payment means, that are used.

Furthermore, the merchant can only accept payment methods, that are activated on the specified terminal Id.

The payment means within the wallet are then processed via the normal processors.

For example: If a card holder selects his Visa card, the card is then processed as such, through Google Pay as the wallet.

The exception to this rule is Mail Phone Order (MOTO). Google Pay does not support MOTO transactions.

Google Pay does not support the integration via iFrame.

Only Visa/V PAY, Mastercard and American Express are supported through Google Pay at this point.

Supported Google Pay Features

Within Google Pay itself, Saferpay Supports the following featureset:

FeatureVia Payment PageVia Server-To-Server

Pay with Cryptogram

Pay with PAN only

3-D Secure

(Cryptogram/PAN only)

✅/✅

✅/✅

The Difference between PAN only and Cryptogram lies in the way authentication/3D Secure is handled:

PAN Only: 3DS/Authentication is handled through Saferpay in the usual way.

Cryptogram: Authentication is handled by the device, e.g. by using the devices fingerprint sensor. This is limited to Android devices, using the Google Chrome browser! All other devices and browsers will always chose PAN Only!

While the Saferpay Payment Page handles both cases automatically, the Server-To-Server method of integration needs special attention during implementation, in order to handle both cases correctly.

Activation

The activation of Google Pay for your Saferpay account, be it live, or on the test-environment, requires next to no effort and can be done in a matter of seconds.

However, there are two options available to you, that represent the two integration methods available to you.

Payment Page

The first option represents the integration through our Payment Page and is the easiest way of using Google Pay.

Business

The second option represents the integration through our transaction interface, also called a Server-to-Server integration, which requires more effort, but also offers more flexibility on your end.

You have to decide first, which option you want to use -you can use both, if you want- and then proceed to the activation itself:

1 - First step is to log into the Saferpay Backoffice, there you have to navigate to the Settings tab and click on Payment Means / Terminals.

2 - Next, select the e-Commerce, or Secure PayGate terminal on which you want to activate Google Pay.

3 - Navigate to the Wallets section, there you will find Google Pay.

4 - Activate Google Pay either for the Payment Page, or for the server to server Business flow.

If you are on the Test-Environment, please always use the Google Pay Simulator!

5 - You will be prompted with a message, to confirm your choice. Click Activate, to activate Google Pay.

6 - And you are done! Google Pay is now available for you on your Saferpay Terminal.

Integration

The general integration of Google Pay can only be done via the Payment Page, or via server-to-server communication and requires the following things to be noted:

  • Google Pay is only available with SpecVersion 1.25 or higher.

  • The notification URLs, inside theNotification conatiner are mandatory, in order to avoid missing payment successes. See the Payment Page process for further information.

  • Google Pay does not support the usage of the Address Form, used by the Payment Page! However you can acquire the address saved inside the wallet itself, e.g. for an Express Checkout.

  • The Condition parameter does only work for "PAN only" transactions.

Payment Page

The Payment Page Integration follows the normal flow and Guidelines, as described here. The handling of all Google Pay related aspects -calling the Google Pay API , displaying information, 3-D Secure etc.- will be done by the Payment Page automatically and thus is none of your concern!

However there are some optional features, you can implement, outside of the normal Payment Page flow.

Direct pre-selection

If you want to directly select Google Pay, you have to use the parameter Wallets within the PaymentPage Initialize request!

{
    "RequestHeader": {
        "SpecVersion": "[CURRENT SPECVERSION]",
        "CustomerId": "[YOUR CUSTOMERID]",
        "RequestId": "[YOUR REQUESTID]",
        "RetryIndicator": 0,
        "ClientInfo": {
            "ShopInfo": "My Shop",
            "OsInfo": "Windows Server 2016"
        }
    },
    "TerminalId": "[YOUR TERMINAL]",
    "Payment": {
        "Amount": {
            "Value": "12345",
            "CurrencyCode": "EUR"
        },
        "OrderId": 123,
        "Description": "Test Order #123"
    },
    "Wallets": [
        "GOOGLEPAY"
    ],
    "PaymentMethods": [
        "VISA",
        "MASTERCARD"
    ],
    "ReturnUrls": {
        "Success": "[YOUR URL]",
        "Fail": "[YOUR URL]",
        "Abort": "[YOUR URL]"
    },
}

Due to restrictions from Google, Saferpay is not allowed to also directly select Google Pay! If you use this method, Google Pay will be displayed on the Payment Page, with the user having to select it.

If you are using PaymentMethods, you must also submit Wallets, if you want Google Pay to be displayed. Also, if you are just submitting one payment method, the Payment Page will still directly jump to the card entry form, skipping Google Pay.

If you are using Wallets alongside PaymentMethods, you can limit the brands which your customers can use. However, note that the Payment Page also will display the given brands as dedicated payment methods, so the customer might pay this way instead of using Google Pay.

Google Pay Server-to-Server

Saferpay also offers the option for you to integrate Google Pay directly into your application. This allows a more integrated and seamless solution, as it does not require the usage of the payment page.

Make sure, that you have activated Google Pay for Business, as mentioned under Activation.

Please follow the following steps, in order to directly integrate Google Pay.

1 - Google Pay Integration

It is important to know, that, at this stage, you are directly integrating the Google Pay Widget here and not Saferpay. Google Pay covers the gathering of your clients account data, while Saferpay will use it to create a transaction.

This also means, that your integration underlies all the terms and conditions, rules and guidelines, defined by Google!

Furthermore, please read the following guidelines and documentation:

For Web-Integration:

For Android:

Google has an extensive documentation on how to achieve it for different use cases. For example a normal web-checkout, but other integrations, like Android-Apps are also possible.

Which integration-method you chose is up to you.

However, the one thing to take note of is to define the correct Payment Gateway, so Saferpay may process your clients data. Google already provides a code example, that has to be edited in the following way:

Javascript/Web

const tokenizationSpecification = {
  type: 'PAYMENT_GATEWAY',
  parameters: {
    'gateway': 'worldlinesaferpay',
    'gatewayMerchantId': 'YOUR_TERMINAL_ID'
  }
};

Java/Android

private static JSONObject getGatewayTokenizationSpecification() throws JSONException {
    return new JSONObject() {{
      put("type", "PAYMENT_GATEWAY");
      put("parameters", new JSONObject() {{
        put("gateway", "worldlinesaferpay");
        put("gatewayMerchantId", "YOUR_TERMINAL_ID");
      }});
    }};
  }

Set the gateway to worldlinesaferpay and the gatewayMerchantId to the terminalId of the terminal, you have activated Google Pay on.

Once done, you can proceed to integrate Google Pay with Saferpay.

The important thing is, that you have to integrate Google Pay to the point, where you gather the Google Pay Payment Token which then needs to be passed to Saferpay.

2 - Submitting the token to Saferpay

Once you have the token, you need to submit it to the Saferpay payment gateway. In order to do so, you first need to pass the token to your backend, so it may be used in a server-to-server request.

How you do this, is up to you. You could use a normal POST, an AJAX-method, or other means to do so.

However never integrate the server-to-server communication to Saferpay on client-side, as it requires the Saferpay API credentials to be present. These could be extracted at this point, allowing an attacker easy access to your account!

Especially in case of mobile APPs, we recommend a Client-Server modell, as described here.

Never store sensitive Data and Credentials on client-side!

This is done via the Transaction Interface, however the process is a little diffrent in the beginning.

Google Pay can follow two basic flows, being PAN only and a payment using a cryptogram. The latter is limited to android-devices, using the chrome browser, however there is one major difference between these two, that you must take into account, when integrating Google Pay through the Transaction Interface.

However, before it comes to that, you must submit the payment token to Saferpay, which is easily done, by putting it into the PaymentMeans.GooglePay.PaymentToken parameter, with the Transaction Initialize request.

Do not de-serialize the token as JSON. It must be passed as a string as is.

Saferpay takes the token, analyzes it and, depending on which of the two above methods has been chosen, one of the two results can occour:

2-A: PAN only

In this mode, Google Pay only prvides the payment means to Saferpay. From here on, the transaction behaves like any other transaction done via the Transaction Interface, so you can go to the Transaction Initialize response within the Transaction Interface flow and continue from there.

2-B: Cryptogram

This is, where things can deviate from the standard flow. The difference between A and B lies within 3D Secure. While A does 3D Secure like any other transaction, on Android devices, Google Pay takes advantage of the integrated biometric functions (e.g. the finger-print sensor), in order to perform 3D Secure on the device. This makes the redirect, to Saferpay to perform 3D Secure, rather pointless.

To reflect this, you'll get the following Transaction Initialize response:

{
  "ResponseHeader": {
    "SpecVersion": "[current Spec-Version]",
    "RequestId": "[your request id]"
  },
  "Token": "234uhfh78234hlasdfh8234e",
  "Expiration": "2015-01-30T12:45:22.258+01:00",
  "LiabilityShift": true,
  "RedirectRequired": false,
}

The interesting part is the RedirectRequired parameter. If a cryptogram has been detected, this parameter will return false, indicating, that you can skip the redirect. Simply do so, by continuing Step #4 - Transaction Authorize Transaction Interface flow.

The transaction will then behave like any other transaction, that has been initiated by the Transaction Interface.

There are two exception to this.

  1. If you have Dynamic Currency Conversion enabled on your terminalId, then the redirect will be still required, as this feature is executed on Saferpay-side.

  2. If 3D Secure AND Dynamic Currency Conversion are both disabled on your terminalId, 2-A will also show RedirectRequired: false!

Testing

Simply activate Google Pay for your terminal on the test environment (see Activation). That will take care of everything necessary for the Payment Page. Google Pay on the Payment Page also supports

For the Server-to-Server method, you can use our normal test cards in conjunction with our Google Pay Token generator, in order to test GooglePay Server-To-Server, using the normal test-cases, our cards offer you. The generated payment tokens just simply have to be submitted to Saferpay, as described above.

Last updated