Google Secure Payment Authentication
Google Secure Payment Authentication (SPA) enables you to authenticate cardholders to comply with Strong Customer Authentication (SCA) requirements, including the revised Payment Services Directive (PSD2).
Cardholders complete biometric authentication directly from the merchant domain, using the Google web front end. This eliminates the need to redirect the cardholder to perform a 3D Secure (3DS) challenge. For example, the cardholder can authenticate the payment with their fingerprint instead of retrieving a one-time password externally.
Google SPA is available for payments performed using a Visa card on Google Chrome for Android.
After the initial authentication, the cardholder's payment credentials are bound to the device, enabling easy reuse for future transactions.
With Google SPA you benefit by:
- providing an enhanced user experience for your cardholders
- increasing your protection against fraud, as the cardholder must complete Strong Customer Authentication (SCA) to approve the transaction
- reducing your liability shift, as transactions benefit from the same fraud protection rules as DPAN transactions in Google Pay
Information
Electronic Commerce Indicator (ECI) value 05
will be applied to successful Visa transactions.
If you authenticate payments using our integrated authentication, you must specify the desired authentication experiences within your request. If the primary experience fails, you can retry using the alternative experience:
Checkout.com automatically routes the cardholder to a Google SPA or 3DS authentication experience, based on which is more likely to result in a successful completion. For the automatic routing to function, you must provide 3DS authentication data in all of your payment requests.
If the initial authentication experience fails or is declined by the customer, we automatically fall back to the alternative authentication experience to prevent a lost transaction.
If you host the payment page in an iframe, you must explicitly add payment permission to the iframe to allow payments to complete. Include the allow="payment *"
attribute in all parent frames:
1<iframe src="https://example.com" allow="payment *"></iframe>