Stay organized with collections
Save and categorize content based on your preferences.
Strong Customer Authentication
To enable Google Pay to return appropriate payment credentials for transactions subject to Strong
Customer Authentication (SCA), you might need to update your implementation.
If you've completed a Google Pay API V2 integration, the following changes are required.
Update your PaymentDataRequest object
Update your PaymentDataRequest object with the following properties:
An authenticated payload that can be processed without any further step-up or challenge.
A PAN that requires 3D Secure 2.0 through a solution provided in-house or through
payment service provider partners (PSP)
Most of our PSP offer the ability to apply
appropriate instrument risk checks and step-up transactions. Where applicable, this includes 3D
Secure for Google Pay PAN PAN_ONLY transactions.
If you have an in-house risk management tool, use the
assuranceDetailsRequired
parameter to get more details about the transactions.
If
assuranceDetails.cardHolderAuthenticated
returns false, apply appropriate instrument risk checks and step-up transactions.
Where applicable, include 3D Secure.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eOnline payment transactions within the European Economic Area (EEA) must meet Strong Customer Authentication (SCA) requirements as defined by PSD2.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Pay API integrations need updates to support SCA, primarily by modifying the \u003ccode\u003ePaymentDataRequest\u003c/code\u003e object with details like merchant name, transaction country, and total price.\u003c/p\u003e\n"],["\u003cp\u003eMerchants will receive either an authenticated payload ready for processing or a PAN requiring 3D Secure 2.0 authentication via a chosen solution.\u003c/p\u003e\n"],["\u003cp\u003eWhen \u003ccode\u003eassuranceDetails.cardHolderAuthenticated\u003c/code\u003e is false, merchants should implement risk checks and potentially 3D Secure authentication for enhanced security.\u003c/p\u003e\n"]]],["To comply with Strong Customer Authentication (SCA) for European Economic Area transactions, update your Google Pay API implementation. Modify the `PaymentDataRequest` object by including `merchantName`, `countryCode`, and `totalPrice`. Merchants will receive either an authenticated payload or a `PAN` requiring 3D Secure 2.0. Use the `assuranceDetailsRequired` parameter for in-house risk tools, and check `cardHolderAuthenticated`; if false, apply risk checks and 3D Secure.\n"],null,["# SCA and Google Pay API\n\n| **Important:** Online payment transactions processed in European Economic Area (EEA) countries must comply with Strong Customer Authentication (SCA) requirements under the second Payment Services Directive (PSD2).\n\nStrong Customer Authentication\n------------------------------\n\n| **Note:** Previous versions of the Google Pay API don't support the following features. Make sure to use the latest version of the Google Pay API.\n\nTo enable Google Pay to return appropriate payment credentials for transactions subject to Strong\nCustomer Authentication (SCA), you might need to update your implementation.\n\nIf you've completed a Google Pay API V2 integration, the following changes are required.\n\n### Update your PaymentDataRequest object\n\nUpdate your `PaymentDataRequest` object with the following properties:\n\n- [`merchantInfo.merchantName`](/pay/api/android/reference/request-objects#MerchantInfo) : The merchant name is rendered in the payment sheet.\n- [`transactionInfo.countryCode`](/pay/api/android/reference/request-objects#TransactionInfo) : This indicates where the transaction is processed. You must specify the acquirer bank country.\n- [`transactionInfo.totalPrice`](/pay/api/android/reference/request-objects#TransactionInfo) : The total monetary value of the transaction, with an optional decimal precision of two decimal places.\n\n#### Updated PaymentDataRequest object example\n\nThe following is an example of an updated `PaymentDataRequest` object: \n\n```carbon\n{\n \"apiVersion\": 2,\n \"apiVersionMinor\": 0,\n \"merchantInfo\": {\n \"merchantName\": \"Example Merchant\"\n },\n \"allowedPaymentMethods\": [\n {\n \"type\": \"CARD\",\n \"parameters\": {\n \"allowedAuthMethods\": [\"PAN_ONLY\", \"CRYPTOGRAM_3DS\"],\n \"allowedCardNetworks\": [\"AMEX\", \"DISCOVER\", \"INTERAC\", \"JCB\", \"MASTERCARD\", \"VISA\"]\n },\n \"tokenizationSpecification\": {\n \"type\": \"PAYMENT_GATEWAY\",\n \"parameters\": {\n \"gateway\": \"example\",\n \"gatewayMerchantId\": \"exampleGatewayMerchantId\"\n }\n }\n }\n ],\n \"transactionInfo\": {\n \"totalPriceStatus\": \"FINAL\",\n \"totalPrice\": \"12.34\",\n \"countryCode\": \"GB\",\n \"currencyCode\": \"GBP\"\n }\n}\n```\n\nHandle the response object\n--------------------------\n\nMerchants receive one of the following:\n\n- An authenticated payload that can be processed without any further step-up or challenge.\n- A `PAN` that requires 3D Secure 2.0 through a solution provided in-house or through payment service provider partners (PSP)\n\nMost of our [PSP](/pay/api#participating-processors) offer the ability to apply\nappropriate instrument risk checks and step-up transactions. Where applicable, this includes 3D\nSecure for Google Pay PAN `PAN_ONLY` transactions.\n\nIf you have an in-house risk management tool, use the\n[assuranceDetailsRequired](/pay/api/android/reference/request-objects#CardParameters)\n\nparameter to get more details about the transactions.\n\nIf\n[assuranceDetails.cardHolderAuthenticated](/pay/api/android/reference/response-objects#assurance-details-specifications)\n\nreturns `false`, apply appropriate instrument risk checks and step-up transactions.\nWhere applicable, include 3D Secure."]]