Google Pay

A digital wallet for payments through a Google Account, Google Play, Chrome, YouTube, or in-app using an Android device

Google PayTM offers consumers a convenient and secure mobile payment method for shopping online, in-app, or in physical stores.

Enhanced security is an attractive feature for consumers. They do not have to share card data with merchants when using Google Pay. When registering their cards with Google Pay, their payment information is encrypted and stored on Google’s secure servers. Google Pay’s screen lock requirement for making purchases deters theft of payment credentials. If a consumer loses his or her phone, the payment information can be cancelled remotely.

Mobile payments also reduce friction for consumers by removing the need to manually enter their card data each time.

For merchants, Google Pay offers increased risk mitigation and higher completion rates for customer transactions.

Hundreds of millions of consumers use Google Pay today, and mobile payments continue to grow in adoption. Consumers can use any credit or debit card saved to their Google Account, inclusive of Google Play, Chrome, YouTube, or in-app using an Android device.

*Stores must have NFC enabled POS terminals to accept Google Pay.

Source for Google Pay-specific content on this page is from www.pay.google.com

Customer Experience

When a Google Pay customer opts to make a payment or purchase with Google Pay online or in-app, the customer clicks a “Buy with Google Pay” button, and Google Pay displays a payment sheet, which the customer will use to select their preferred card payment method.

Customers must be logged into their Google accounts and have at least one valid payment method registered with Google Pay.

If a merchant uses Google’s isReadytoPay API prior to rendering payment, Google Pay will only appear as a payment option to the merchant’s customers when available per the merchant’s specifications. For example, a merchant may choose to render the Buy with Google Pay button only if a potential customer resides within a particular country or has a specific card type.

Compatibility

Card Types: Currently, Visa, MasterCard, Discover, and American Express are accepted, in addition to several international brands.

*For processing Account Funding (pull) and original credit transfers (push), only Visa, MasterCard, and Discover are accepted. Countries: Google Pay TM is available in the following countries and accessibility will vary depending on whether the customer is using a card associated with a Google Account or a card on an Android device. Countries Supporting Google Pay

*For processing account funding transfers (pull) and original credit transfers (push) with TabaPay, countries must be set to the US. TabaPay supports USD txns in the US.

Browsers: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Opera, or UCWeb UC

TabaPay integration with Google Pay

Tabapay offers merchants an easy integration with Google Pay both for online and in-app account funding and credit transfer payments. Processing Google Pay transactions is a supported payment option through TabaPay’s Create Transaction API service.

For merchants who are PCI Level 1 certified and coding directly with Google Pay, payment tokens can be decrypted and repackaged by the merchant before sending to TabaPay for processing.

For merchants who are not certified or do not want to detokenize Google Pay transactions, the encrypted blob can be sent to TabaPay for both decryption and processing. Merchants are not exposed to PCI Scope for obtaining the Google Pay token.

Pricing

There are no incremental fees for Google Pay decryption and processing through TabaPay.

Registration with Google and TabaPay

  1. Read the Branding Guidelines. Google Pay payment buttons need to adhere to Google’s brand guidelines on size, contrast and spacing. Please visit the following sites for more information on branding specifications for Apps and Web formats.
  2. Read the Android Integration Checklist and/or Web Integration Checklist
  3. Request production access from Google to obtain a Google merchant ID here Deploy production environment guidelines.
  4. Agree to Google's terms of service Contact TabaPay at [email protected] to have Google Pay enabled on your account.

Payment Transaction Flow

When the merchant’s customer selects a payment method through Google Pay to use to complete a purchase or payment, submitting that payment request triggers the following steps:

  1. The client application connects to the Google server with gateway ID tabapay and gateway merchant ID (an alpha character followed by the TabaPay Client ID).
  2. The client receives encrypted payment token data in JSON format from Google.
  3. The client creates a Create Transaction API request and sends to TabaPay.
  4. TabaPay decrypts the payment token, validates the GatewayMerchantID, formats and submits the payload for processing as a mobile transaction.
  5. TabaPay submits a response back to the client.
  6. The client receives the success or failure response and prompts the customer accordingly.

Merchant Instructions for Integrating with Google PayTM

First, integrate with Google to support the Google Pay API, using the following developers guides for a Web or Android application integration.

Refer to Step 2 in the Google Pay Integration Tutorial for information on setting up your payment tokenization method.

When choosing a payment tokenization method, choose Gateway. In the Parameters object, set the gateway field to “tabapay” all lowercase as your gateway. Your TabaPay ClientID with a unique alpha identifier will be plugged into the gatewayMerchantID field.

Example of Web Version

"tokenizationSpecification": {
    "type": "PAYMENT_GATEWAY",
    "parameters": {
    "gateway": "tabapay",
    "gatewayMerchantId": "ALPHAIDENTIFIER_YOUR_CLIENT_ID"
    }
}

Creating a Google Pay Transaction

Once a consumer clicks the Google Pay button in your application, the action triggers a PaymentDataRequest to Google.

The PaymentMethod->tokenizationSpecification JSON object within that PaymentDataRequest will be used to identify TabaPay as your gateway.

Google will reply with a PaymentData Response object which includes the encrypted payload (token).
*In order to process Production tokens, you must be enabled with Google Pay.

When you submit a payment data request to the Google API, be sure to include the following parameters:

allowedCardMethods: specify both PAN_ONLY and CRYPTOGRAM_3DS allowedCardNetworks: specify Visa, MasterCard, and Discover (for TabaPay) allowPrepaidCards: optional true/false assuranceDetailsRequired: optional true/false

Note that a PAN_Only transaction only includes card number, expiration date, and card security code. It is deemed higher risk by issuers in comparison to a CRYPTOGRAM_3DS transaction, which is verified with a network token.

Billing Address Requirements

It is recommended to Set BillingAddressRequired to “True” in your Google PayTM Request Object within the Card Parameters. You can choose between MIN and FULL.

If you do not request a billing address through Google Pay, a billing address is still required for processing. You can alternatively use an address you have on file. It is recommended to always require a billing address through Google Pay, and compare it with your address on file.

*Note that shipping address cannot be substituted for a billing address.

Address Response Info received in your Address Response Object from Google Pay should be used to populate the corresponding Create Transaction API Address fields in your request to TabaPay.

  • Note that Address3, AdministrativeArea, and SortingCode fields in Google Pay are not supported by TabaPay. Any information sent for these fields will be dropped.

Sending Google Pay Transaction Request to TabaPay

Steps to create the blob field

    Do not alter the payload in any way (no whitespace, newlines, etc.)
    Take the entire unaltered payload and preform a URL-safe, base-64 encoding.
    Remove the “=” padding, should these characters exist in the encoding.
    Take the entire base-64 encoded payload and place it in the “blob” field

Additionally, include billing address info in the “location” object, currency, amount, softDescriptor

{
    "referenceID": "1",
    "type": "pull",
    "accounts":
    {
        "sourceAccount":
        {
            "card":
            {
                "id": "GooglePay",
                "blob": " {\"signature\":\"MEUCIQ... " ,
            },
            "owner":
            {
                "name":
                {
                    "first": "John",
                    "last": "Benson"
                },
                "address":
                {
                    "line1": "465 Fairchild Drive",
                    "line2": "Suite #222",
                    "city": "Mouontain View",
                    "state": "CA",
                    "zipcode": "94043"
                },
            }
        },
        "destinationAccountID": "Tabapay_AccountID_22-c"
    },
    "amount": "0.10"
}
                
Response Object Example
{
    "SC": 200,
    "EC": "0",
    "transactionID": "TabaPay_TransactionID_",
    "network": "Visa",
    "networkRC": "00",
    "status": "COMPLETED",
    "approvalCode": "000000"
}

Google Pay Error Codes

Invalid GooglePay Token, Corrupt Google Pay Signature, Expired Google Pay Token

Fraud Mitigation

Google Pay can help significantly reduce instances of fraud. It does so in various ways:

Fingerprint authentication for enhanced security during the payment process. Passcodes are used if a fingerprint ID is not available.

Google Pay generates a virtual account number for cards on file and transaction processing to protect the card and consumer information. The card data is tokenized.

AssuranceDetails provide additional information on authentication of the payment credentials returned in transactions processed through Google Pay. As Google notes to their direct customers, this is meant to be an add-on risk management service. It is not meant to replace your standard risk-based authentication methods, but the results can be used to trigger additional risk mitigation steps when needed.

Please note that Google Pay Cryptogram-3DS is unrelated to EMV 3DS and its associated liability shift. Merchants must follow standard card payment liability rules and chargeback policies.

References

Merchants using Google Pay must adhere to Google Pay APIs Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.

Android Merchants:
Google Pay Android Developer Documentation
Google Pay Android Integration Checklist
Google Pay Android Brand Guidelines

Web Merchants:
Google Pay Web Developer Documentation
Google Pay Web Integration Checklist
Google Pay Web Brand Guidelines