Google Pay™
Google Pay allows customers to use any payment method saved in their Google account. When selected, Google provides a secure payment token that replaces card details, giving customers a safe and convenient way to pay.
Prerequisites
Merchant OnBoarding
- Merchants who wish to accept Google Pay must request their acquiring bank to enable Google Pay as a payment method. For assistance with this merchants can also contact our support team on assist@iveri.com.
- Upon enablement, merchants must login to their Backoffice portal account, and accept "Google Pay Terms by clicking “I have seen this notification”
- By using Google Pay, merchants must adhere to Google policies as outlined on Google Pay Web brand guidelines, Google Pay and Wallet API’s Acceptable Use Policy and accepts Google Pay API Terms of Service
Supported cards brands and countries
Card Networks
Our integration with Google Pay allows for the acceptance of Visa, MC, Diners, and Amex payment networks. However, the enablement of each of these brand networks lies with the acquiring bank, and the merchant agreement.
Google Pay Acceptance by Country
Our integration with Google Pay is available through our acquiring partners in South Africa, Kenya Mauritius etc. For a complete list refer to our country mapping listed on https://www.iveri.com
Getting Started
Our integration with Google leverages the Google Pay hosted checkout solution. Merchants using this integration must comply with Google Pay Web brand guidelines and Google Pay and Wallet API Acceptable Use Policy
iVeri has implemented Google Pay authMethods - CRYPTOGRAM_3DS and PAN_ONLY.
CRYPTOGRAM_3DS option uses cards stored as tokens on Android devices . The returned payment details include a 3D Secure cryptogram generated by the device. While PAN_ONLY applies to payment cards saved in the customer’s Google Account. The latter requires 3D secure which we do support. The payment details allow for payment processing, ensuring a streamlined and secure experience.
With this implementation, merchants connecting to the iVeri Gateway will utilize JavaScript, HTML, and JSON within their web appplication to initialize Google Pay and process payments using tokenized card data.
To implement Google Pay with iVeri Enterprise, merchants must adhere to the following Content Security Policy (CPS)
No Inline Script
- Where: In your HTML files.
- Purpose: CSP can block inline <script> tags and onclick attributes because they are common XSS vectors. Instead, use external JavaScript files or event listeners added via JS.
No Inline Styles
- Where: In your HTML files.
- Purpose: Like scripts, inline styles (style="...") can be blocked by CSP. Use external CSS files or class-based styling.
No JavaScript eval
- Where: In your JavaScript code.
- Purpose: eval () and similar functions (Function (), setTimeout with string arguments) are dangerous because they execute arbitrary code. CSP can disallow them via unsafe-eval directive.
Unique Nonce Generated for Each Request
- Where: In the CSP header.
- Purpose: A nonce is a random value added to the CSP header and to specific <script> tags. This allows
Initialization and triggering of Google Pay
Add Google Pay and iVeri GooglePay JS scripts in the <head> tag
Loads the iVeri Google Pay integration script from the iVeri portal endpoint inthe test environment. For real or production transactions, merchants should refer to the iVeri portal endpoint by acquiring partner.
Create an instance & instantiates the Google Pay handler
Instantiates the Google Pay handler and define merchant specific parameters
- ApplicationID: Unique identifier for merchant applicationID. The Gateway uses the applicationID to retrieve merchant specific configuration such as allowedCardNetworks, merchantID, merchant name, sets the corresponding values in Google Pay
- Amount: Transaction amount in cents (1000 = ZAR 10.00).
- Currency: ISO currency code (ZAR for South African Rand). The currency used will depend on the merchant’s account configuration and the acquiring partner that manages the merchant agreement
- MerchantReference: Unique merchant specific transaction reference
Initialize Google Pay Handler
Portal Domain: Backend endpoint for configuration and processing.
Callback: A merchant specific function that handles a JSON response containing tokenised payment data returnedby the iVeri Gateway
Render Google Pay Button
The container <div> is where the Google Pay button will be rendered by the script . Merchants must adhere to Google Pay Web brand guidelines
iVeri Gateway response Handling
Tokenized payment data will be retuned to the merchant along with 3D Secure Data in JSON.
- CardNumber: Sanitized PAN/Card number, first 4 & last 4
- Card Expiry: the expiry date of the card
- TransactionIndex: Unique identifier that can be used to make tokenized payments and link a series of related transactions
- ThreeeDSecureData: 3DS Reference list on https://www.iveri.com/docs/enterprise-developer-guide-58#3d-secure-1404-0
Post Payment for Processing
Submit transactions using the tokenized payment data on [portal domain]/api/transactions
Payment processing with tokenized payment data and 3D secure data
- Payment instruction (Command) can either be a Debit or Authorisation
Test and GO LIVE
During integration testing stage merchants must use:
- Use Google Pay test suite
- Use Test ApplicationID on the GooglePayHandler
- Use MODE TEST when posting paymets on the /api/transaction
To Go LIVE merchants must update the following areas:
- Replace Test ApplicationID with a LIVE applicationID
- In the initialization of GooglePayHandler, replace the ApplicationID test value with a LIVE applicationID value. This ensures that the iVeri Google Pay JS uses the correct environment and enables Google Pay to operate in production mode.
- Change MODE: TEST to LIVE
- Ensure parameter "MODE" is set to "LIVE" instead of "TEST". This signals iVeri Gateway to process real transactions.