• Developers
  • Reporting
  • Disputes
  • Contact us
  • Log in

Main Navigation

  • Account

      Account

        • Customer docs & pricing

          Find important documents such as our Terms of Service and Merchant Operating Instructions, as well as more information on things like Stored Credential Transactions and the Account Updater Service

        • Compliance & security

          For more information on Strong Customer Authentication, PCI Compliance, and fraud prevention best practices

        • Stationery ordering

          Order your tally rolls, card scheme logo stickers, and more

        • FAQs

          Our FAQs can help you with queries including pricing changes, cleaning and restarting your terminals, and Multi-Factor Authentication

  • Products

      Products

        • POS help
        • Ecommerce help
        • Bank Payment
  • Insights
  • Trending Articles
Sign up
Search

Main Navigation

  • Account
      Account

      Account

    • Customer docs & pricing
    • Compliance & security
    • Stationery ordering
    • FAQs
  • Products
      Products

      Products

    • POS help
    • Ecommerce help
    • Bank Payment
  • Insights
  • Trending Articles
    • Developers
    • Reporting
    • Disputes
    • Contact us
    • Log in
    Sign up /en-gb/sitecore/content/gpn/corporate/corporate/home/modals/signup-homepage

Sidebar Navigation

  • Account -
    • FAQs +
      • Pricing frequently asked questions +
      • PCI Frequently asked questions +
      • Best practice for cleaning your POS device(s) +
      • Terminal restart guide +
      • CNP FAQs - resubmitting declined transactions +
      • Multi-Factor Authentication for Global Payments Ecommerce Portal +
      • Ecommerce FAQs +
      • Bank Payment FAQs +
      • Your invoice explained +
      • How do I make a complaint +
    • Customer Docs & Pricing +
      • Terms of Service +
      • Merchant Operating Instructions +
      • Interchange fee update +
      • Recovered card form +
      • Mastercard and Visa Interchange rates +
      • Merchant Data Processing Notice +
      • Enhanced Authorisation Data Service merchant implementation guide +
      • Stored Credential Guide +
      • SCT Technical Implementation Guide +
      • SCT Decision Tree +
      • Account Updater Service +
      • Account Updater migration to UK Ensurebill +
    • Compliance & Security -
      • Ecommerce fraud management +
      • Know the risks +
      • Online Card Not Present Best Practices +
      • Fraud Hints and Tips Guide +
      • Reducing Risk of Fraud Guide +
      • Guide to Patching +
      • Know the risks +
      • What To Do If You're Compromised +
      • PCI Frequently asked questions +
      • SCA -
        • One-off payments without saving card details
        • One-click payments without saving card details
        • Card saved for recurring, automatic payments
        • Payment over the phone (MO/TO)
        • What Do I Need to Do to Be SCA Compliant?
        • PSD2 and SCA Technical Information Guide
        • Strong Customer Authentication Decision Tree
        • How to use the Strong Customer Authentication (SCA) Authentication Outage Indicator
    • Stationery ordering +
    • How do I understand my invoice? +
  • Products +
    • Point of Sale Help +
      • Quick Start Guide Miura M10 Device +
      • Quickstart Guide Miura M20 Device +
    • Ecommerce Help +
      • Transaction management +
      • Customer management +
      • Fraud Management +
      • Resetting your password +
      • Virtual Terminal +
      • Ecommerce portal navigation +
      • User Management +
      • Transaction reporting +
      • Ecommerce FAQs +
    • Bank Payment +
      • Bank Payment FAQs +
      • Bank Payment sales sheet +
  1. Home
  2. Account
  3. Compliance & Security
  4. SCA
  5. One-click payments without saving card details
Last updated 01/31/2023
2 Min Read Time

One-click payments without saving card details

Payment where card is saved for the future one-click payments

Customers are charged while they’re on-session, and card details are saved for future one-click payments. Payments are made by the registered returning customers. After the first purchase, a customer can pay with a single click only. For example:

Deposit top up on gaming website.

Regular online grocery shopping.


What is Best Practice for SCA for me?

The purpose of SCA is to ensure that only the legitimate cardholder can make payments. The approach to achieving this follows two principals:

  1. Collecting good quality information to establish that the Cardholder is the person making the payment.
  2. Using Strong Authentication (e.g. 2 Factor Authentication) where necessary to verify the cardholder.

As such, best practice for you means using 3DS2 to give the Issuer of the card good quality information and facilitating the challenge for 2 factor authentication when requested.

In the case of ECOM payments, our advice is to use 3DS2, a fully SCA compliant authentication protocol, for every transaction. By doing so, you give the Issuer the maximum amount of information possible. The Issuer then can decide to approve the transaction (frictionless) or to challenge the cardholder with SCA, for example a One Time Password sent by SMS to their phone.

Where authentication via 3DS2 is not available, we recommend using 3DS1.

In order to give the Issuer as much insight into the circumstances of the payments as possible, when processing a payment on a stored card it should be flagged as “Credential on File” to indicate to the Issuer that the card has been stored.

For the Initial payment, our recommendation for the flow of the payment is:

  1. Authenticate the cardholder using 3DS2. This will give the Issuer enough information to verify that the cardholder really is the person initiating the payment.
  2. Authorise the card. This transaction should be processed with the appropriate “Credential on File” flags. This transaction could be for a zero value amount if this is supported by your acquirer.
  3. Store the card. When the card has been successfully authorised the card should be stored.

For any Future payments on the stored card, our recommendation for the flow of the payment is:

  1. Authenticate with 3DS2
  2. Authorise with the appropriate “Credential on File” flags.

Can I use Exemptions, to avoid challenging my customer?

For a transaction meeting certain criteria, for example a low value transaction, there are two potential ways an exemption may be applied.

  1. An Issuer, based on the good quality information you supply, and exemption criteria being met (in this example the low value), may apply an Issuer exemption and allow the transaction to flow through without a challenge (frictionless).
  2. Your Acquirer, based on a request by you, may request an exemption (in this case the low value exemption) to bypass SCA. If the Issuer accepts the request for the Acquirer exemption, there will be no challenge to the cardholder (frictionless). If the Issuer declines, the transaction will have to be processed again using 3DS2.

Which solution do you use?

If you need help identifying your integration type please contact us.

HPP

I store cards with GP ecom and take payments online via our website / app, which is integrated to GP ecom via HPP, what do I need to do?

  1. Review the payment flow.
  2. You may need to alter the flow that customer goes through when they first store their credentials, i.e. authenticate, authorise, store card.
  3. Make a change to your HPP integration to ensure all of your transactions are processed with SCA.
  4. The purpose of these changes is to supply the Issuer with all the information they may need in order to verify the cardholder. HPP will automatically facilitate a challenge to the cardholder if required.
    HPP 3DS2 documentation is available here: 3D Secure - Version 2 (SCA)
  5. HPP can support both 3DS2 and 3DS1 simultaneously and should 3DS2 be unavailable, HPP will dynamically route transactions through 3DS1, meaning you don’t need to implement any logic around this.
  6. HPP will automatically include the correct “Credential on File” flags on your behalf, meaning this will require no work by you.

API

I store cards with GP ecom and take payments online via our website / app, which is integrated to GP ecom via API, what do I need to do?

  1. Review the payment flow.
  2. You may need to alter the flow that customer goes through when they first store their credentials, i.e. authenticate, authorise, store card.
  3. Integrate into our new 3DS2 service to ensure all of your transactions are processed with SCA.
  4. The purpose of 3DS2 is to supply the Issuer with all the information they may need in order to verify the cardholder, and facilitate a challenge to the cardholder if required.
  5. API 3DS2 documentation is available here.
    Where 3DS2 is unavailable 3DS1 should be used. The API 3DS1 documentation is available here.
  6. Ensure the Credential on File flagging notifies the Issuer that the authorisations are on a stored card.
  7. For the Initial Authorisation, it should include "Credential on File" flags meaning the card will be stored. As the cardholder is present at the time of authorisation it should also be flagged that is "Customer Initiated" and as “First” as it is the first authorisation on this card.
  8. For Future Authorisations, it should similarly include “Credential on File” flags as the card details are stored. As the cardholder is present at the time of authorisation it should also be flagged as “Customer Initiated" and indeed as "Subsequent” (not the first) transaction. 

Credential on File documentation is available here. COMING SOON


Who is Liable in the event of a dispute?

Liability for fraud related chargebacks, passes to the card Issuer when an SCA challenge occurs.
Where the Issuer decides to approve the transaction either frictionlessly with an Issuer exemption, or with a challenge, the Issuer is accepting liability. This means any fraud related chargebacks should not be billed to you.


What if I requested an Exemption?

If a transaction is processed frictionlessly following a request by you for an Acquirer exemption to 3DS2, you should note that you are accepting liability for the transaction. This means any fraud related chargebacks which occur on exempt transactions will likely be billed to you.



  • Account
  • Products
  • Customer Docs & Pricing
  • Compliance & Security
  • Industry news
  • Trending articles
  • Notices and Policies
  • Sitemap

Already a customer?

Log in

Connect

  • LinkedIn
  • Twitter
  • Facebook
  • YouTube
{D6036E8F-C9A1-420D-AEC3-5680EC9FBE35}
 

Global Payments is a trading name of GPUK LLP. GPUK LLP is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (504290) for the provision of payment services and under the Consumer Credit Act (714439) for the undertaking of terminal rental agreements. GPUK LLP is a limited liability partnership registered in England with company number OC337146. Registered Office: Granite House, Granite Way, Syston, Leicester, LE7 1PL. The members are Global Payments U.K. Limited and Global Payments U.K. 2 Limited. Service of any documents relating to the business will be effective if served at the Registered Office.

Global Payments is also a trading name of Pay and Shop Limited. Pay and Shop Limited is a limited company registered in Ireland with company number 324929. Registered Office: The Observatory, 7-11 Sir John Rogerson's Quay, Dublin 2, Ireland. Service of any documents relating to the business will be effective if served at the Registered Office.

© 2023 GPUK LLP. All rights reserved. Privacy Statement | Terms of Use  | Ethics Reporting Hotline | Gender Pay Report  | Anti Slavery Statement