Integration of Google Pay into your app or website is a great way to make checkout easier and faster for your customers. You can also modify the payment methods that Google Pay provides at checkout.
This post guides you to configure the accepted payment methods for your Google Pay integration. We explore the range of options, along with card networks, authentication methods, and card types. You can learn how to select the best configuration to meet your business requirements and maximize security for you and your customers.
You can set up the Google Pay API to only allow certain card types to be accepted by setting the CardParameters. You need to configure the following:
Authentication Methods: Select how to authenticate cards from the following:
Card Networks: Choose card networks that you can accept. AMEX, DISCOVER, INTERAC, JCB, MASTERCARD, and VISA are the supported networks.
Note for Brazil: To offer support for tokenized debit or credit combo cards, thecountryCode
inTransactionInfo
must beBR
and specify both the credit and debit networks in the request.
The following networks are supported:
Card Types (optional): You can choose to allow or disallow prepaid cards and credit cards.
Assurance Details (optional): You can choose to request information about the validation performed on the returned payment data. As a best practice, we recommend you to request assurance details to distinguish between a Funding Primary Account Number (FPAN) and a Device Primary Account Number (DPAN). DPAN is a tokenized version of the FPAN used in mobile payments or digital wallets to help prevent fraud and credit card number exposure.
Authentication Methods: PAN_ONLY
is the most widely supported option, but CRYPTOGRAM_3DS
provides superior security and can qualify for liability shift with certain card networks. It's highly recommended to enable both authentication methods. Make sure to check authentication options with your processor to see which ones are supported.
Important: Make sure that your existing risk checks and controls for payment transactions are also applied to Google Pay FPAN transactions identified with assurance details. Google Pay validation and fraud checks aren't intended to replace your risk management processes. For more information, refer to When to step-up your Google Pay transactions as a PSP.
Card Networks: Your choices depend on your payment processor's capabilities. Make sure that you support the networks that align with your processing setup.
Card Types: If you've specific business requirements to exclude prepaid or credit cards, use the respective options to control their acceptance.
Assurance Details: If you want assurance details, then you can get information on the account verification and the cardholder authentication. If both are true, you don’t have to step up the returned credentials.
Important: If both aren't true, we recommend you to run the same risk checks and authentication checks along with 3D secure flow if applicable.
Billing Address: It depends on your business requirement which billing address fields you want to return in the response. However, to reduce user friction and drive most user conversions (incremental sales), we recommend you to only request what is necessary.
Following is the example for CardParameters configuration. You can use values that meet your business requirements.
{
"allowedPaymentMethods": [
{
"type": "CARD",
"parameters": {
"allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX"],
"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
"allowPrepaidCards": true,
"allowCreditCards": true,
"assuranceDetailsRequired": true,
}
}
]
}
Note: This is a simplified example. Consult the Google Pay API documentation for the specific implementation details for your chosen platform (Android or web).
Two new optional properties, allowedIssuerCountryCodes
and blockedIssuerCountryCodes
will be added to the CardParameters object. Both properties will accept a list of strings that contains ISO 3166-1 alpha-2 country codes. These properties will be available for testing by the end of the year.
These properties are applicable in PaymentDataRequest, IsReadyToPayRequest, and create button APIs on Android and web.
The two properties will be mutually exclusive, so only one can be set at a time. If neither property is specified, Google Pay users can select valid card payment methods issued by issuers from any region.
Google Pay users will be restricted to select card payment methods for cards issued by issuers based either in one of the regions specified by the allowedIssuerCountryCodes
allowlist or not in any of the regions specified by the blockedIssuerCountryCodes
blocklist. If a card isn't issued in the allowed countries, the card will be grayed out with a message Not accepted here on the Google Pay paysheet.
Following is an example of allowedPaymentMethods
configuration with the new allowedIssuerCountryCodes
property specified.
{
"allowedPaymentMethods": [
{
"type": "CARD",
"parameters": {
"allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX"],
"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
"allowedIssuerCountryCodes": ["US", "CA"],
"allowPrepaidCards": true,
"allowCreditCards": true,
"assuranceDetailsRequired": true,
}
}
]
}
You can optimize your Google Pay integration for security, convenience, and business requirements with careful configuration of your accepted payment methods.
For more assistance with your implementation, sign in to the Google Pay & Wallet Console to create a support ticket. In addition, you can join the developer community in the #payments channel on Discord.
This article is written with AI-assistance from Gemini.