Documentación

Integration: Google Pay™

Google Pay™ is a digital wallet platform and online payment system that powers in-app, tap-to-pay, and website purchases. It enables users to make payments online from the Web and with Android phones, tablets and watches. Because Google Pay represents a significantly different workflow than that used with traditional payment methods, it’s important to first understand how it works before integrating with DEUNA.

This guide assists in implementing the Google Pay Widget in your application, focusing on efficient payment processing and card management.

Suggest Edits

Prerequisites & Use cases

Before integrating Google Pay™ into your DEUNA account, ensure you have a Google Merchant ID.

Use cases

Key concepts

To purchase using a network token means that instead of transmitting a customer's actual card details (like the PAN or CVV), the payment is processed using a tokenized version of the card. This token is a unique identifier issued by the card network (e.g., Visa or Mastercard) and is specifically generated for secure and context-specific transactions.

The process involves securely replacing the actual card information with a token and often includes a dynamic cryptogram to further validate and secure the transaction. This method protects sensitive customer data while enabling smooth and secure payments.

What is a Network Token?

A network token is a secure, tokenized representation of a payment card issued by card networks like Visa, Mastercard, or American Express. It replaces sensitive card details (e.g., PAN and CVV) with a unique identifier designed for specific transactions, merchants, or devices.

The network token acts as a stand-in for the original card number, enabling secure transactions without exposing sensitive cardholder data. It is often paired with a cryptogram, a dynamic, transaction-specific security feature that further protects against fraud.

What is a Cryptogram?

A cryptogram is a dynamic, transaction-specific code generated during a payment transaction to authenticate and secure the process. It is typically used in tokenized payment systems, like those involving network tokens, to add an additional layer of security.

The cryptogram is created by the card network or issuing bank and is unique for each transaction, ensuring that even if intercepted, it cannot be reused by attackers. It is often transmitted alongside the network token and is validated by the card network to authorize the transaction.

Why is a Network Token More Secure?

1. Dynamic Security

  • Traditional payments use fixed PAN and CVV, which can be intercepted and reused.
  • Network tokens pair with a cryptogram, a one-time transaction-specific security code that cannot be reused if stolen.

2. Card Number Concealment

  • The original PAN is never exposed during transactions.
  • Even if data is intercepted, the tokenized representation is useless outside its intended context.

3. Revocability and Lifecycle Management

  • Tokens can be easily revoked or replaced without affecting the underlying card.
  • If a token is compromised, it is replaced without needing a new physical card.

How it works?

  • Tokenization:
    When a card is added to a digital wallet in this case Google Pay™, the card network replaces the PAN with a network token. The token is unique to the user, their device, and the merchant.
  • Purchase Process:
    • The customer initiates a purchase using their digital wallet (Google Pay™).
    • Instead of sharing the card's PAN, the network token and a dynamic cryptogram are sent through the Purchase API.
  • Secure Authorization:
    The card network uses the token to retrieve the underlying card information in a secure environment and authorizes the payment without ever exposing the original PAN during the process.

How Google Pay works with DEUNA

When a customer adds a credit or debit card to their Google Pay app, Google Pay requests a token, from the bank that issued that card, to represent the card being added. Once the token is issued, this card is now “tokenized,” meaning it has a unique identification number associated with it. Google Pay encrypts the newly tokenized card and it is ready to be used for payments. At the time of sale, Google Pay sends the customer’s tokenized card and a cryptogram, which acts as a one-time-use password used in the encryption process, to the merchant app along with basic transaction information. The next step, typically handled by the merchant app when using a traditional workflow without DEUNA, is to decrypt the payload from Google and send the payment token and related transaction information to a supporting processor. The token is sent to one of the few gateways that natively support Google Pay.

The overall transaction flow is very similar to the traditional Google Pay process. The only difference is that DEUNA receives the encrypted Google Pay payload from the merchant app and is responsible for decrypting the payment token and relaying the transaction information to a chosen gateway or receiver.

For the authentication method of the card transaction, authMethod in paymentMethodDetails, DEUNA supports both PAN_ONLY and CRYPTOGRAM_3DSPAN_ONLY gives support for payment methods that Google Pay deems are non-tokenized cards. CRYPTOGRAM_3DS gives support for payment methods that Google Pay deems are tokenized cards.

How to make a Purchase using Google Pay™ and Network Token?

Once an order has been generated, The Payment API receives the information the token instead of a credit card details, for further details regarding billing address parameters refer to API reference purchase section, See this example How it will looks like:

// ... more fields deleted for simplicity 
{
  "processor_name": "kushki",
  "amount": 1000,
  "email": "[email protected]",
  "specific_fields": {
    "google_pay": {
      "paymentData": {
        "apiVersion": 2,
        "apiVersionMinor": 0,
        "paymentMethodData": {
          "description": "Visa •••• 4655",
          "info": {
            "assuranceDetails": {
              "accountVerified": true,
              "cardHolderAuthenticated": false
            },
            "cardDetails": "4655",
            "cardNetwork": "VISA"
          },
          "tokenizationData": {
            "token": "{\"signature\":\"MEQCICcKYKgxIjOU3KnRh9XnTKzWQrZKjI0kcvKH2z1etqGzAiBw0eRf2JhB7EV/9wBQjoasHSi9Cmbs0dHwVs6yelITAA\\u003d\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECYB8LbM/sbZhW+JwlKM4WMivuD7eN0weP2UgJ99hY+Wh8cZumzmUaGLUpB3FwHSUfzx3TcZmBNN2lpi96a2b2w\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1734027487566\\\"}\",\"signatures\":[\"MEYCIQCrX4N/apPBNyKtsReihGwUBk22496hC/7yojep26/oQwIhAII1eMQ95ywl3oYH0uFKNT9yFNCW0g9S4P9HFWJLYNMS\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"Gjzp+nTdbu40IbeDy5P66+yugMl8D+dH+0N2Adb9MCUvkZR+fgyHQHFuNdilE5Y/F7YnJ/5CY4GOywsCxlby3Om/ZQhmDbrYAvGJiFyXA5sJyyztoob8CeUQIbokYrBXiLFrbheZ/A9wakrg3lIvCVgjRC9R+DU5/8H3o/n9HTW4wwkMM/HS2vvhl5ZEyinrI4TWeDXIwBTC//+DLL4MFIyv9k+oEB7dta9ZOM4DLTdOW4KGzKEbXPRRIUXG37fuakAQNUV1fCSOB+UeiGtCeG7K+Qj7xhomn1e8tc+UY7SW8aXUwtg6zUvMdtewTl/DmjVAkjXiosL3Ao1BxC3ytrz99LU0KIIL0MQfJJk9pAVGm0Ux3gYydK7otW9iawRz7sleZnYtHeNmUICisX4n04ZZamrUYGk\\\\u003d\\\",\\\"ephemeralPublicKey\\\":\\\"BPw80izPiMUvR8fxfi4mXMNpdbFCKxQ5bd6tkAYcrSgCsd2yCA5QV90WfgbE2WbRQkDTRGLkAUJnQMn0+aB/lB4\\\\u003d\\\",\\\"tag\\\":\\\"FmT/q+dV+G/fERDTaao7HYeiAsGMEjiiXriKpbeC1qI\\\\u003d\\\"}\"}",
            "type": "DIRECT"
          },
          "type": "CARD"
        }
      }
    }
  },
  "credit_card": {
    "expiry_month": "",
    "expiry_year": "",
    "card_holder": "Duna Developers",
    "card_holder_dni": "185396924",
    "card_holder_number": "310.555.124",
    "card_number": "",
    "card_cvv": "",
    "address1": "Vergara 548",
    "zip": "001100",
    "city": "santiago",
    "state": "rm",
    "country": "cl",
    "phone": "12345755"
  },
  "billing_address": {
    "email": "[email protected]",
    "identification": "050623568956124",
    "id": 13,
    "user_id": "ebd6105c-b2ae-11eb-8529-0242ac130003",
    "first_name": "NELSON",
    "last_name": "JIMENEZ",
    "phone": "593986100449",
    "identity_document": "1150218418",
    "lat": -0.100032,
    "lng": -78.46956,
    "address1": "Av. Eloy Alfaro 20, Quito 170515, Ecuador BILLING Purchase",
    "address2": "Av. Eloy Alfaro 20, Quito 170515, Ecuador",
    "city": "Quito",
    "zipcode": "170515",
    "state_name": "CRT",
    "country": "EC",
    "additional_description": "Descripción adicional",
    "address_type": "home",
    "is_default": false,
    "created_at": "2021-11-03T22:09:09.086990957Z",
    "updated_at": "2021-11-03T22:09:09.087014623Z"
  }
}

Internally, this token is used to make a purchase which provide the network token or cryptogram to perform a transaction

Credential configuration

To set up your credential follow the steps for DEUNA's Admin documentation.. after following the steps, please insert your Google Pay™ credentials (GatewayMerchantID=MerchantID, gateway=Name) in the following configuration view:

In case the PSP selected by the merchant supports 3DS, follow this configuration steps in order to enable 3DS for PAN_ONLY credentials returned via Google Pay API.

Updated 3 days ago