Visa Click to Pay

Merchants and Payment Service Providers

Use Cases

A Digital Terminal can create multiple checkout initialization experiences for their DPAs. Sample user journeys are shown in the below pages. These user journeys are provided for illustrative purposes only. Digital Terminal should independently evaluate all content and recommendations in light of their specific business needs, operations, and policies, as well as any applicable laws and regulations.

Existing User Recognized via Remember Me

Returning Click to Pay user Recognized via Remember Me

Assumptions:

  • Alex has used the device to perform a prior checkout.
  • Alex has previously enrolled in Visa Click to Pay and chosen to be remembered during prior checkout on the same device.
    Note: Remember Me is only available on supported browsers (i.e., Chrome, Edge)

Journey:

  1. Alex navigates to the checkout page.
  2. The Digital Terminal calls Click to Pay to recognize Alex, since they had previously selected the option to be remembered on this device.
  3. Alex is remembered by one or more Click to Pay systems on the same device.
  4. The Digital Terminal receives card details from the Click to Pay system.
  5. The Digital Terminal aggregates the card list obtained from all Click to Pay systems, orders them, and displays them for card selection.
  6. Alex selects a card from the card list and continues to perform the checkout.
  7. Once Alex confirms the order, the Digital Terminal submits the information and other selections to Click to Pay system to receive the checkout payload.
  8. The Digital Terminal orchestrates the Cardholder Verification Method (CVM) for the selected card (when applicable).
  9. The Digital Terminal passes the payload to the Digital Payment Application for transaction processing.

Existing User Identified via Email

Recognized User via Identity Lookup

Assumptions:

  • Alex has previously enrolled in Visa Click to Pay.
  • Alex is not recognized on the device by any Click to Pay system.

Journey:

  1. Alex navigates to the checkout page.
  2. The Digital Terminal checks with participating Click to Pay systems to identify Alex on the device and receives a "user not recognized" response.
  3. The Digital Terminal offers an option to perform Email Lookup to present Click to Pay enabled cards for checkout.
  4. The Digital Terminal initiates profile lookup with Alex's information, including email address.
  5. The Digital Terminal requests all participating Click to Pay systems to identify the email provided.
  6. Based on the responses, the Digital Terminal selects the system that recognizes the email address to initiate the one-time code flow to validate Alex’s identity.
    Note: System selection logic is based on the Click to Pay system containing the last used card, if there is no last used card the logic is based upon the Click to Pay system that responded first.
  7. Alex receives a one-time code via email and text (SMS).
  8. The Digital Terminal presents a screen to capture the one-time code and the option to be remembered on this device. The code entered is sent to Click to Pay system for verification.
    Note: Remember Me is only available on supported browsers (i.e., Chrome, Edge)
  9. The Digital Terminal uses the verified identity to retrieve the card list from all Click to Pay systems for Alex.
    Note: If SMS OTP is used for identity verification, Click to Pay will filter the cards shown based on mobile number.
  10. The Digital Terminal receives card details from the respective Click to Pay system.
  11. The Digital Terminal aggregates the card list, orders them, and displays them for card selection.
  12. Alex selects a card from the card list and continues to perform the checkout.
  13. Once Alex confirms the order, the Digital Terminal submits the information and other selections to Click to Pay system to receive the checkout payload.
  14. The Digital Terminal orchestrates any Cardholder Verification Method (CVM) for the selected card (when applicable).
  15. The Digital Terminal passes the payload to the Digital Payment Application for transaction processing.

Linking a Card

First Time User

Assumptions:

  • Alex does not have a Click to Pay profile.

Journey:

  1. Alex navigates to the checkout page.
  2. The Digital Terminal captures all necessary data, including card details, name, billing address, email address, and phone number.
  3. The Digital Terminal displays Click to Pay awareness content, terms, privacy notice, profile information, and an opt-out option to Alex.
  4. After Alex confirms the order, the payment transaction is processed outside Click to Pay and Alex's card is enrolled in Click to Pay.
    Note: During all add card flows; Digital Terminal will always receive an untokenized payload in checkout response.
  5. The Digital Terminal submits the order and other selections to the Click to Pay system to receive the checkout response.
  6. The Click to Pay system creates a new profile for Alex and adds the card under the profile for future use.
  7. An email is sent to Alex with the result of their enrollment request.
  8. The Digital Terminal passes the payload to the Digital Payment Application. This application may also use the checkout reference identifier to obtain a full payment payload for transaction processing (if not already processed).

Assumptions:

  • Alex has a Click to Pay profile and wants to add another card to their profile.

Journey:

  1. The Digital Terminal aggregates the card list obtained from all Click to Pay systems, orders them, and displays them for card selection.
  2. Alex chooses to add a new card to Click to Pay.
  3. The Digital Terminal captures all required data elements including card details, billing address, and phone number.
  4. The Digital Terminal presents Alex with Visa Click to Pay Terms, Visa Privacy Notice, profile information, and an option to opt out.
  5. After Alex confirms the order, the payment transaction is processed outside Click to Pay and Alex's card is enrolled in Click to Pay.
    Note: During all add card flows; Digital Terminal will always receive an untokenized payload in checkout response.
  6. The Digital Terminal submits the information, order, and other selections to Click to Pay system to receive the checkout response.
  7. The Click to Pay system enrolls the card under the profile for future use.
  8. An email is sent to Alex with the result of their enrollment request.
  9. The Digital Terminal passes the payload to the Digital Payment Application for transaction processing.

Cardholder Authentication Methods

Visa Secure with EMV 3-D Secure is embedded within Click to Pay to get authenticated payload without having to integrate with an external 3DS provider for Click to Pay transactions. This may not be available depending on regulatory requirements for certain countries or regions (e.g., Strong Consumer Authentication in Europe). DPA can provide a specific authentication preference during the transaction for Visa Click to Pay to facilitate 3DS authentication.

In the checkout request, the Digital Terminal can pass an authentication preference specifying 3DS as a method and pass respective configuration settings, including challenge indicator, to request 3DS authentication to be performed by Visa Click to Pay on behalf of its DPA. Visa Click to Pay will perform 3DS and return payment credentials in the checkout response, including ECI value and dynamic data.

Note: The Digital Terminal must be configured for 3DS authentication with Visa to take advantage of 3DS within Click to Pay.

3DS Authentication

Assumptions:

  • The merchant may or may not provide an authentication preference for the transaction.
  • The merchant may be in a region that only supports 3DS.
  • Visa Click to Pay may decide to perform step-up authentication based on risk assessment.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (e.g., 3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform 3DS authentication.
  5. Upon successful 3DS authentication, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

FIDO (Fast Identity Online) is a set of standards-based authentication protocols designed to enable biometric authentication online. To ensure cardholders get an improved and more seamless e-Commerce checkout experience, Visa is introducing Click to Pay with authentication through passkeys built on FIDO alliance standards. 

Enrollment

FIDO Enrollment

Assumptions:

  • Issuer supports 3DS authentication.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform 3DS validation.
  5. Upon successful 3DS validation, Visa Click to Pay will also determine if Alex is eligible for Passkey registration based on device, and other parameters. If eligible, will initiate Passkey enrollment.
  6. Upon successful Passkey enrollment, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  7. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  8. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.
  9. Alex receives a confirmation email from Visa stating they have successfully created a Passkey associated with the selected card for future use.

Authentication

FIDO Authentication

Assumptions:

  • Alex has previously setup a Passkey for the card selected on the same device during checkout.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay recognizes a Passkey in association with the device and card selected and prompts Alex to complete Passkey authentication.
  5. Upon successful Passkey validation, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

Visa Click to Pay system supports issuer Cardholder Verification Methods via Online Banking for token to device binding and cardholder verification for risk based assessments or for DPA/Digital Terminal requesting authentication.  This authentication is based on Cloud Token Framework rails and issuer needs to enroll for the same. In the Checkout request, Digital Terminal can pass authentication preference or Visa Click to Pay system may authenticate the consumer following risk based assessment.

SRC Orchestrated

Visa Click to Pay system will direct the user to web URL provided by the issuer. Issuer will either direct the consumer to the bank app if on the same device or provide a push notification to the consumer on the device with the bank app. Issuer will redirect the consumer the Visa Click to Pay URL. Visa Click to Pay will poll for authentication results and provide the payload and payment credentials to the Digital Terminal.

Issuer Online Banking Authentication

Assumptions:

  • The merchant may or may not provide an authentication preference for the transaction.
  • Issuer supports Cloud Token Framework device binding.
  • Visa Click to Pay may decide to perform step-up authentication based on risk assessment.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform Issuer Online Banking authentication.
  5. Upon successful Issuer Online Banking authentication, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

SRCi Orchestrated

In the Checkout request, Digital Terminal can pass authentication preference or Visa Click to Pay system may authenticate the consumer following risk based assessment. Visa Click to Pay system will return a response with pending authentication with a list of authentication methods and Digital Terminal will invoke the authentication method. Visa Click to Pay system will direct the user to web URL provided by the issuer. Issuer will either direct the consumer to the bank app if on the same device or provide a push notification to the consumer on the device with the bank app. Issuer will redirect the consumer the Visa Click to Pay URL. Digital Terminal will poll for the authentication results and Visa Click to Pay system will provide the payload and payment credentials to the Digital Terminal. 

Issuer Online Banking Authentication

Assumptions:

  • The merchant may or may not provide an authentication preference for the transaction.
  • Issuer supports Cloud Token Framework device binding.
  • Visa Click to Pay may decide to perform step-up authentication based on risk assessment.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform Issuer Online Banking authentication.
  5. Upon successful Issuer Online Banking authentication, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

Visa Click to Pay system supports issuer Cardholder Verification Methods via email and SMS one time passcode for token to device binding and cardholder verification for risk based assessments or when DPA/Digital Terminal has requested for authentication. For DPAs/Digital Terminal requesting authenticated payload, token to device binding will be used as an authentication factor. DPA/Digital Terminal can provide a specific authentication preference during the transaction for Visa Click to Pay to facilitate authentication.

Visa Click to Pay system supports DPA/Digital Terminal initiating the authentication for issuer one time passcode. In the Checkout request, DPA/Digital Terminal can pass an authentication preference or the Visa Click to Pay system can authenticate the consumer following a risk-based assessment. In SRC initiating, the Digital Terminal passes the OTP value and assurance data in the checkout request. The Visa Click to Pay system validates the OTP and provides the payload and payment credentials to the Digital Terminal. 

In the Digital Terminal initiation, Digital Terminal passes the OTP value to the Visa Click to Pay system via authenticate API and receives assurance data from the Visa Click to Pay system. Digital Terminal passes the assurance data in the checkout request and Visa Click to Pay system provides the payload and payload credentials to the Digital Terminal.

Issuer OTP Authentication

Assumptions:

  • The merchant may or may not provide an authentication preference for the transaction.
  • Issuer supports Cloud Token Framework device binding.
  • Visa Click to Pay may decide to perform step-up authentication based on risk assessment.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform Issuer SMS/Email OTP.
  5. Upon successful Issuer OTP authentication, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

Assumptions:

  • The merchant may or may not provide an authentication preference for the transaction.
  • Visa Click to Pay may decide to perform step-up authentication based on risk assessment.

Journey:

  1. The Digital Terminal receives masked card details from the Click to Pay system.
  2. Alex selects a card from the card list and continues to perform the checkout.
  3. Once Alex confirms the order, the Digital Terminal indicates the preference for authentication and submits the information and other selections to Click to Pay system to receive the checkout payload.
  4. Visa Click to Pay performs risk assessment and/or based on DPA/Digital Terminal request for authentication, may decide that cardholder verification is required. Visa Click to Pay determines authentication method based the issuer’s/countries or regions preferred method (3DS, Passkeys, Issuer Online Banking, Issuer SMS/Email OTP, and CVV2). In this use case, Visa Click to Pay determines to perform CVV2 validation.
  5. Upon successful CVV2 authentication, Visa Click to Pay returns payment credentials in the checkout response, including ECI value and dynamic data.
  6. If authentication is unsuccessful or declined, Alex will not be able to proceed with the transaction using the selected card. The transaction must be reinitiated, and Alex may select another card for the transaction.
  7. The Digital Terminal passes the payload containing dynamic data to the Digital Payment Application for transaction processing.

Use Case Variations

Displaying Combo Cards in Card List

Certain Visa card products support both credit and debit accounts (such as combo cards in Brazil) and allow cardholders to choose whether the transaction will be processed as credit or debit at checkout. When the Visa Click to Pay system returns card details, an additional combo card indicator is included the image above. The Digital Terminal can use this indicator to enable the user experience based on merchant market preferences.