Payments & Fraud

How It Works

Dashboard

This documentation site is retired and will soon be removed. Current information can be found at the new documentation portal here! Please update your bookmarks.

Radial Payments & Fraud Documentation

Google Pay Processing

Google Pay

Google Pay™ is a digital wallet platform and online payment system offered by Google Inc. Merchants can add the payment service to websites and apps. Users with Android devices can add payment cards to Google Pay and use those cards to make payments in stores, in apps, and on websites.

Google Pay is supported on Android phones, tablets, and watches. In retail stores, Google Pay uses Near Field Communication (NFC) to transmit card information, facilitating funds transfer to the retailer. It replaces the credit or debit card chip and PIN or magnetic stripe transaction at point-of-sale terminals by allowing the user to upload card data in the Google Pay wallet. The service lets Android devices wirelessly communicate with point of sale systems using a near field communication (NFC) antenna, host-based card emulation (HCE), and Android's security.

Google Pay takes advantage of physical authentications such as fingerprint ID where available. On devices without fingerprint ID, Google Pay is activated with a passcode. When the user makes a payment to a merchant, Google Pay does not send the credit or debit card number with the payment. Instead, it generates a virtual account number representing the user's account information. This service keeps customer payment information private by sending a one-time encryption token instead of the card or user details.

Users can add payment cards to the service by taking a photo of the card, or by entering the card information manually. To pay at a point of sale, a user holds an authenticated device near the point of sale system.

Customer can also make a payment with Google Pay in apps or on websites that offer Google Pay as a payment method.

As a merchant integrating with Google Pay, you must adhere to the Google Pay APIs Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.

Configuration Setup

To be configured for Google Pay, your web store must complete the request process to obtain production access. With approval, Google provides you with instructions for registration and production access to the Google Pay API. In this step, Google provisions a merchantId value that you will use specifically with the Google Pay API.

Web Setup

Before using Google Pay from web, a user must add a payment method to the wallet or enter the card information manually. The payment method is stored in the wallet for future use. See Web Integration for details.

Android Setup

Before using Google Pay from an app, a user must add a payment method to the Android device. Users can add credit cards to the service by taking a photo of the card, or by entering the card information manually. A token is issued and stored in the wallet for future use. See App Integration for details.

Payment Service Support for Google Pay Integration

Radial's Payment Service provides APIs that can be used to integrate with Google Pay both for in-app purchases on mobile devices and purchases made on store websites.

Google Pay Integration Flow

This is the flow to complete a Google Pay transaction for the single request integration using Radial payment service APIs.

At checkout, when a Google Pay user taps the Google Pay button, a payment sheet displays the payment methods that have been saved to the Google Account and optional fields such as a shipping address.
The user can select a payment method in the wallet, or add new payment information, and provide shipping address if required
The client application connects to the Google server with gateway ID radialpayments and using their store ID as the gateway merchant ID, and receives encrypted payment token data in JSON format.
The client application creates a CreditCardAuth request including the authorization amount, GooglePaySigningKey (key signature, value, and expiration), EphemeralPublicKey, Tag, Version, encryption signature, and encrypted token.
The client application sends the CreditCardAuth request to Radial's Payment Service.
Radial's Payment Service uses its private key along with the ephemeral public key passed in the API call to decrypt the payment data.
The Payment Service processes the request as a regular Card Not Present transaction and returns a success or failure response.
The client application receives the success or failure response and prompts the user accordingly.

Google Pay PaymentMethodToken Payload Example

{
    "signature":"MEUCICx6HeNozaC9OlbQ/auODUSMM3LMbIG6ifR92n1Sg6wsAiEAhMUCzr65DJEaq1kzvYRhqB2OjgUF0KTOfe0J9wE2sUk\u003d",
    "intermediateSigningKey":{
        "signedKey":"{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENmrxs4pIO3t5U69sDzzPuxQBiF8L16Qq7N7ngwaIA8c9MPaU5T28TOtthYZbx5OxmhKxX+ENC7TOv4ctIU8v1Q\\u003d\\u003d\",\"keyExpiration\":\"1583311459742\"}",
        "signatures":[
            "MEYCIQCQaFdqxE5qvi239ARVW08jgN3kd2Mu82mxT71yekL5KAIhANQv5GN8B+ZybzTf+bmmP/nLkVMXZOkVAcpA0xxw/5N/"
        ]
   },
   "protocolVersion":"ECv2",
   "signedMessage":"{\"encryptedMessage\":\"Rv9kJ8ppjdTU75ScLQNl7NrRxCM0rTb/Vrqrv8ojo9E2RKzvcjF7XzXwtWsW19Su0PLcVUViZBQ4hrbdTWzkgvUZt5dUTdlXf5Oc/IiaZXCHhcNJxOOzTdIVQ4z585zAqC75XeE5g/9Nj/LN8gvTt39AyGicTh7sEu4v5Y2/VMqY/LGZSrt7Hrva6kb+Gh0F0CB1+97GWjAb1ocoIQqIP9LyS2ZxZ1gbxqa65r5U8+EfUIrG/KXcmZjjMPeaWsRnp2qR3dLWXz6ERZTvDHwUYUg8q6A5BfAjw7jzxvpWQYA3TduVraIWGuMUG58rHGY86fk4m+4F0dEDHW1wypawFQISinGlkuEiFEHq09oXQ19dRxqqaE0KR6VmFEoUHp3iPcpjhOsC8583STBh8eVMCH49Ws18ZdgSTrZ4lKqDPOYpgblKf1cq5cHQysHGLVvDJULurPy2GvwF1jbC1tZQ26jE0joXlepF\",\"ephemeralPublicKey\":\"BHkCxK41VgmFSyQRozlf7jm0Kqm9S6VbyVwB6UzyS4pWw5oOj9LNrwHRqI2GgUnZ5GUhJmiMCkD89dph+OBXgMg\\u003d\",\"tag\":\"Gv3Y4yyc2w5z3BOqURQWFp7f3sHWzzkET/EnefgAWvY\\u003d\"}"
}

APIs Used

Google Pay integration uses the following API

Credit Card Auth API

URI Summary

Action	URI Template	URI Example	Non-URI Request	Response	Note
POST	/v[M.m]/stores/[StoreID]/ payments/creditcard/auth/ [TenderCode].[format]	/v1.0/stores/store123/ payments/creditcard/auth/DW.xml	XML	200 + XML response	StoreID the same as gateway merchant id

Request Example

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0" requestId="1234567">
   <WalletPaymentInformation>
     <GooglePaySigningKey>
         <Signature>MEQCIFGSsF7iR5xwikWkOgJH//iWwH+T8HGSeVBKvwx8CUmaAiAi504erSm1RGc8ML1c0BDmsKXEx4nIV6MKPDMAouXv5g\u003d\u003d</Signature>
         <Value>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkObfp/N6pZWrSiitgQskQoD+LhrVNZpc5OxH5nwdoyWHAFzMbXHVk5oK4z8+2lx8GZ+J1LCa2NDUwmGEGW8Kcw\u003d\u003d</Value>
         <Expiration>1570171869038</Expiration>
     </GooglePaySigningKey>
     <EphemeralPublicKey>BMLuyqMv0puSlEkaGItWfMEhXkaKjMJ4NfQ2ybTmSVDmOdoOnA3Sv9kgzx3vjLWv+++YJboP/lTrZmXoU2tOsG0\u003d</EphemeralPublicKey>
     <Tag>cH9Uitc/eOKJV+pIvmBms6b5A5PdRJi89+xTVWxxblc\u003d</Tag>
     <Version>ECv2</Version>
     <Data>rs97b9L243rd/eV6e7FYTqIfqOcA28jq0hgea6IcPrFZrQZg6/jtLLr0QY/NGY3PIiYlSv7cjslD1MznBmEHjqWoueZUufuE0SvbHSyJodJbx/ABxEc6pbUKFD0OHGbWwZAusIP7eE19AKR3gUwfHYGlAUJcpUXs2z6eFbFLiBve3yGn5oauzxLzwoUkt5O2OUbOyLR17WIIz7bWogynJrfLIVGtk72y7PLUH+ewOv6T91C+tILeK+2xgwvJt/sQTonRwh4DQDtecqCFpMGxnOEgvjynZxubcLIMPfsRjkRdWAbyd2CNHVPhtoE++LNXzqxbQFiT81fDUSHv1Q6AUtxeuACQulckazi51SrPd+uxxAjuCHBQZbRWuZZIN2pVypdu1iGePLjAO7dEqlO+ppT0hUQbrMJjFRPmYlAhSgF5Pc4NDf+IyqdU3A+P6kt2fwuHwHsY4o7JCAb7qwtrGgmGpSkBU50UHtzI3qrQ8GraJ0N3FUx/Lst4VWGAwUAwNOPpnHnAeYbgho6nVECQ2yGbV+mwYR6oA0LXuK2ZeBPsiUOL</Data>
     <Signature>MEQCIBHBJhV144JGM2OIGYof7FdXFmQPvPa4IhEgW0BJRbGPAiABL/Z7GucSxvuyofNDkJSuak8ZwXnFZ02W8BHsOk7ovQ\u003d\u003d</Signature>
   </WalletPaymentInformation>
   <OrderId>1</OrderId>
   <Amount currencyCode="USD">14.99</Amount>
   <BillingFirstName>John</BillingFirstName>
   <BillingLastName>Smith</BillingLastName>
   <BillingPhoneNo>6101234567</BillingPhoneNo>
   <BillingAddress>
      <Line1>123 Main St</Line1>
      <Line2>Building 123</Line2>
      <Line3>4th Floor</Line3>
      <Line4>Apt 12</Line4>
      <City>Philadelphia</City>
      <MainDivision>PA</MainDivision>
      <CountryCode>US</CountryCode>
      <PostalCode>19019</PostalCode>
   </BillingAddress>
   <CustomerEmail>customer@sample.com</CustomerEmail>
   <CustomerIPAddress>208.247.73.130</CustomerIPAddress>
   <ShipToFirstName>John</ShipToFirstName>
   <ShipToLastName>Smith</ShipToLastName>
   <ShipToPhoneNo>6101234567</ShipToPhoneNo>
   <ShippingAddress>
      <Line1>123 Main St</Line1>
      <Line2>Building 123</Line2>
      <Line3>4th Floor</Line3>
      <Line4>Apt 12</Line4>
      <City>Philadelphia</City>
      <MainDivision>PA</MainDivision>
      <CountryCode>US</CountryCode>
      <PostalCode>19019</PostalCode>
   </ShippingAddress>
</CreditCardAuthRequest>

Request Elements

Element	Required	Description	Type	Restriction
CreditCardAuthRequest/WalletPaymentInformation	Yes	Digital Wallet Payment Information	ComplexType
CreditCardAuthRequest/WalletPaymentInformation /GooglePaySigningKey/Signature	Yes	Signature from key signing, corresponding to intermediateSigningKey/signatures	String
CreditCardAuthRequest /WalletPaymentInformation/ GooglePaySigningKey/Value	Yes	Signing key, corresponding to intermediateSigningKey/signedKey/keyValue	String
CreditCardAuthRequest/WalletPaymentInformation/ GooglePaySigningKey/Expiration	Yes	Signinng key expiration, corresponding to intermediateSigningKey/signedKey/keyExpiration	String
CreditCardAuthRequest /WalletPaymentInformation/ EphemeralPublicKey	Yes	A Base64 encoded ephemeral public key associated with the private key to encrypt the message, corresponding to signedMessage/ephemeralPublicKey	String
CreditCardAuthRequest/WalletPaymentInformation/ Tag	Yes	Base64 encoded MAC of encrypted payment data, corresponding to signedMessage/tag	String
CreditCardAuthRequest/WalletPaymentInformation/ Version	Yes	Google Pay version of payment service integration, e.g. ECv2, corresponding to protocolVersion	String
CreditCardAuthRequest/WalletPaymentInformation/ Data	Yes	Encrypted Payment Data, corresponding to signedMessage/encryptedMessage	Base64 encoded string
CreditCardAuthRequest/WalletPaymentInformation/ Signature	Yes	Verifies that the message came from Google, Base64-encoded and created with ECDSA by the signing key, corresponding to signature	Base64 encoded string
CreditCardAuthRequest/OrderId	Yes	Unique identifier of the order The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service.	String	Min 1 character Max 20 characters
CreditCardAuthRequest/Amount	Yes	Amount value to authorize for the order	String	Positive decimal, up to two decimal places(for example, 4.75)
CreditCardAuthRequest/Amount/ @currencyCode	Yes	Type of currency used for the amount	String	3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.
CreditCardAuthRequest/BillingFirstName	Yes	First name of the person on the billing address of the credit card	String
CreditCardAuthRequest/BillingLastName	Yes	Last name of the person on the billing address of the credit card	String
CreditCardAuthRequest/BillingPhoneNo	Yes	Phone number of the person on the billing address of the credit card	String
CreditCardAuthRequest/BillingAddress	Yes (for AVS verification)	Billing address of the credit card	ComplexType
CreditCardAuthRequest/BillingAddress/Line1	Yes	Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.	String	1 to 70 characters.
CreditCardAuthRequest/BillingAddress/Line2	No		String	1 to 70 characters.
CreditCardAuthRequest/BillingAddress/Line3	No		String	1 to 70 characters.
CreditCardAuthRequest/BillingAddres/Line4	No		String	1 to 70 characters.
CreditCardAuthRequest/BillingAddress/City	Yes	Name of the city	String	Min 1 character Max 40 characters
CreditCardAuthRequest/BillingAddress/MainDivision	No	Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2.	String	Min 1 character Max 35 characters
CreditCardAuthRequest/BillingAddress/CountryCode	Yes	Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2	String	Min 2 characters Max 40 characters
CreditCardAuthRequest/BillingAddress/PostalCode	No	String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code)	String	Min 1 character Max 15 characters
CreditCardAuthRequest/CustomerEmail	Yes	Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors.	String	Min 1 character Max 70 characters
CreditCardAuthRequest/CustomerIPAddress	Yes	IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors.	IPv4Address	Valid dotted quad IPv4 Address
CreditCardAuthRequest/ShipToFirstName	Yes	First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String
CreditCardAuthRequest/ShipToLastName	Yes	Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String
CreditCardAuthRequest/ShipToPhoneNo	No	Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String
CreditCardAuthRequest/ShippingAddress	Yes	First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. For orders that do not have a shipping address, pass the billing address as the shipping address.	ComplexType
CreditCardAuthRequest/ShippingAddress/Line1	Yes	Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.	String	1 to 70 characters.
CreditCardAuthRequest /ShippingAddress/Line2	No		String	1 to 70 characters.
CreditCardAuthRequest/ShippingAddress/Line3	No		String	1 to 70 characters.
CreditCardAuthRequest/ShippingAddress/Line4	No		String	1 to 70 characters.
CreditCardAuthRequest/ShippingAddress/City	Yes	Name of the city	String	Min 1 character Max 40 characters
CreditCardAuthRequest/ShippingAddress/MainDivision	No	Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2.	String	Min 1 character Max 35 characters
CreditCardAuthRequest/ShippingAddress/CountryCode	Yes	Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2	String	Min 2 characters Max 40 characters
CreditCardAuthRequest/ShippingAddress/PostalCode	No	String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code)	String	Min 1 character Max 15 characters

Reply Example

The response is a CreditCardAuthReply message.

<?xml version="1.0" encoding="UTF-8"?>
    <CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
       <PaymentContext>
          <OrderId>1</OrderId>
          <!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
             This token gets passed to the Order Service, not the original credit card number -->
          <PaymentAccountUniqueId isToken="true">4054131ImpMJ6965</PaymentAccountUniqueId>
       </PaymentContext>
       <ResponseCode>APPROVED</ResponseCode>
       <AuthorizationResponseCode>AP01</AuthorizationResponseCode>
       <BankAuthorizationCode>614653</BankAuthorizationCode>
       <CVV2ResponseCode>0</CVV2ResponseCode>
       <AVSResponseCode>E</AVSResponseCode>
       <PhoneResponseCode></PhoneResponseCode> <!-- AmEX only -->
       <NameResponseCode></NameResponseCode> <!-- AmEX only -->
       <EmailResponseCode></EmailResponseCode> <!-- AmEX only -->
       <AmountAuthorized currencyCode="USD">14.99</AmountAuthorized>
       <TenderType>VC</TenderType>
    </CreditCardAuthReply>

Response Elements

Element	Required	Description	Type	Restriction
CreditCardAuthReply/PaymentContext	Yes	Unique identifier of the payment transaction for the order	ComplexType
CreditCardAuthReply/PaymentContext/ OrderId	Yes	Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service.	String	Min 1 character Max 20 characters
CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId	Yes	Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN.	String	Min 1 character Max 22 characters
CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId/ @isToken	Yes	Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true.	String	true
CreditCardAuthReply/ResponseCode	No	Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service. See Authorization Response Codes for a list of codes.	String	SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element
CreditCardAuthReply/ AuthorizationResponseCode	Yes	Response code of the credit card authorization. This includes approval, timeout, and several decline codes. See Authorization Response Codes for a list of codes.	String
CreditCardAuthReply/BankAuthorizationCode	Yes	Authorization code returned by the payment processor upon a successful credit card authorization. Any order taken by the Order Service and paid by credit card MUST have this authorization code.	String
CreditCardAuthReply/CVV2ResponseCode	Yes	Payment processor response code for the CVV2 (card verification value) check. For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code. See CVV2 Response Codes for a list of codes.	String
CreditCardAuthReply/AVSResponseCode	Yes	Payment processor response for the Address Verification System (AVS) check. For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code. See AVS Response Codes for a list of codes.	String
CreditCardAuthReply/PhoneResponseCode	No (Amex only)	Response code for customer phone number verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.	String
CreditCardAuthReply/NameResponseCode	No (Amex only)	Response code for customer name verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.	String
CreditCardAuthReply/EmailResponseCode	No (Amex only)	Response code for customer email verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.	String
CreditCardAuthReply/AmountAuthorized	Yes	Currency amount authorized on the credit card	String	Positive decimal, up to two decimal places(for example, 4.75)
CreditCardAuthReply/AmountAuthorized/ @currencyCode	Yes	Type of currency used for the order	String	3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.
CreditCardAuthReply/TenderType	No (Always present for Digital Wallet transactions)	This element identifies the tender type used for the transaction *Note that this value might be corrected based on Bin Range identification	String	Min 2 characters Max 4 Characters SchemaVersion in the Request Message has to be equal to or greater than 1.2 in order to receive this element for Card Not Present and Card Present transactions
CreditCardAuthReply/Extension	No	This element indicates that future optional elements may show up in this location of the XML document in the responses returned from the service.

Return to top

What are you waiting for?