Merchant Decryption Method

Using this process, the responsibility for the decryption of the encrypted payload from Google Pay falls to you. The steps that follow, along with FIGURE 1-12 High Level Message Flow for Google Pay using Merchant Decryption, illustrate the high level flow of messages associated with an Google Pay purchase, when you perform the decryption of the encrypted payload.

The process assumes you have integrated with Google using the method that returns the encrypted payload from Google following the Full Wallet request.

  1. When the consumer clicks the Google Pay button in your application, the action triggers a PaymentDataRequest to Google. The information returned by Google in the PaymentDataRequest object may include a masked card number (last-four digits exposed) and shipping information. The consumer has the option of changing this information. If any info changes, Google Pay returns an updated PaymentDataRequest object.

  2. Upon confirmation of the order by the consumer your application initiates a FullWalletRequest to Google. Google also returns the encrypted payload. The encrypted payload is a UTF-8 encoded serialized JSON dictionary with the following keys:

  • encryptedMessage (string base64) - an encrypted message containing the payment credentials

  • ephemeralPublicKey (string base64) - the ephemeral public key associated with the private key to encrypt the message

  • tag (string base64) - MAC of encryptedMessage

  1. Your application sends the encrypted payload along with the transaction information to your server.

  2. Your server decrypts the encrypted payload extracting the payment, which is a UTF-8 encoded, serialized JSON dictionary with the following keys:

  • dpan (string (digits only)) - the device-specific personal account number (i.e., device token)

  • expirationMonth (number) - the expiration month of the DPAN (1 = January, 2 = February, etc.)

  • expirationYear (number) - The four-digit expiration year of the DPAN (e.g., 2015)

  • authMethod (string) - the constant 3DS (may change in future releases).

  • 3dsCryptogram (string) - the 3DSecure cryptogram

  • 3dsEciIndicator ((optional) string) - ECI indicator per 3DSecure specification

Example of Decrypted Credentials in JSON

{

“dpan”: “4444444444444444”,

“expirationMonth”: 10,

“expirationYear”: 2018,

“authMethod”: “3DS”,

“3dsCryptogram”: “AAAAAA...”,

“3dsEciIndicator”: “eci indicator”

}

After decryption, submit the Authorization/Sale transaction to Worldpay, setting the orderSource element to androidpay and populating the following cnpAPI elements with the decrypted information:

  • number - dpan value

  • expDate - MMYY derived from the expirationMonth and expirationYear values

  • authenticationValue - the 3dsCryptogram value

  1. Worldpay processes your transaction normally and returns the results in the response message.

FIGURE 1-12 High Level Message Flow for Google Pay using Merchant Decryption