What Is Click to Pay?
Click to Pay is the single online checkout button built on EMVCo's Secure Remote Commerce spec. Instead of typing card numbers into every merchant's checkout, the shopper enrols once with a network (Visa, Mastercard, Amex, Discover) and from then on signs in to pay with one button across thousands of sites. The merchant never sees the real card number — what comes back is a network token. It replaces the older Visa Checkout, Masterpass and Amex Express Checkout buttons with one shared standard.
Click to Pay is the single online-checkout button defined by EMVCo's Secure Remote Commerce standard and rolled out by Visa, Mastercard, American Express and Discover. The shopper enrols their card once with the network, and from then on every participating merchant shows the same Click to Pay button at checkout. The card details never get typed into the merchant's form, the merchant gets back a network token instead of the real PAN, and the same enrolment works across every network at every site. It replaces the older single-network buttons (Visa Checkout, Masterpass, Amex Express Checkout) with one shared experience.
If you've enrolled a card with your bank or one of the networks in the last couple of years, you've probably seen Click to Pay already — it's the button with the four small bird-style icons at the top of a checkout page. The promise is plain: type your card number once with the network you trust, and from then on you skip the card form on every site that accepts the button. From the merchant's side, the win is different — the card data goes through the network, not through the merchant's checkout, so the merchant gets a token back and stays well out of PCI DSS scope for that transaction.
How Click to Pay Works
The shopper enrols a card once. That can happen at their bank's app, at the network's own site (visa.com, mastercard.com, americanexpress.com, discover.com), or directly during a checkout at a participating merchant. Enrolment captures the card details, the shopper's email address and a few delivery addresses. The networks then share enrolment status across each other through a system called the SRC system, so the shopper doesn't have to enrol the same card four times.
At checkout, the merchant shows the Click to Pay button. The shopper enters their email and gets a one-time code (or a biometric prompt on a recognised device). The networks return the available cards, the shopper picks one, and the network sends a network token plus a one-off cryptogram back to the merchant. The merchant submits that to their payment gateway like any other authorisation — but the data on the wire isn't the real card number.
Click to Pay vs the Old Single-Network Buttons
Before Click to Pay, each network ran its own checkout button. Visa Checkout, Masterpass and Amex Express Checkout were all the same idea but each only worked with that network's cards. Merchants ended up with three buttons stacked at checkout, shoppers had three separate enrolments, and none of them got particularly broad adoption.
Click to Pay is what happened when the networks agreed to converge on the EMVCo standard. The visual design is shared, the enrolment is shared across networks, and the merchant integrates one button instead of three. Visa Checkout was retired in early 2022; Masterpass followed; Click to Pay is the migration path for both.
Click to Pay vs Apple Pay and Google Pay
Shoppers often ask why they'd use Click to Pay when they've already got Apple Pay or Google Pay. The honest answer is that on iPhone or an Android handset, the wallet button usually wins — it's one tap and biometric and the user already trusts it.
Click to Pay's pitch is the device-agnostic case. On a desktop browser, on a work laptop, on a tablet someone shares with their partner, on a Windows machine that doesn't have a native wallet — Click to Pay works on any browser, any device, without an app store install. It's also the only one of the three that's network-owned rather than platform-owned, which matters in markets where Apple or Google adoption is uneven.
What the Merchant Gets
The thing worth understanding from the merchant side is the data flow. A normal card checkout has the shopper typing the PAN into a form on the merchant's site. Even with a hosted iframe, the merchant's web environment is brushing past PCI DSS scope. Click to Pay short-circuits that — the PAN goes through the SRC system, the merchant gets back a token, and the shopper's card form on that merchant's site is never used.
The other thing the merchant gets is higher authorisation rates. Network tokens carry richer data than a typed-in PAN — the issuer knows the token came through the network's own authenticated channel, so the issuer's fraud rules treat it more leniently. Visa publishes a roughly 2-4% authorisation lift on tokenised transactions. The exact number depends on issuer, geography and basket size, but the direction is consistent.
What Click to Pay Isn't
It isn't a wallet in the Apple Pay sense — there's no device-bound key on the shopper's phone. It isn't a buy-now-pay-later product. It doesn't bypass 3D Secure in markets where SCA is required (PSD2 in Europe and the UK); the networks fold SCA into the Click to Pay flow when it's needed. And it isn't a replacement for the merchant's payment gateway — you still need a gateway and an acquirer, you're just changing what data goes into the authorisation request.
Adoption and What to Expect
Click to Pay rolled out across the US first, then the UK and the rest of Europe through 2023-2025. UK issuer adoption picked up sharply once Visa and Mastercard started enrolling cards by default for new issuances. As a shopper, you'll see the button more often on retailer sites that have migrated from the older buttons. As a merchant, your gateway provider almost certainly already supports it — the integration is a few hundred lines of front-end JavaScript plus a server-side call to redeem the token at authorisation time.
Click to Pay sits on the e-commerce side of the world. Paytia's specialism is the other side — payments taken by phone, where the shopper is on a voice call rather than at a keyboard. The two are complementary: most of our customers use Click to Pay (or a normal web checkout) for self-service online purchases, and use Paytia when the customer phones in to pay an invoice, book a service, or settle a deposit.
Where Click to Pay does come into Paytia's world is on our Click to Pay solution page — we use the same underlying network-token plumbing for our hosted web-checkout flows that sit alongside the telephone-payment platform. If a customer rings in but would rather finish the payment on their phone, we can send them a payment link that lands on a hosted checkout supporting Click to Pay, so they get the one-button experience without the agent ever touching card details. The whole flow stays out of the agent's screen, out of the call recording and out of PCI DSS scope — which is what Paytia exists to do.
Frequently Asked Questions
Is Click to Pay the same as Visa Checkout?
Click to Pay is the successor. Visa Checkout, Masterpass and Amex Express Checkout were single-network buttons that did broadly the same job. Click to Pay is the EMVCo standard the networks agreed on so there's one button and one enrolment instead of three. Visa Checkout was retired in early 2022; Masterpass followed shortly after. If you're integrating something new, Click to Pay is the only version worth building against.
Does Click to Pay work without an app?
Yes — that's one of its main selling points compared with Apple Pay or Google Pay. Click to Pay runs in the browser. There's no app install, no device pairing, and it works on desktop, mobile web, tablets and shared devices. The shopper authenticates with their email plus a one-time code or a passkey on supported browsers.
Do I still need 3D Secure with Click to Pay?
In markets where SCA is required (PSD2 in the UK and EU, for example), yes — but the networks fold the 3D Secure step into the Click to Pay flow when the rules say it's needed. Outside SCA markets, the merchant and the issuer's risk rules decide whether to step up. Click to Pay doesn't bypass SCA; it just makes the experience smoother when SCA is invoked.
Does Click to Pay reduce my PCI DSS scope?
Yes, materially. Because the shopper never types card details into the merchant's checkout form, the merchant's web environment isn't capturing or transmitting cardholder data. What the merchant receives is a network token, not the PAN. That typically moves an e-commerce merchant from SAQ A-EP (where the merchant's site handles redirection or hosted fields) towards SAQ A — the lightest of the self-assessment questionnaires.
What's the difference between Click to Pay and a network token?
Click to Pay is the checkout experience the shopper sees. Network tokens are one of the things it produces under the bonnet. When a shopper completes a Click to Pay transaction, the network returns a token (a number that looks like a card but is uniquely tied to that merchant and that card) to the merchant instead of the real PAN. So Click to Pay is the front door; network tokens are the data format that flows out of it.
See how Paytia handles click to pay
Book a personalised demo and we'll show you how our platform works with your setup.
Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia