Ever tapped your contactless card at a checkout? Click to Pay is the online version of that. It's a universal way to pay online, backed by Visa, Mastercard, American Express, and Discover, that lets customers skip manually typing in their card details every single time. For context on how it fits alongside other payment methods, see our payment gateway integration guide.
Click to Pay in plain English#
Click to Pay is one button at checkout. Your customer clicks it, a saved card token gets used to pay, and they're done. No 16-digit PAN, no expiry, no CVV, no "create an account first." It works on any merchant site that supports the standard, and the same enrollment carries across merchants — that's the whole point.
If you've heard the term EMV SRC or EMV Secure Remote Commerce, that's the underlying technical standard. Click to Pay is the consumer-facing brand that the card networks put on top. Same way "Chip and PIN" is the consumer brand and EMV is the standard underneath.
What "click to pay" actually means in 2026
The phrase gets used three different ways, and it's worth being precise about which one you mean:
- Click to Pay (the standard) — the EMV SRC scheme run by the card networks. Capital C, capital P. That's what this article is about.
- "click to pay" (the generic phrase) — any one-click checkout, including Apple Pay, Google Pay, PayPal Express, Shop Pay, Amazon Pay. Different rails, different security models.
- "click to pay" link in an email or SMS — a payment link the customer taps to land on a hosted page. Useful, but not the same thing as the EMV SRC button.
We'll cover all three below, because US buyers searching the term don't always mean the same one. If you're a merchant trying to decide whether to add the Click to Pay button to your checkout, what really matters is the EMV SRC version. If you're a contact center manager asking whether you can use "click to pay" to take a card over the phone, you actually want a payment link or our agent-assisted telephone payment flow — the EMV SRC button doesn't work over voice.
A Guide to Frictionless Online Payments#
Your customers see a familiar icon at checkout, click it, and the payment is done. No wallet hunt, no forgotten password.
This isn't just some random new feature. It was created by the payment industry's heavyweights — Visa, Mastercard, American Express, and Discover — to tackle two of the biggest headaches in e-commerce: abandoned carts and payment security. By creating one standardized button, they've gotten rid of the tedious task of punching in a 16-digit card number, expiration date, and CVV for every single purchase.
More Than Just a Button
It helps to think of Click to Pay as more than just another payment option. It's the digital evolution of the EMV chip that's in your physical card, bringing that same smart, trusted security to the online world.
It recognizes you on your devices and lets you pay with any saved card, without a separate account per merchant. This is a meaningful improvement over traditional methods. To see how it stacks up against other ways of storing card details, you can explore our detailed guide on what Click to Pay is and how it works.
The US is actually where Click to Pay has seen its most active rollout. All four major US card networks — Visa, Mastercard, American Express, and Discover — back the standard, and US merchants across retail, travel, and digital goods have been among the first to add the button at checkout.
Click to Pay is built on a technical standard called EMV® Secure Remote Commerce (SRC). This is the framework that keeps every transaction safe with layers of security, including network tokenization. It replaces sensitive card data with a unique digital identifier, keeping the real details under wraps.
To really grasp what Click to Pay is, you have to see its dual advantage. Customers get a simple checkout. Your business gets stronger security. It simplifies the whole transaction, directly addressing the main reasons people give up on their purchases, and builds trust right from the start.
This blend of speed and security is changing what people expect from online and over-the-phone payments.
Click to Pay At a Glance
| Feature | Description | Benefit for Your Business |
|---|---|---|
| Standardized Button | A single, recognizable icon across all participating websites and payment platforms. | Builds instant customer trust and familiarity, reducing hesitation at checkout. |
| Guest Checkout | Customers can pay without creating a new account or password for your site. | Lowers the barrier to purchase, which is a major driver in reducing cart abandonment. |
| Intelligent Recognition | Securely recognizes returning customers on their trusted devices. | Delivers a fast, one-click payment experience that encourages repeat business. |
| EMV® SRC Security | Built on a global standard with multi-layered security, including network tokenization. | Improves security and can help simplify your PCI DSS compliance requirements. |
| All Four Major Networks | Supported by Visa, Mastercard, American Express, and Discover, ensuring wide acceptance. | Offers a credible payment method that appeals to the full range of US cardholders. |
In short, Click to Pay isn't just another payment method — it's a smarter, safer, and much simpler way to handle transactions for everyone involved.
How a Click to Pay Transaction Works#
So, what really happens when a customer clicks that little icon? Behind that simple button is a surprisingly elegant process, one that's been fine-tuned for both speed and security. It's a clever bit of coordination between your customer, your checkout, and the card networks, all wrapped up in a few seconds.
The entire system is designed to get rid of the usual checkout headaches without cutting corners on security. The customer wants to pay and get on with their day, and you need to know their payment data is safe.
The Customer Journey: A Smooth Experience
For your customer, the process is straightforward. The goal is to make paying feel almost invisible, letting them complete their purchase without the usual stops and starts.
The customer heads to checkout and sees the Click to Pay icon — that stylized logo with an arrow inside a circle — next to the other payment options. This is their cue for a faster, safer way to pay.
As soon as they type their email address, the system smartly identifies them. If they're on a device they've used before, it might recognize them automatically. First-timers are prompted to enroll by entering their card details just once. That info is then securely saved for any site that offers Click to Pay.
To make sure it's really them, the system might send a one-time passcode to their phone or email. It's a quick verification step that adds a solid layer of security without feeling like a major hurdle.
The customer sees their saved cards, picks one, and confirms the payment. That's it. No need to re-enter the long card number, expiration date, or CVV. The transaction is done.
The real upside here is the "remember me" function. Once a customer is enrolled, the system can recognize them across any participating merchant's website. What was once a chore becomes a simple, one-click action for returning shoppers.
Research shows that around 28% of online shoppers will abandon their purchase if the checkout process is too long or complicated. By removing those roadblocks, Click to Pay directly tackles one of the biggest conversion killers.
The Merchant Process: Secure and Simplified
While the customer is enjoying that breezy checkout, a serious security operation is happening behind the scenes to protect everyone involved. Your business never has to handle or store raw card data, which massively reduces your security and compliance burden.
Click to Pay vs Apple Pay, Google Pay, and PayPal#
This is the question we get from merchants more than any other: "if I already accept Apple Pay and Google Pay, do I need Click to Pay too?" Honest answer — they're not the same thing, and you probably want both.
Click to Pay vs Apple Pay
Apple Pay only works in Safari on Apple devices, plus inside iOS apps. Click to Pay works in any browser, on any device, on any OS. If 40% of your traffic is Android Chrome, Apple Pay does nothing for those customers — Click to Pay does. The two coexist happily side by side at checkout.
Click to Pay vs Google Pay
Google Pay is similar — it's tied to the Google account, works best in Chrome on Android, and depends on the customer having added a card to their Google wallet. Click to Pay enrolls the card once at any participating merchant and works everywhere after that. There's overlap, but neither replaces the other.
Click to Pay vs PayPal
PayPal isn't a card scheme — it's a separate payments network and bank transfer rail. Click to Pay uses the customer's existing Visa or Mastercard, settles to your normal merchant acquirer, and your fees stay on your standard interchange. PayPal sits outside that.
Click to Pay vs your own "save card" feature
This one's worth thinking about carefully. If you store cards on your own merchant profile, your customer has to re-enter the card the next time they buy from a different merchant. Click to Pay enrolls once and works across all participating sites. From a PCI standpoint, the card is held by the network token vault, not you — which is exactly the point.
Click to Pay and PCI DSS — what actually changes#
This is where we have a position the card networks don't always spell out: adding Click to Pay to your online checkout doesn't take you out of PCI DSS scope on its own. It just changes which SAQ you fill in and reduces the data your servers ever touch.
Specifically:
- If your checkout already redirects or iframes a hosted card form (Stripe Elements, Adyen Drop-in, Authorize.Net, etc.), you're likely on SAQ A already. Click to Pay doesn't push you lower — you're already at the floor.
- If you handle the card form yourself (your own JS reads the PAN), you're on SAQ A-EP or higher. Swapping the manual card form for a Click to Pay button doesn't help if the rest of the page is still in scope.
- For over-the-phone payments, Click to Pay does nothing for you. The customer can't tap a button while they're on a voice call with an agent. That's where our DTMF masking approach takes the agent out of scope, or where a payment link sent mid-call lets the customer self-serve.
The honest take: Click to Pay is a checkout UX win and a network-tokenization security win. It is not a get-out-of-jail card for PCI DSS. Anyone telling you otherwise is overselling it.
Click to Pay over the phone — what merchants actually mean#
A good chunk of US searches for "click to pay" come from contact centers trying to solve the agent-on-the-phone problem. The EMV SRC button is a browser thing — it won't help an agent collecting a card during a voice call. But there are two adjacent flows people often mean when they say "click to pay over the phone":
- The agent stays on the line, the customer gets an SMS or email with a one-click link, taps it, pays on a hosted page. The agent never sees the card. This is our payment links flow, and it's the closest voice equivalent of "click to pay."
- The customer types the card into the keypad while still talking to the agent, the digits get masked to a flat tone, and the card goes straight to the gateway. This is DTMF masking. Different mechanism, same outcome: agent out of scope, customer in control.
For US contact centers the choice between those two usually comes down to caller demographics and whether the customer has a smartphone within reach. Most of our customers offer both.
Click to Pay in the US — availability and adoption#
The US is actually ahead of most other markets on Click to Pay rollout. All four major US card networks — Visa, Mastercard, American Express, and Discover — fully support the standard, and the US has been one of the primary launch markets. Most of the major US acquirers and payment gateways — Stripe, Adyen, Braintree, Authorize.Net, Worldpay, Chase Paymentech — let merchants enable the button via their existing gateway integration at no additional cost.
American Express and Discover both run their own SRC implementations under the Click to Pay umbrella, which means US cardholders can enroll cards from all four networks in a single flow. That's a genuine advantage over markets where only two networks participate.
The friction in the US right now is customer awareness. Most American shoppers haven't encountered the icon enough times to recognize it on sight. That changes as more high-traffic merchants enable it. Our position: if your acquirer offers Click to Pay at no extra cost, turn it on. It sits alongside Apple Pay, Google Pay, and your manual card form, costs you nothing, and gives the customer one more option. The downside is essentially zero; the upside grows as awareness builds.
If you're a US contact center and you're being sold "Click to Pay" by a vendor as a voice-payment solution — push back. That's not what EMV SRC does. You want agent-assisted telephone payments or a payment link, not the EMV SRC button.
Click to Pay enrollment — what the customer has to do once#
The thing that catches a lot of first-time users out is that the first transaction takes a bit longer than they expected, because they have to enroll. Here's the actual flow:
- Customer reaches checkout, taps Click to Pay.
- System asks for their email. If they're already enrolled with any merchant via any of the card networks, they get recognized straight away.
- First-time enrollment: customer enters card details (PAN, expiry, CVV, name, ZIP code) once. The card is tokenized and stored at the network token vault.
- One-time passcode by email or SMS confirms it's really them.
- Every future Click to Pay transaction at any participating merchant just needs the email and an OTP — sometimes not even the OTP if it's a recognized device.
That "once across all merchants" enrollment is the whole reason the standard exists. Without it, customers would have to re-enter the card at every site, which is what they already do today.
What we recommend for US merchants in 2026#
Quick, no-fence-sitting summary:
- For your online checkout — turn Click to Pay on. Free, low-risk, gives customers one more option, and the tokenization reduces your data exposure regardless of whether anyone uses it.
- For card-on-file with repeat customers — Click to Pay isn't a replacement. It's a customer-controlled vault, not a merchant-controlled one. If you need to bill the same card monthly without the customer being present, you still want acquirer-side tokenization.
- For over-the-phone payments — Click to Pay doesn't help. Use DTMF masking or payment links, depending on whether the customer needs to stay on the call or can pay independently.
- For PCI scope reduction — Click to Pay alone won't move you between SAQs. The bigger wins come from never letting card data touch your systems in the first place, which is the principle behind both Click to Pay (online) and our channel separation approach (voice).
Frequently Asked Questions#
What is Click to Pay in simple terms?
Click to Pay is a one-button online checkout standard run by the card networks. The customer enrolls their Visa or Mastercard once, then pays at any participating merchant with a single click — no re-typing the card number.
How does Click to Pay work?
The customer enters their email at checkout, the system recognizes them (or asks them to enroll once), an optional one-time passcode confirms identity, and the saved card token is used to settle the transaction. The merchant never sees the raw card number — it's replaced with a network token.
Is Click to Pay the same as Apple Pay or Google Pay?
No. Apple Pay and Google Pay are device-tied wallets. Click to Pay is browser-based and works on any device or operating system. Most merchants offer all three side by side because they cover different customers.
Is Click to Pay available in the US?
Yes, and the US is one of the leading markets for Click to Pay rollout. Visa, Mastercard, American Express, and Discover all support Click to Pay for US-issued cards, and most major US acquirers and gateways can enable the button at checkout. Customer awareness is still building, but the technical rails are fully live.
Does Click to Pay make me PCI compliant?
No. Click to Pay reduces the card data your systems ever touch, which helps — but you still need to complete the appropriate SAQ and meet PCI DSS v4.0.1 requirements. For most checkouts already using a hosted card form, Click to Pay doesn't change which SAQ you fill in.
Can I use Click to Pay to take payments over the phone?
Not directly — the EMV SRC button is a browser interaction. For phone payments, send a payment link the customer can tap during or after the call, or use DTMF masking so the customer keys the card in on their own phone while staying on the line.
What's the difference between Click to Pay and a payment link?
Click to Pay is a button on your own checkout page that uses the EMV SRC standard. A payment link is a URL you send to the customer by email or SMS that lands them on a hosted payment page. Payment links work over the phone; Click to Pay doesn't.
Does Click to Pay cost the merchant extra?
Usually not on top of standard scheme fees. Card-not-present interchange still applies, and most US acquirers don't charge extra to enable the button. Check with your specific acquirer.
What's EMV SRC?
EMV Secure Remote Commerce — the technical standard that Click to Pay is the consumer-facing brand for. Run by EMVCo, the same body behind the chip in your physical card.
Which card networks support Click to Pay?
Visa, Mastercard, American Express, and Discover. All four major US networks participate, making Click to Pay one of the most broadly supported one-click checkout options available to US merchants.
