This page sets out the implementation methods available for Adyen’s merchants and describes the additional services that Adyen’s merchants may use. These descriptions should be read together with your merchant agreement with Adyen (“Merchant Agreement”). If you do not yet have a Merchant Agreement with Adyen, please submit a request at https://support.adyen.com/hc/en-us/requests/new for more information.
Adyen may update this page from time to time to reflect technical developments, updates to services or newly added services that are available to Adyen's merchants. If you wish to be notified of any such updates, you can subscribe to email updates at the bottom of this page. Last updated 16 October 2020.
Merchant may choose to use the Payment Interfaces described below to connect to Adyen's API to submit payment details for Card Not Present Transactions to be processed by Adyen (in each case subject to verification by Adyen of the implementation thereof).
Pay By Link allows Merchant’s customers to submit payment details on an Adyen-hosted page. Merchant has the ability to customize the page by setting made available by Adyen.
Drop-in is a full web form to submit payment details, which can be incorporated in its entirety on Merchant’s website or app. It supports multiple payment methods (supported payment methods are listed at https://docs.adyen.com/online-payments/drop-in-web) which can be selected by Merchant and includes the different flows of these payment methods (e.g. redirect, QR code, 3D Secure).
The Components integration is similar to the Drop-in integration and supports the same Payment Methods, but can be included on Merchant’s website or app on a per-Payment Method basis.
This Payment Interface allows Merchant to send Transaction data directly to Adyen using Adyen’s APIs. This can be used stand-alone or in combination with one of the above.
Not using the Drop-in or Components integration for Cards, and thus gathering and submitting unencrypted Card data to the Adyen API, is only permitted with prior approval by Adyen. If Merchant gathers such unencrypted Card data itself, Merchant must be able to demonstrate that its systems are PCI DSS certified at the appropriate level (to be confirmed by Adyen) before using the API only integration for Cards. The last paragraph of Clause 4.2 of the Adyen Terms and Conditions regarding connection to the API interface will apply in such case.
Merchant may be required to complete a PCI Self-Assessment Questionnaire in accordance with Merchant’s PCI Compliance requirements and Merchant should ensure compliance with the answers provided in such questionnaire.
In case of the Drop-in or Components integration, iFrames for web and encryption for iOS and Android are used to encrypt the data for some input fields (where required, e.g. for Card data input fields). As a result, no unencrypted Card data from those fields will be visible to Merchant, while retaining full customizability for the remainder of Merchant’s payment page or app. In case of the Pay by Link integration, Merchant will also have no visibility of unencrypted Cardholder data.
Each of the additional Services for e-commerce described below will be charged as set out in your Merchant Agreement.
RevenueProtect is the essential risk mitigation service of the Adyen payments platform, at heart a rule-based engine with a configurable scoring component that is supported by a set of advanced transaction linking algorithms and machine learning to optimize risk checks. The features of RevenueProtect provide Merchant with the necessary tools to mitigate fraud and reduce false positives. Adyen RevenueProtect will be charged as agreed in the Merchant Agreement.
Merchant can opt to use Adyen’s 3D Secure server and SDK to perform transaction authentications with the relevant Scheme Owners (the “Authentication Service”), which includes Adyen’s 3DS 2 solution. Such authentications can be linked to or can be executed independent from a later payment authorization. Merchant can use the Authentication Service with or independently of the Adyen Acquiring Service. Merchant commits to use the Authentication Service in accordance with the provided technical guidance. The Authentication Service will be charged as agreed in the Merchant Agreement.
The Account Updater Service allows Merchant to request and receive updated Card information from the relevant Card Schemes (where supported by such Card Scheme and the Issuing Bank for the Card), either real-time or by batch submission.
If Merchant uses Adyen's Account Updater Services, it will be charged as agreed in the Merchant Agreement for each of the following matched responses: New Account Number, New Expiry Date, Closed Account and (for Visa only:) Contact Cardholder.
If Merchant wishes to use Payment Terminals for submitting POS Transactions, it must use Payment Terminals which are approved by Adyen and which are configured in accordance with the then current configuration requirements and supported versions as specified by Adyen from time to time.
Merchant can implement its use of the Payment Terminals as follows:
The Payment Terminal is used as a stand-alone device and is not linked to, or integrated with, a third party device such as a cash register or tablet (“POS Device”).
Merchant connects an external device or platform to the Payment Terminal via the Adyen Terminal API. More information on the Terminal API Integration is available on docs.adyen.com.
Certain third parties may offer an integration to the Adyen platform with such third party’s solution (e.g. as part of their cash register software). A list of third party solutions with an integration to Adyen is available on request.
For Mobile SIM Payment Terminals, Adyen will supply the SIM card together with the Payment Terminal and will remotely (re)activate the SIM card upon Merchant’s request. Upon such (re)activation, Merchant agrees to enter into a SIM subscription period of 12 months, which will be tacitly renewed with consecutive 12 months periods until terminated by Merchant notifying Adyen Support at least one month in advance of the end of the relevant subscription period. Upon such termination, the SIM card will be deactivated (and can be reactivated in accordance with the foregoing).
The monthly subscription fee as agreed in the Merchant Agreement will apply for activated SIM cards. Mobile SIM Payment Terminals can only be used with SIM cards that are supplied by Adyen. Upon termination of this Merchant Agreement, all Merchant’s SIM cards will be automatically deactivated and must be returned by Merchant together with the Payment Terminals as set out in the Merchant Agreement.
As an option Merchant can decide to offer Dynamic Currency Conversion (“DCC”) to Cardholders on the Payment Terminal. DCC provides the Cardholder the opportunity to pay a POS Transaction in the currency of its Card, if the Cardholder’s Card currency is different from the Merchant’s sales currency (e.g. Euro sales price and the Cardholder has a USD Card). DCC (if offered by Merchant) can be accepted or declined by the Cardholder before approving the POS Transaction on the Payment Terminal.
The exchange rate applied for the conversion (sourced from Oanda as published on the website www.oanda.com) and the fee charged to the Cardholder for the DCC (“Cardholder DCC Fee”) can be consulted by the Cardholder on the Payment Terminal before he decides to accept or decline the DCC offer. These details are also confirmed to the Cardholder on the transaction statement after the payment is completed.
The fees for the DCC Service are charged in full to the Cardholder and Merchant receives Settlement in the currency of the original sales transaction. The Cardholder DCC Fee (by default 3%) can be changed on request of Merchant in the range of 1.2%-6% and will be shared between Adyen and the Merchant as agreed in the Merchant Agreement.
In case of a Chargeback on the Transaction to which DCC is applied, the fee charged to the Cardholder may need to be returned, in which case Merchant must also return its share of the fees. Supported currencies for DCC are set out in the then current DCC manual published by Adyen on the Customer Area.
Payment Terminals will by default process all Transactions online only. In case of connectivity issues to the Scheme Owner or Card Issuer, the Transaction will be declined. As alternative options, Merchant can configure Payment Terminals to accept transactions offline as follows:
For the options above, any Transaction for an amount exceeding the relevant limit set by the Merchant will always be processed online only (or declined in case of connectivity issues). Transactions authorized offline will be stored on the Payment Terminal and forwarded to the Scheme Owner and Card Issuer when the Payment Terminal is online. Transactions that were authorized offline may fail to be Captured, which could result in no Settlement to the Merchant. However, some Scheme Owners may offer a limited Capture guarantee and fraud Chargeback protection for Transactions authorized offline in line with Card configuration up to a certain Transaction amount. Adyen does not accept any responsibility for any failed Captures or the defense of Chargebacks and/or disputes in respect of Transactions authorized offline. If Merchant chooses to authorize Transactions offline, Merchant accepts full liability for, and shall indemnify and hold Adyen harmless from, any (third party) claims in respect of the associated risks regarding Chargebacks, disputes and Capture/Settlement failures.
Merchant may choose to enable Manual Keyed Entry (“MKE”) on the Payment Terminals. In such case, Merchant accepts full liability and shall indemnify and hold Adyen harmless from any (third party) claims in respect of Chargebacks and fraud regarding Transactions executed through the use of MKE. Adyen reserves the right to set up / increase the Deposit Level in respect of the Merchant as a result of the number of MKE Transactions.
Merchant may also request activation of Mail Order and Telephone Order ("MOTO") on the Payment Terminals. In such case payments can be processed remotely by keying in the Card details on the Payment Terminal while the Card is not present. The Merchant has also the option to enable MOTO refunds via the Payment Terminal. In both scenarios Merchant accepts full liability and shall indemnify and hold Adyen harmless from any (third party) claims in respect of Chargebacks and fraud regarding Transactions executed through the use of MOTO. Adyen reserves the right to set up / increase the Deposit Level in respect of the Merchant as a result of the number of MOTO Transactions. Merchant represents and warrants that it will comply with the Scheme Rules and PCI DSS requirements applicable to MOTO transactions.
The Adyen solution, including the Payment Terminals, will by default be End-to-End encrypted. As an alternative, Merchant is able to opt-in to the PCI verified Adyen P2PE solution (“Adyen NV”, see: https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_solutions?agree=true). If the merchant opts-in to Adyen P2PE, this is done for all merchant accounts under Merchant’s company account on the Adyen Customer Area. It is not possible to have both End-to-End encrypted and P2PE encrypted terminals on one Adyen company account.
When the Merchant opts-in the Adyen P2PE solution, the pricing as separately agreed will apply. Furthermore, the Merchant will be obliged to:
(i) fully implement the P2PE Instruction Manual (“PIM”) (available online at https://www.adyen.com/legal/p2pe-instruction-manual); and
(ii) ensure its compliance with the relevant PCI DSS requirements for P2PE; and
(iii) annually provide Adyen a Self-Assessment Questionnaire P2PE (’SAQ P2PE') or an Attestation of Compliance for Self-Assessment Questionnaire P2PE (‘AOC P2PE').
Moreover, Adyen has the right to request audit trails (as described in the PIM) at any time and Merchant must respond within five working days with the requested audit trails. If the Merchant fails to provide accurate audit trails on Adyen’s request, Adyen has the right to disable Adyen P2PE for Merchant.
Merchant has the right to opt-out of Adyen P2PE at any time with a request from an authorized employee to the Adyen POS Support team (email@example.com). Provided that the notice is given at least 5 days before the end of a calendar month, the Adyen P2PE fees will stop applying as of the following calendar month. Upon receipt of an opt-out request from Merchant, Adyen P2PE will be disabled for any Payment Terminal ordered by Merchant.
More information on Adyen’s P2PE solution can be found on the Adyen documentation website.