Skip to main content
Token Authentication Service (TAS) is a security feature provided by Mastercard for Click to Pay transactions. TAS generates a cryptogram that authenticates the payment token during checkout, providing an additional layer of security similar to EMV chip transactions for online payments.
TAS is only available for Mastercard transactions. Other card networks supported by Click to Pay (American Express, Discover, and Visa) do not currently support this feature.

How TAS Works

When TAS is enabled, a cryptogram is generated during the checkout process. This cryptogram is a unique, one-time code that validates the authenticity of the payment token being used. The cryptogram is sent along with the transaction to the card issuer for verification. This process happens seamlessly in the background without requiring any additional action from the customer. The cryptogram provides strong authentication that the payment token is being used by the authorized cardholder, reducing the risk of fraud. On supported devices, TAS leverages passkeys (biometric authentication such as fingerprint or face recognition) to further streamline the authentication process while maintaining high security standards.

Benefits

  • Enhanced Security: Adds cryptographic authentication to token-based transactions, significantly reducing fraud risk.
  • Higher Authorization Rates: Issuers can approve transactions with greater confidence, leading to fewer declined payments.
  • Replaces 3-D Secure: Provides strong authentication that can replace traditional 3-D Secure (3DS) flows, eliminating redirect steps and improving conversion rates.
  • Seamless Experience: Works transparently without adding friction to the customer checkout flow.
  • EMV-Level Security: Brings chip card security standards to online and mobile transactions.

Prerequisites

TAS requires 3-D Secure to be configured at the merchant account level, not at the connection level. This is because TAS authentication occurs before transaction routing, at a point where the payment service connection has not yet been determined. To set up 3DS at the merchant account level, follow the instructions in our 3-D Secure setup guide. Make sure to configure a scheme profile for each card scheme you want to support with Click to Pay.
Merchant account-level 3DS configuration is currently in beta. Please contact our support team to enable this feature for your account.

Implementation

Our platform makes it simple to enable Token Authentication Service when using Secure Fields for Click to Pay. To activate TAS, add the authenticate.checkout property to your Secure Fields configuration and set it to true. When enabled, TAS will automatically generate the cryptogram for each Click to Pay transaction, providing enhanced security without any additional integration effort. 
<ClickToPay
  srcDpaId='{SRC_DPA_ID}'
  dpaName='{DPA_NAME}'
  dpaLocale='en_AU'
  cardBrands={['mastercard', 'visa', 'amex']}
  consentCheckbox='#click-to-pay-consent-checkbox'
  learnMoreLink="#click-to-pay-learn-more-link"
  authenticate={{
    checkout: true,
  }}
/>