Business Overview
Click to Pay is a universal online checkout standard developed jointly by the four major global payment networks — Visa, Mastercard, American Express, and Discover — under the governance of EMVCo. Since it's launch, it has been adopted by thousands of merchants, issuers, and wallet providers worldwide.
At its core, Click to Pay abstracts the consumer's Primary Account Number (PAN) behind a secure network token, enabling merchants to process payments without ever handling raw card data. When a consumer checks out using Click to Pay, their enrolled card credentials are retrieved from the Secure Remote Commerce (SRC) system and delivered to the merchant as a payment token, authorized for that specific transaction. All Click to Pay solutions are indicated by the Click to Pay icon 
.
Why Click to Pay Enrollment Matters to Issuers
For a cardholder to use Click to Pay at checkout, their card must first be enrolled in the relevant SRC System. Without enrollment, the card is invisible to Click to Pay and cannot be presented during checkout — even if the network supports it in principle.
Issuers drive enrollment. They are the only party that holds the verified cardholder identity, the authoritative card data, and the customer relationship needed to enroll credentials on behalf of or with consent from the cardholder. The Token Management Platform acts as the issuer's API gateway into the Visa SRC and Mastercard MDES systems.
|
Enrollment possibilities |
Description |
Business comment |
Technical requirements |
|
Automated, user initiated via available issuer channel |
Card credential and personal data are pushed automatically, after accepting T&C’s by the user. |
Convenient flow, with experience similar to xPay push provisioning. Cardholder intentionally enrolls a card and is thus aware of possibility to use C2P.
Recommended implementation. |
Verestro TMP API (including Synchronous card enrollment endpoint), Visa SRC / MDES for Digital Commerce integration |
|
Automated, issuer initiated |
Card credential and personal data are pushed automatically, without user additional engagement. C2P T&C’s are usually part of issuer’s T&C and consent is given during card activation. |
Very convenient flow, with minimal user engagement. Although it’s recommended by TSPs, cardholders may not be aware that their card has been pushed to C2P. This flow can also be used for card migrations and bulk enrollments.
Recommended for migrations.
|
Verestro TMP API (including Bulk card enrollment endpoint),
Visa SRC / MDES for Digital Commerce integration |
|
Manually, via Merchant’s Payment Gateway |
Cardholder needs to manually type card credentials, personal data and accept T&C’s during ecommerce payment. |
This flow requires significant friction and may result in cart abandonment. Convenient for issuers, as works out of the box, assuming MDES/VTS are integrated. Less popular with cardholders. |
Verestro TMP API, VTS / MDES integration |
|
Manually, via TSP website |
Cardholder needs to register to click to pay via TSP website and manually type card credentials, personal data and accept T&C’s. |
This flow requires not only a lot of effort from the cardholder, but also knowledge about existence of such websites. Convenient for issuers, as works out of the box, assuming MDES/VTS are integrated. Least popular with cardholders. |
Verestro TMP API, VTS / MDES integration |
The Token Management Platform as the Issuer's API Gateway
Rather than integrating directly with Visa SRC and Mastercard MDES APIs separately — each with distinct authentication, schemas, and lifecycle models — the issuer connects to a single Token Management Platform. The TMP normalises both networks behind a unified REST API, handles routing to the correct SRCS based on card BIN, manages token lifecycle and provides reporting.