Adyen

Overview

Adyen is a global payment technology company processing transactions for major merchants including Uber, Spotify, and Microsoft. Unlike payment aggregators, Adyen holds acquiring licenses directly in most major markets, enabling end-to-end payment processing. Its web integration embeds secure, PCI-compliant payment components directly into merchant checkout pages, handling card entry, authentication challenges, and tokenization without redirecting customers away from the merchant site.

What This Script Does

Adyen's Web Components or Drop-in library loads from checkoutshopper-live.adyen.com (or the test equivalent). The script renders payment method selection interfaces and secure card input fields inside isolated iframes, ensuring that raw card data never touches the merchant's DOM or JavaScript scope.

When a customer enters card details, the library tokenizes the data client-side and transmits it directly to Adyen's PCI Level 1 certified infrastructure. For cards enrolled in 3D Secure (Visa Secure, Mastercard Identity Check), the library manages the authentication challenge flow within a modal or redirect, handling the full EMV 3DS2 protocol.

Adyen sets a session cookie to maintain payment state during the checkout flow. The adyen-checkout__session cookie (or similar session identifier) persists only for the browser session and is strictly necessary for completing the transaction. No long-lived tracking cookies are set by the payment components.

The scripts communicate with checkoutshopper-live.adyen.com for payment method configuration, tokenization, and transaction status polling. Device fingerprinting data (screen dimensions, timezone, browser capabilities) is collected as part of the 3DS2 authentication flow, which is a regulatory requirement under PSD2 Strong Customer Authentication rather than optional analytics.

Consent & Compliance

Adyen is classified as functional. Its scripts provide payment processing functionality that is strictly necessary for completing a purchase the customer has initiated.

Under GDPR and the ePrivacy Directive, payment processing cookies and scripts fall under the "strictly necessary" exemption. The session cookies maintain payment state during an active transaction, and the device fingerprinting serves a regulatory requirement (PSD2 SCA). No consent is required for these operations.

Under CCPA/CPRA, payment data processed by Adyen is covered by the financial data exception and is used solely to complete the requested transaction. Standard privacy policy disclosures are sufficient.

Should You Block This Without Consent?

No. Adyen provides essential payment processing functionality. Blocking it would prevent customers from completing purchases. The scripts handle only transaction-related data and set no tracking cookies beyond session-scoped payment state.