Elavon

Elavon

Elavon scripts embed hosted payment forms for processing card transactions on merchant websites. Scripts handle card data within Elavon's PCI-compliant hosted environment, preventing direct handling of sensitive card data by the merchant. Session data is used for fraud prevention.

Back to Vendor Library

Overview

Elavon, a subsidiary of US Bancorp, is a major global payment processor serving merchants across retail, hospitality, healthcare, and e-commerce. When Elavon's scripts appear on merchant websites, they're powering the hosted payment form experience — secure card entry interfaces that process transactions through Elavon's PCI-compliant infrastructure without exposing sensitive card data to the merchant's servers.

Elavon's approach to web integration is conservative and security-focused, reflecting its banking heritage and the stringent requirements of payment card processing.

What This Script Does

Elavon's scripts handle secure payment processing on merchant checkout pages:

  • Hosted payment form rendering: Displays card entry fields within Elavon's hosted environment (typically iframes), capturing card number, expiration date, and CVV directly on Elavon's PCI-certified servers
  • Payment tokenization: Converts card details into secure tokens for transaction processing, allowing merchants to manage payments without directly handling card data
  • Transaction processing: Submits payment authorization requests through Elavon's processing network and returns approval or decline responses to the checkout flow
  • Session state management: Sets cookies to maintain the payment session, linking the customer's cart to the active transaction through the authorization cycle
  • Fraud prevention signals: Collects basic device and session data to support fraud screening for the transaction
  • 3D Secure support: Manages cardholder authentication flows when required by the card issuer or regional regulations

Consent & Compliance

Elavon's payment scripts operate in a clear compliance context:

  • GDPR: Payment processing for a customer-initiated purchase falls under "performance of a contract" (Article 6(1)(b)). Elavon/US Bancorp acts as a data processor for transaction data and provides standard DPAs.
  • ePrivacy Directive: Payment session cookies and fraud prevention data collection are strictly necessary for the requested service and exempt from consent requirements.
  • PCI DSS: Elavon maintains PCI DSS Level 1 certification. Hosted payment forms keep card data within Elavon's certified environment, minimizing merchant PCI scope.

Should You Block This Without Consent?

Elavon's scripts are essential to completing purchases on your site. They process payment transactions that customers explicitly initiated by proceeding to checkout. The session cookies maintain transaction state, and the fraud prevention measures protect both parties. Blocking these scripts would prevent customers from paying.

No.

Visit website

Consent Categories

Essential
Functional

Also Known As

elavonelavon paymentselavon hosted formelavon checkoutelavon pcielavon cookies

Industries

Computers Electronics and TechnologyFinanceProgramming and Developer SoftwareBusiness and Consumer Services

Tracked Domains (1)

elavon.comEssential

Frequently Asked Questions

Should Elavon scripts be blocked pending consent?

No. Elavon processes card transactions that customers explicitly initiate at checkout. Payment session cookies and fraud prevention data fall under the strictly necessary exemption, making consent a legally incorrect basis for this processing.

What does Elavon's hosted payment form do technically?

Elavon renders card entry fields inside iframes hosted on its PCI DSS Level 1 certified servers. Card number, expiry, and CVV are captured directly by Elavon — the merchant's servers never handle raw card data, minimizing PCI scope.

How does ConsentStack treat Elavon on checkout pages?

ConsentStack classifies Elavon as essential and loads it unconditionally. Because Elavon is required to process customer-initiated purchases, ConsentStack does not gate it behind any consent prompt. Disclose Elavon as a payment processor in your privacy policy.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Elavon

ConsentStack automatically detects and manages Elavon trackers so your site stays compliant with global privacy regulations.

Get started free