Mollie

Mollie

Mollie is a European payment service provider supporting cards, iDEAL, PayPal, Klarna, and other methods. Scripts embed hosted checkout components and payment widgets on merchant sites, handling secure card entry and payment method selection. Sets session cookies to manage payment flow state and fraud prevention.

Back to Vendor Library

Overview

Mollie is one of Europe's leading payment service providers, particularly popular in the Netherlands, Belgium, and Germany. The platform supports a wide range of European payment methods beyond standard credit cards — including iDEAL, Bancontact, SOFORT, and Klarna — making it a go-to choice for merchants serving European customers. When Mollie's scripts appear on merchant websites, they're handling the critical payment step of the checkout process.

Unlike marketing or analytics scripts, Mollie's code serves a transactional purpose that's directly tied to completing a purchase the customer has initiated.

What This Script Does

Mollie's scripts handle payment processing on merchant sites:

  • Hosted payment components: Renders secure card entry fields (card number, expiry, CVV) as iframe-embedded components that keep sensitive payment data off the merchant's servers, reducing PCI DSS compliance scope
  • Payment method selection: Displays available payment options based on the customer's location and the merchant's configuration, including local methods like iDEAL bank selection
  • Checkout flow management: Handles redirects to external payment providers (bank login pages for iDEAL, Klarna's checkout, PayPal authorization) and processes the return flow
  • Session cookies: Sets cookies to maintain payment session state, linking the customer's cart to their payment attempt and tracking the transaction through completion
  • Fraud prevention: Collects device fingerprinting data and behavioral signals to assess transaction risk and prevent payment fraud
  • Error handling: Manages failed payment attempts, retries, and fallback payment method suggestions

Consent & Compliance

Mollie's scripts operate in a well-defined compliance context:

  • GDPR: Payment processing has a clear lawful basis under "performance of a contract" (Article 6(1)(b)) — the customer initiated a purchase, and processing payment is necessary to fulfill it. Mollie acts as both a data processor and, for certain payment methods, a data controller.
  • ePrivacy Directive: Cookies used for payment session management and fraud prevention are "strictly necessary" for the service explicitly requested by the user, exempting them from consent requirements.
  • PCI DSS: Mollie's hosted payment components are designed to minimize merchant PCI scope by keeping card data within Mollie's certified infrastructure.
  • PSD2/SCA: Mollie handles Strong Customer Authentication requirements for European transactions, managing 3D Secure flows and exemption requests.

Mollie maintains compliance certifications (PCI DSS Level 1) and provides DPAs to merchants.

Should You Block This Without Consent?

Mollie's scripts are essential to completing purchases on your site. They handle the payment transaction that the customer explicitly initiated by proceeding to checkout. The cookies set are strictly necessary for managing the payment session and preventing fraud — both purposes that fall under the "strictly necessary" exemption in privacy regulations. Blocking Mollie's scripts would prevent customers from completing purchases entirely.

No.

Visit website

Consent Categories

Essential

Also Known As

Mollie paymentsMollie checkoutMollie iDEALEuropean payment providerMollie gateway

Industries

Finance

Tracked Domains (1)

mollie.comEssential

Frequently Asked Questions

Does Mollie require cookie consent?

No. Mollie's payment scripts handle a transaction the customer explicitly initiated. The cookies set for payment session management and fraud prevention fall under the strictly necessary exemption in ePrivacy regulations, meaning no consent banner is required before they load.

What does Mollie's script do on checkout pages?

Mollie renders secure card input fields in iframes to keep payment data off merchant servers, manages payment method selection for European methods like iDEAL and Bancontact, handles 3D Secure flows, and collects device signals for fraud prevention during the transaction.

How does ConsentStack handle Mollie?

ConsentStack classifies Mollie as essential, so its payment scripts are always permitted to load regardless of visitor consent choices. ConsentStack will not block Mollie at any point in the consent flow, ensuring checkout functionality is never interrupted by consent management.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Mollie

ConsentStack automatically detects and manages Mollie trackers so your site stays compliant with global privacy regulations.

Get started free