Nuvei

Nuvei

Nuvei is a global payment technology platform that embeds hosted payment forms and checkout flows on merchant websites. Scripts handle card and alternative payment processing, 3DS authentication, and transaction routing for online and in-app commerce.

Back to Vendor Library

Overview

Nuvei is a global payment technology company that provides payment processing infrastructure for online merchants, marketplaces, and platforms. The company supports over 700 alternative payment methods across nearly 200 markets, making it one of the more comprehensive payment gateway options for businesses operating internationally. When Nuvei's scripts appear on a merchant's website, they power the checkout experience — securely collecting payment credentials and routing transactions through the appropriate payment networks.

As a payment processor, Nuvei occupies a position of significant trust in the e-commerce transaction chain. Its scripts handle the most sensitive data a website processes: credit card numbers, bank account details, and authentication credentials. This necessitates strict security standards (PCI DSS compliance) and places Nuvei's scripts firmly in the essential category — they are the mechanism through which the website generates revenue.

What This Script Does

Nuvei's scripts provide secure payment processing functionality on merchant websites:

  • Hosted Payment Fields: Renders PCI-compliant input fields for collecting card numbers, expiration dates, CVVs, and cardholder names. These fields are served from Nuvei's secure infrastructure via iframes, ensuring sensitive payment data never touches the merchant's servers or DOM.
  • Alternative Payment Methods: Presents and manages checkout flows for non-card payment options including digital wallets (Apple Pay, Google Pay), bank transfers, buy-now-pay-later services, and region-specific payment methods based on the customer's location and the merchant's configuration.
  • 3D Secure Authentication: Handles the 3DS verification flow required by card networks and regulations like PSD2 Strong Customer Authentication. This involves redirects or embedded challenge frames where the cardholder verifies their identity with their issuing bank.
  • Transaction Routing: Manages the communication between the checkout interface and Nuvei's payment processing infrastructure, handling authorization requests, decline responses, retry logic, and transaction confirmation callbacks.
  • Fraud Prevention: Integrates device fingerprinting and behavioral analysis as part of Nuvei's fraud detection capabilities, collecting device and session data to assess transaction risk in real time.
  • Tokenization: Securely stores payment credentials as tokens for returning customers, enabling one-click checkout experiences without re-entering payment details.

Consent & Compliance

Nuvei's payment processing scripts operate under a clear legal basis across all major privacy frameworks. Under GDPR Article 6(1)(b), payment processing is necessary for the performance of the purchase contract — the customer has decided to buy something and payment collection is an integral step in that transaction.

The ePrivacy Directive's cookie exemption for strictly necessary functionality applies to all cookies and device storage used by Nuvei's payment scripts, including session tokens, payment form state, and fraud detection mechanisms. These are all essential to completing the transaction the customer has initiated.

The fraud prevention component deserves specific attention. Nuvei's device fingerprinting and behavioral analysis for fraud detection process additional data points beyond the payment credentials themselves. However, this processing is generally considered necessary for the legitimate interest of preventing fraudulent transactions (GDPR Article 6(1)(f)) and is typically covered by the security exemptions in privacy regulations.

Nuvei maintains PCI DSS Level 1 compliance, the highest level of payment security certification. Merchants using Nuvei's hosted payment fields benefit from reduced PCI compliance scope since sensitive card data is handled entirely within Nuvei's certified environment.

Should You Block This Without Consent?

Nuvei's scripts are essential payment infrastructure. Blocking them would prevent customers from completing purchases, directly undermining the core commercial function of the website. Payment processing is strictly necessary for the service requested by the customer, and all data collection is limited to what is required for secure transaction completion and fraud prevention.

No.

Visit website

Consent Categories

Essential

Also Known As

Nuvei paymentsNuvei checkoutNuvei gatewayNuvei payment processing

Industries

Finance

Tracked Domains (1)

nuvei.comEssential

Frequently Asked Questions

Is consent required before Nuvei loads?

No. Nuvei is a payment gateway. Its scripts are essential for customers to complete purchases. Payment processing is strictly necessary for the contract the customer has initiated and is exempt from consent requirements under GDPR and ePrivacy rules.

What does Nuvei collect during checkout?

Nuvei collects payment credentials through PCI DSS Level 1 compliant hosted iframes, keeping card data off the merchant's servers. Fraud detection uses device fingerprinting and behavioral signals, justified as a legitimate interest for security.

How does ConsentStack treat Nuvei?

ConsentStack classifies Nuvei as essential payment infrastructure and never blocks it behind a consent prompt. All data processing — card collection, fraud prevention, and 3DS authentication — is necessary to complete the transaction the customer requested.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Nuvei

ConsentStack automatically detects and manages Nuvei trackers so your site stays compliant with global privacy regulations.

Get started free