Worldpay

Worldpay

Worldpay (FIS) is a global payment processing company. Scripts embed hosted payment pages, card tokenization forms, and 3D Secure authentication flows on merchant checkout pages. Collects payment card data within secure iframes; sets session and fraud detection cookies to manage transaction state.

Back to Vendor Library

Overview

Worldpay, now part of FIS (Fidelity National Information Services), is one of the largest payment processors globally, handling transactions for merchants ranging from small businesses to major enterprises. With roots dating back to the early days of electronic payment processing, Worldpay powers checkout experiences for a significant portion of global e-commerce.

When Worldpay's scripts appear on merchant websites, they're handling the most security-sensitive part of the customer journey: the payment transaction itself.

What This Script Does

Worldpay's scripts manage secure payment processing on merchant checkout pages:

  • Hosted payment fields: Renders card input fields (card number, expiry date, CVV) within secure iframes that isolate sensitive payment data from the merchant's page, significantly reducing PCI DSS compliance scope
  • Card tokenization: Converts entered card details into secure tokens on Worldpay's servers, allowing the merchant to process payments without directly handling card data
  • 3D Secure authentication: Manages the Strong Customer Authentication (SCA) flow required by PSD2, presenting bank verification screens (3DS2) within the checkout experience
  • Payment method rendering: Displays available payment options based on merchant configuration, customer location, and card type detection
  • Session cookies: Sets cookies to maintain payment session state, linking the customer's cart to the active transaction and tracking the payment through authorization and capture
  • Fraud detection: Collects device fingerprinting data, behavioral signals, and transaction risk indicators to feed Worldpay's fraud screening systems
  • Error handling and retry logic: Manages declined transactions, network errors, and payment method fallbacks to maximize successful payment completion

Consent & Compliance

Worldpay operates in a heavily regulated compliance environment:

  • GDPR: Payment processing has a clear lawful basis under "performance of a contract" (Article 6(1)(b)) — the customer initiated a purchase. Worldpay acts as both a data processor (for merchant data) and a data controller (for its own fraud prevention and regulatory obligations).
  • ePrivacy Directive: Payment session cookies and fraud prevention mechanisms are strictly necessary for the service the customer requested and are exempt from consent requirements.
  • PCI DSS: Worldpay is certified PCI DSS Level 1 (the highest level). Its hosted payment fields are specifically designed to keep merchants out of PCI scope by ensuring card data never touches merchant servers.
  • PSD2/SCA: Worldpay handles Strong Customer Authentication requirements for European transactions, including 3D Secure flows, exemption management, and transaction risk analysis.

Worldpay provides comprehensive DPAs and maintains certifications across major regulatory frameworks.

Should You Block This Without Consent?

Worldpay's scripts are essential infrastructure for completing purchases. They process the payment transaction that the customer explicitly initiated by proceeding to checkout. The cookies set are strictly necessary for maintaining payment session state and preventing fraud — both falling squarely within the "strictly necessary" exemption. Blocking Worldpay's scripts would completely prevent customers from completing purchases.

No.

Visit website

Consent Categories

Essential

Also Known As

Worldpay FISWorldpay gatewayWorldpay checkoutWorldpay 3DSFIS payment processing

Industries

Finance

Tracked Domains (2)

worldpay.comEssential
fisglobal.comEssential

Frequently Asked Questions

Does Worldpay require cookie consent?

No. Worldpay processes payments that customers explicitly initiated. Session cookies and fraud detection mechanisms are strictly necessary for completing the transaction and fall under the ePrivacy strictly necessary exemption. No consent gate is required before Worldpay loads.

What does Worldpay's script do during checkout?

Worldpay renders secure card input fields in iframes to keep card data off merchant servers, handles 3D Secure authentication for PSD2 compliance, tokenizes card details, and collects device fingerprinting signals to feed its fraud screening systems during the payment transaction.

How does ConsentStack treat Worldpay?

ConsentStack classifies Worldpay as an essential vendor, meaning its payment scripts are never blocked regardless of visitor consent choices. ConsentStack will not interfere with checkout at any point, ensuring customers can always complete purchases on your site.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Worldpay

ConsentStack automatically detects and manages Worldpay trackers so your site stays compliant with global privacy regulations.

Get started free