Paysafe

Overview

Paysafe is a global payment solutions group operating multiple payment brands under one corporate umbrella. Key products include Skrill (digital wallet and money transfer), Neteller (e-wallet popular in regulated industries), Paysafecard (prepaid voucher payments), and direct card acquiring and processing services for merchants. Paysafe is particularly prevalent in iGaming, forex and CFD trading, digital entertainment, and other regulated sectors where alternative payment methods are common due to high chargeback risk or user demographics that favor privacy-oriented payment options.

Merchants integrate Paysafe through its JavaScript SDK to accept payments from wallet holders and card customers, embedding hosted payment forms on deposit and checkout pages. The iframe-based integration architecture isolates payment data from the merchant's domain, analogous to Stripe's approach.

What This Script Does

Script loading: Paysafe's merchant-facing JavaScript loads from hosted.paysafe.com/js/v1/paysafe.js or environment-specific CDN endpoints (api.paysafe.com, merchant.paysafe.com). The script initializes the Paysafe.js SDK, which renders the hosted payment form components.

Hosted fields (iframe-based card capture):

• Card number, expiry, and CVV fields are rendered inside iframes hosted on the paysafe.com domain, keeping card data outside the merchant's PCI scope
• Tokenization occurs on Paysafe's servers; a non-sensitive payment token is returned to the merchant for server-side charge processing
• The Paysafe.js SDK handles card brand detection (Visa, Mastercard, Amex), real-time validation feedback, and 3D Secure v2 authentication flows

Skrill and Neteller wallet flows:

• For wallet payments, the script redirects to or embeds a Skrill/Neteller authentication page where the wallet holder logs in to authorize the transfer
• OAuth-style authorization tokens are exchanged between the wallet provider and the merchant backend; no wallet credentials are exposed to the merchant

Cookies set:

• paysafe_session — First-party cookie on the paysafe.com / merchant.paysafe.com domain, session duration, maintains transaction state and correlates the payment attempt with the merchant's server-side request
• paysafe_device — Session to 24-hour persistent cookie, device fingerprint token used for fraud detection and risk scoring; may include browser characteristics, screen dimensions, and timezone
• 3DS state cookies — Temporary session cookies set during the 3D Secure authentication challenge flow, cleared on completion

Fraud detection signals: Browser fingerprint data (user agent, installed plugins, screen resolution, language settings, IP address, WebGL renderer) is collected and transmitted to Paysafe's risk scoring engine to evaluate transaction legitimacy. This processing is integral to the payment service and not separable as an optional component.

Consent & Compliance

Paysafe is categorized as essential and functional.

• GDPR/ePrivacy: Payment processing, fraud detection, and 3D Secure authentication cookies are strictly necessary for completing the payment transaction the visitor has explicitly initiated. These qualify for the Article 5(3) ePrivacy strictly necessary exemption. The fraud detection device fingerprinting is justified under GDPR Article 6(1)(b) (performance of a contract) and Article 6(1)(f) (legitimate interest in fraud prevention).
• CCPA/CPRA: Payment processing is a transactional business purpose; Paysafe operates as a service provider. Merchants must disclose Paysafe in their privacy policy as a payment processor.
• PCI DSS: Paysafe is a Level 1 PCI DSS service provider. Merchants using hosted fields reduce their PCI scope.
• Regulated industries: For iGaming merchants, Paysafe's KYC (Know Your Customer) and AML (Anti-Money Laundering) processing obligations may require additional data collection beyond standard payment processing — this is governed by gaming license conditions and AML regulations, not website cookie consent.
• EU-US transfers: Paysafe Group is incorporated in the UK and listed on NYSE. EU data transfers are covered under UK GDPR and applicable SCCs.

Should You Block This Without Consent?

No. Paysafe scripts are essential for completing payment transactions that visitors have explicitly chosen to initiate. The session cookies, device fingerprinting for fraud detection, and 3DS authentication components are all strictly necessary for the payment service and qualify for consent exemptions under GDPR, ePrivacy, and CCPA/CPRA frameworks. Blocking Paysafe scripts would prevent checkout or deposit completion entirely.