One-click payments
What is one-click payments?
One-click payments are a checkout method that lets a returning customer complete a purchase with a single action – a click, tap, or biometric gesture – using card and contact details saved during an earlier transaction.
The first purchase runs like any normal checkout: the customer enters card data, billing, and shipping details. That card data is replaced with a and stored securely, so every later purchase skips the form and authorizes against the saved credential instead.
Key facts
- Also known as: one-click checkout, express checkout
- Applies to: returning customers who already have a payment credential on file
- Relies on: secure card storage under , , and fast identity authentication
- Common in: mobile commerce, subscriptions, and marketplaces where the same customer buys repeatedly
How one-click payments work
- Initial setup – on the first purchase, the customer enters and confirms card, billing, and shipping details.
- Tokenization – the card number is replaced with a and stored, so the raw number isn't held on the merchant's side for future use.
- Authentication – when the customer returns, they're identified through a logged-in account, a bound device, or biometrics rather than re-entering card data.
- Fraud check – real-time scoring assesses the request against risk signals before the charge goes through.
- Authorization – the stored token is sent to the payment processor and the payment clears without the customer touching a form.
Why it matters
- Every form field is a point where a customer can hesitate and abandon the cart. Removing the form on repeat purchases cuts that drop-off directly.
- On small mobile screens, typing a full card number is the main source of friction, so a saved credential keeps the purchase inside the app instead of pushing the customer to a slow form.
- A stored credential is what makes and instant re-purchase work, since the customer never has to re-authorize each transaction manually.
Common issues
- Data security – holding stored credentials makes a merchant a bigger target, which is why scope and tokenization sit at the center of any one-click setup.
- Authentication rules – under PSD2 in the EEA, can require a challenge step, so one-click flows there depend on exemptions or delegated authentication to stay frictionless.
- Wallet-based alternatives – express options such as Apple Pay and Google Pay deliver a one-click-style checkout through a rather than card data the merchant stores itself.
- Data retention – stored payment details fall under legal and scheme rules on how long credentials can be kept and how they must be protected.


