AutifyDigital Lloyds® Payment Integration

Seamlessly connect your store to the Lloyds® payment gateway and provide your customers with a secure, reliable checkout experience. This comprehensive payment integration for Magento 2 enables UK merchants to accept credit and debit card payments directly through one of the country's most trusted banking institutions.

This extension for Magento 2 transforms checkout by offering two flexible payment processing methods: an embedded payment solution (Payment.JS) that displays a secure payment form directly on your checkout page, and a hosted payment page (HPP) that redirects customers to Lloyds's secure environment for payment processing. The embedded solution provides a seamless, on-site experience where customers never leave your store, while the hosted option offers an additional layer of trust for customers who prefer to enter payment details on the Lloyds's own secure page. Beyond standard card payments, the module enables express checkout functionality through Apple Pay and Google Pay digital wallets, which can be configured to appear on product pages, the mini cart, cart page, and checkout page—giving customers multiple convenient touchpoints to complete their purchase quickly. For merchants who take telephone or mail orders, the MOTO (Mail Order/Telephone Order) payment feature allows secure card processing directly from the admin panel, making it ideal for businesses that combine online and offline sales channels. The tokenisation feature enables returning customers to save their card details securely for faster future checkouts, while the comprehensive refund processing system allows you to issue full or partial refunds directly through the admin interface without needing to log into separate banking portals. The built-in transaction reporting dashboard provides real-time visibility into all payment activity, statuses, and order details, helping you maintain complete control over your business finances.

Account & Pricing

Separate Account Required: Yes. A Lloyds merchant account is required to use this extension. The merchant account must be set up directly with Lloyds and cannot be created during the extension installation process.

Account Setup: You must apply for and obtain your Lloyds merchant account separately before installing this extension. To apply for an account or learn more about merchant services, please visit: 

https://www.lloydsbank.com/business/take-payments-with-cardnet/online-payments.html

Additional Fees: Yes. Lloyds charges transaction fees and potentially monthly fees for their merchant services. These fees are separate from the cost of this extension and are determined by your merchant account agreement with Lloyds. Please contact Lloyds directly for current pricing information on merchant account fees.

Extension Pricing: The extension is available for purchase from Autify Digital. Professional installation services are available at £250 + VAT for card payments only, or £350 + VAT for card payments with on-site wallet integration (Apple Pay and Google Pay).

Contact for Account Setup: For questions about Lloyds merchant accounts, contact Lloyds Business Banking. For questions about this extension, contact Autify Digital at cardnet@autify.co.uk.

Features

• Embedded Payment Solution (Payment.JS): Display a secure, PCI-compliant payment form directly on your checkout page. Customer card details are captured in iframes hosted by Lloyds, ensuring sensitive data never touches your server.
• Hosted Payment Page (HPP): Redirect customers to Lloyds's secure hosted payment page for card entry, then return them to your site upon completion. Ideal for merchants who prefer full payment processing to occur off-site.
• Apple Pay Integration: Enable Apple Pay as an express checkout option on product pages, mini cart, cart page, and checkout page. Customers using Safari on compatible Apple devices can complete purchases with Face ID, Touch ID, or passcode.
• Google Pay Integration: Enable Google Pay as an express checkout option across your store. Customers can pay quickly using cards saved to their Google account without manually entering card details.
• MOTO Payments: Process Mail Order/Telephone Order payments securely from the admin panel. Take card payments over the phone or via email for orders placed outside the standard online checkout.
• Tokenisation (Vault): Allow registered customers to save their card details securely for faster checkout on future orders. 
• Refund Processing: Process full or partial refunds directly from the admin panel by creating a credit memo. Refunds are submitted to Lloyds automatically.
• Authorise and Capture: Choose between immediate capture (Authorize and Capture) or delayed capture (Authorize Only) to suit your business workflow. Capture authorized payments later from the order invoice.
• 3D Secure 2 (3DS2) Authentication: Full support for 3D Secure 2 authentication with configurable challenge indicators. Helps reduce fraud liability and meets Strong Customer Authentication (SCA) requirements.
• Transaction Reporting Dashboard: View all transactions, statuses, and payment details from a dedicated reporting grid in the admin panel. Click any order to see complete payment information and order notes.
• Real-Time Order Updates: Orders and payment statuses are updated instantly as transactions are processed by the gateway via webhook notifications.
• Configurable Payment Form: Customise the appearance and behaviour of the embedded payment form including field labels, placeholder text, and validation messages to match your store's branding.
• Multi-Store Support: Configure different Lloyds credentials and settings per store view in multi-store installations.
• Test/Sandbox Mode: Test your integration thoroughly in sandbox mode before going live. Easily switch between test and production environments from the admin configuration.
• Backend Credentials Validator: Validate your API credentials directly from the admin panel to ensure your configuration is correct before processing live transactions.
• Compatible with M2 2.4.5 - 2.4.8: Fully tested and compatible with Open Source and Adobe Commerce versions 2.4.5, 2.4.6, 2.4.7, and 2.4.8.

Security

This extension for Magento 2 has been designed with security and PCI compliance as a primary consideration. The integration architecture ensures that sensitive cardholder data is handled securely and in accordance with Payment Card Industry Data Security Standard (PCI DSS) requirements.

Payment Methods and Data Handling

Embedded Payment Solution (Payment.JS): The embedded payment form uses Lloyds's Payment.JS library to render secure iframes for card number, expiry date, and CVV fields. Although the payment form appears on your checkout page, the sensitive card fields are actually hosted within iframes served directly from Lloyds's PCI DSS Level 1 certified environment. When a customer enters their card details, the data is captured directly by Lloyds's servers—card data never enters or passes through your server. Your server only receives a secure token representing the payment, which is then used to complete the transaction.

Hosted Payment Page (HPP): When using the redirect method, customers are redirected from your checkout to Lloyds's secure hosted payment page to enter their card details. After payment processing is complete, customers are returned to your store. No card data is entered on or transmitted through your server when using this method.

PCI DSS Compliance

• SAQ A Eligibility: Both the embedded (Payment.JS) and hosted payment page (HPP) methods are designed to support SAQ A eligibility. Because all cardholder data is captured, processed, and stored by Lloyds —not on your server—merchants can typically qualify for the simplest PCI DSS self-assessment questionnaire (SAQ A).

• No Card Data Entry on Merchant Server: Customer payment card details (card number, expiry date, CVV) are never entered directly into forms hosted on your server. For the embedded solution, these fields are rendered in iframes from Lloyds. For the hosted solution, the entire payment page is hosted by Lloyds.

• No Card Data Storage on Merchant Server: This extension does not store any sensitive cardholder data (PAN, CVV, full track data) on your server or database. Tokenised references to saved cards (for the vault feature) are stored by Lloyds, with only non-sensitive token identifiers stored locally.

• 3D Secure 2 (3DS2): The extension fully supports 3D Secure 2 authentication, which provides an additional layer of security for online card payments and helps merchants meet Strong Customer Authentication (SCA) requirements under PSD2 regulations in the UK and EU.

• Secure API Communication: All communication between your server and Lloyds's payment gateway occurs over HTTPS/TLS encrypted connections using secure REST API calls authenticated with your API credentials.

Applicable SAQ Level: SAQ A (subject to merchant's overall environment and other payment methods)

Note: Merchants are responsible for ensuring their overall e-commerce environment meets applicable PCI DSS requirements. While this extension is designed to minimise PCI scope, your specific compliance obligations depend on your complete payment acceptance environment and should be verified with a qualified security assessor if required.

Trademark

Lloyds and Lloyds Bank are trading names of Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065