User data & privacy
For detailed information about who can use Vipps MobilePay, see Who can use Vipps MobilePay.
User lookup and privacy protection​
Vipps MobilePay does not offer a lookup service to check if a phone number belongs to a user, as this would leak information about users. If a payment is initiated for a user that cannot pay businesses, the API will return an error.
For privacy reasons, when a payment request fails due to phone number issues, Vipps MobilePay does not disclose which of these scenarios applies:
- Not a Vipps MobilePay user
- A Vipps MobilePay user, but too young to pay businesses
- A previous Vipps MobilePay user that has deleted their account
- A Vipps MobilePay user that has their account temporarily or permanently blocked
More details about the reason for the failure cannot be provided.
Note on account verification: While there is no separate lookup API, attempting to initiate a payment with a phone number that is not registered with Vipps or MobilePay will fail.
Users that install the app accept the terms and conditions, including being "looked up" by the merchant if the payment is initiated with the phone number specified. Users can pay with Vipps without sharing their phone number with the merchant.
See terms and conditions.
Users with unlisted numbers, secret numbers, etc. can still pay with Vipps, since their phone number is not shared with anyone without their explicit consent.
User information and consent​
Merchants can request user information, but only as part of a payment or login flow.
Vipps MobilePay offers merchants the possibility to ask users for information as part of the payment flow or login flow.
Vipps or MobilePay users have not consented to providing any information to third parties, and Vipps MobilePay does not allow this. Users must always give consent to sharing data with a merchant. There is no other API to look up a user's address, retrieve a user's purchases, etc.
User anonymity in transactions​
Vipps MobilePay is anonymous for users by default. Users can pay through Vipps MobilePay without sharing their personal data with the merchant.
Getting user consent for personal data: Merchants can use the built-in functionality to get the user's consent to share personal data, such as phone number, name, email address and address. See Userinfo and Express Checkout.
Transaction overview display: The transaction overview on portal.vippsmobilepay.com shows customer names for some Vippsnummer and MobilePay-nummer payments.
For online payments, the payment's ID is shown instead of the customer name.
The reference (or orderId in the older eCom API) is specified by the merchant. See the
recommendations for reference and orderId.
Use Userinfo to get the customer's consent to share name, email address, etc. The user can then consent to sharing as part of the payment flow.
For payments where the customer is not physically present, you are required by law to use one of the online payment methods. You need Payment Integration.
Vipps MobilePay users must always give consent to sharing data with a merchant. There is no other API to look up a user's address, retrieve a user's purchases, etc.