Stored Payment Credential Mandate

Credential on File (CoF) is the process when the cardholder authorizes the merchant to store their credentials (including, but not limited to, an account number or payment token) for future transactions. That includes both Recurring payments and where the cardholder does not need to enter all their card details at that merchant; also known as Unscheduled. These transactions must always be identified with the reason for storing or using the stored credentials and who initiated the transaction - cardholder (CIT) or merchant (MIT).

Why Credential on File (CoF)

Credential on File (CoF) is a requirement from Visa and MasterCard in order to provide greater visibility for all parties into transaction processing to identify initial storage and subsequent usage of stored credentials to determine the risk level. By providing these details it will increase the approval rate and improve the cardholder experience. If you offer the cardholder to store their credentials for future use or recurring it’s required to have cardholder consent.

Summary of Requirements

  • Disclose to cardholders how those credentials will be used.
  • Obtain cardholders’ consent to store the credentials.
  • Notify cardholders when any changes are made to the terms of use.
  • Inform the card issuer via a transaction that payment credentials are now stored on file.
  • Identify transactions with appropriate indicators when using stored credentials.

CoF is applied in the following cases

  • Processing an account check or authorisation request, where card details are to be re-used later.
  • Processing a re-authorisation.
  • Processing regular recurring payments.

Options for Credential on File (CoF)

A Stored Credential can be cardholder or merchant initiated (based on previous instruction from cardholder).

Cardholder-initiated Transaction (CIT)

A Cardholder-initiated Transaction (CIT) is processed when the cardholder is present and provides their payment credentials or use previously stored credentials. This type of transaction demonstrates a payment that is mutually agreed upon by both the cardholder and the merchant.

Merchant-initiated Transaction (MIT)

A Merchant-initiated Transaction (MIT) is processed without any validation from the cardholder. This type of transactions can only be processed on a previous CIT. The MIT can be divided into recurring/subscription or unscheduled card on file.

Implementing Credential on File (CoF)

To indicate if a transaction is using CoF, use the storedCredentialInfo object.

CoF Options Possible Values Explanation
StoredCredentialIndicator CIT_FIRST_TIME, CIT_USE_STORED, MIT_USE_STORED Indicates if the transaction is initiated by card holder or merchant and if stored credentials are initially stored or re-used.
StoredCredentialReason UNSCHEDULED, RECURRING, RESUBMISSION, DELAYED_CHARGES, NO_SHOW, UNDEFINED Indicates the reason for using stored credentials. Note: This field is not required by all acquirers.
SchemeReferenceId If scheme reference id is received in the initial transaction storing the credentials, it should be included in all subsequent requests that require a scheme reference ID.