How to flag stored credentials

What are stored credentials?

To make sure merchants use their customers’ details responsibly, Visa and Mastercard have introduced a new framework for the storing of card details and new rules for any associated transactions. This framework identifies stored credentials as Credentials on File (COF) and classifies the transaction that use them as either Consumer Initiated Transactions (CIT) or Merchant Initiated Transactions (MIT).

For backwards compatibility, the Gateway will try to automatically identify if a transaction is a Consumer Initiated Transaction or a Merchant Initiated Transaction from the value provided for the action, type and rtAgreementType fields.

You may also pass the initiator field in the request to force a classification. This can be used if the Gateway is unable to correctly determine the transaction. If, however, the requested classification is incompatible with the provided request fields then the transaction will fail with a responseCode of 66944 (INVALID INITIATOR).

The initiator field will be returned in the response with either the value passed in the request or the automatically identified value.

Credentials on File (CoF)

Credentials on File (CoF) is the process when the Consumer authorises you to store their credentials (including, but not limited to, an account number or payment token) for future transactions. This includes for future Recurring or Instalment payments and Unscheduled ad-hoc payments, where the Consumer does not need to enter their payment credentials again. These transactions must always be identified with the reason for storing or using the stored credentials and who initiated the transaction - Consumer (CIT) or Merchant (MIT).

Consumer Initiated Transactions (CIT)

Consumer Initiated Transactions (CIT) are any transaction where the Consumer is actively participating in the transaction. This can be either through a checkout experience online, via a mail order or telephone order, with or without the use of an existing stored credential.

A Consumer Initiated Transaction is one whose action field is one of PREAUTH, SALE or VERIFY and whose type is one of 1 (ECOM) or 2 (MOTO).

To indicate that the card details are to be stored as, or were stored as, Credentials on File then send the rtAgreementType field as one of the following values:

• cardonfile – card details stored as Credential on File.
• recurring – initial payment as the start of a recurring payment agreement.
• instalment – initial payment as the start of an instalment payment agreement.

Merchant Initiated Transactions (MIT)

Merchant Initiated Transactions defined under this category are performed to address pre-agreed standing instructions from the Consumer for the provision of goods or services. The following transaction types are standing instructions transactions:

• Instalment Payments: A transaction in a series of transactions that use a stored credential and that represent Consumer agreement for the merchant to initiate one or more future transactions over a period for a single purchase of goods or services.
• Recurring Payments: A transaction in a series of transactions that use a stored credential and that are processed at fixed, regular intervals (not to exceed one year between transactions), representing Consumer agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals.
• Unscheduled Credential on File (UCOF): A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date, where the Consumer has provided consent for the merchant to initiate one or more future transactions. An example of such transaction is an account auto-top up transaction.

Industry-Specific Business Practice MIT

Merchant Initiated Transactions defined under this category are performed to fulfil a business practice as a follow-up to an original Consumer-Merchant interaction that could not be completed with one single transaction. Not every industry practice Merchant Initiated Transaction requires a stored credential, for example, if you store card details for a single transaction or a single purchase, it is not considered as a stored credential transaction. The following transaction types are industry specific transactions:

• Incremental authorizations can be used to increase the total amount authorised if the authorised amount is insufficient. An incremental authorization request may also be based on a revised estimate of what the Consumer may spend.
• Resubmission: You can perform a resubmission in cases where it requested an authorization but received a decline due to insufficient funds; however, the goods or services were already delivered to the Consumer. In such scenarios, you can resubmit the request to recover outstanding debt from Consumers.
• Reauthorization: You can initiate a reauthorization when the completion or fulfilment of the original order or service extends beyond the authorization validity limit set by the card scheme.
• Delayed Charges: Delayed charges are performed to make a supplemental account charge after original services have been rendered and payment has been processed.
• No Show: Consumers can use their payment credentials to make a guaranteed reservation with certain merchant segments. A guaranteed reservation ensures that the reservation will be honoured and allows you to perform a No Show transaction to charge the Consumer a penalty according to your cancellation policy. If no payment is made to guarantee a reservation, then it is necessary to perform a VERIFY Consumer Initiated Transaction at the time of reservation to be able perform a No Show transaction later.

For more information about these type of transactions and how to flag them see section A 17 of the Gateway Integration Guide.