What are Live Credentials on File?
A stored credential is information, including but not limited to, a card number or payment token, that’s stored by a merchant or a third party on their behalf to process future purchases for the cardholder.
What is a tokenized Card number?
Tokenization is the process of replacing sensitive card data with a token value that retains all the essential information about the data without compromising its security. Since the token isn’t a card number, it can't be used outside the context of a specific unique transaction with that particular merchant.
Why are VISA and Mastercard making these changes?
Due to the increase in the number of transactions where stored credentials are used, the Card Schemes want to be able to identify their storage and subsequent use to enable appropriate processing. This should lead to improved authorization approval rates and completed sale transactions.
Credential on File (CoF) is a requirement from Visa and MasterCard in order to provide greater visibility for all parties into transaction processing to identify initial storage and subsequent usage of stored credentials to determine the risk level. By providing these details it will increase the approval rate and improve the cardholder experience. If you offer the cardholder to store their credentials for future use or recurring it’s required to have cardholder consent.
What are the requirements to make these changes?
You, or the third party you use, must:
Obtain the cardholder’s consent for the initial storage of their credentials, and
Use appropriate data values (Stored Credential Indicators) to identify the initial storage of the credential and the subsequent usage of that stored credential.
Details of the technical requirements can be found in our Copy + Pay Recurring Payment Flow article as well as a
Guide on setting up recurring payments on Copy and Pay Example.
You can refer to this link for more information
- CIT (customer initiated transaction)
- MIT (merchant initiated transaction)
NB: If a RECURRING payment is being actioned, then the following parameter needs to be added in order to distinguish the type of recurring transactions being processed:
- on top of "standingInstruction.type=RECURRING:
Please see link for deeper explanation of each parameter.