Last Updated: 04 December 2024 | Change Log
Take repeat payments - A stored credential overview
What is a stored credential?
A stored payment credential is payment instrument information (typically a card number and expiry date). It is saved by you (merchant, payment faciliator, stored digital wallet operator) or Access Worldpay to carry out future payments. This means that your customer does not have to enter card details again when making subsequent purchases which reduces friction in the payment experience.
What is the stored credential mandate?
The growth of digital commerce and the rise in business models suited to that environment has led to an increase in the number of transactions using card details that have been stored.
Furthermore you are increasingly able to submit payments for authorization when the customer is not actively participating. This results in more authorizations which don't have any customer authentication data (for example 3DS and CVC).
The schemes have responded by introducing a series of new indicators and processes.
To ensure compliance with the stored credential mandate you must:
- Inform customers how their stored payment credentials will be used
- Obtains explicit permission from your customers to store the payment credentials
- Notify customers about any changes to terms of use
- Identify the payment with the appropriate indicators
The stored credentials mandate is currently supported for Visa and Mastercard.
What’s the benefit of stored payment credentials?
The purpose of the stored credential mandate is to provide greater clarity into payments that use stored credentials, resulting in:
- Higher authorization rates
- Enhanced customer experience leading to fewer complaints
- Better assessment of payment risk by issuers resulting in fewer chargebacks
What types of transactions use stored payment credentials?
There are two types of stored payment credential transactions:
Card on file payments:
- The customer is actively particpating in making a payment at the point of authorization using card details you have previously stored/ intend to store
- Does not follow a schedule
- Requires explicit permission from the customer to store the card on their account for use in a “one-click” model
- Sometimes referred to as Customer Initiated Transactions (CIT)
Recurring payments:
- A transaction that is triggered by a process when your customer is not actively participating at the point of authorization
- Can only be performed as a follow up from an original card on file payment when your customer was authenticated and agreed to a standing instruction
- You must declare the intent for all recurring payments, either:
subscription
,instalment
orunscheduled
card on file - Sometimes referred to as Merchant Initiated Transaction (MIT)
MIT standing instructions:
intent | Description |
---|---|
subscription | An agreement to bill a customer for the ongoing consumption of goods and services at a fixed schedule (no longer than 1 year) and with no specified end date. |
instalment | An agreement to bill a customer on an ongoing basis for a single purchase of goods and service at a fixed schedule and with an agreed end date. |
unscheduled | An agreement to bill a customer on an ongoing basis with no fixed schedule, amount or end date. For example, topping up a pay-as-you-go account when an amount threshold is reached. |
Other variables
Usage flag:
- Determines whether the transaction is the first of a new CIT / MIT agreement or a subsequent transaction in an existing CIT/ MIT agreement
- All subsequent transactions must include a scheme reference
Scheme reference:
- A unique reference generated by a card scheme that is used to provide traceability to a first transaction. The customer was actively particpating at the point of authorization and authenticated.
- For Visa we map this to Visa Transaction ID (DE 62.2) and for Mastercard we map to Mastercard Trace ID (DE 48.63).
- A new scheme reference is generated for every subsequent transaction.
- We return the most recent scheme reference in the response to a successful CIT / MIT authorization.
We recommend using either the original scheme reference or the most recent.
How to ensure compliance
Our card on file resources flag all payments as CIT.
Our Recurring resources flag all payments as MIT. These resources are using the intent
field to specify if the MIT is for subscription
, instalment
or unscheduled
.
We identify a subsequent payment through the presence of the scheme reference. If a scheme reference is not present, we identify it as a first payment.
Using tokens
If you have created a verified token through us, we are managing the scheme reference on your behalf. If you have verified the token with another provider, you must update your Worldpay token with the scheme reference.
Using cards
Once you have completed an account verification, you can store the next actions links for a card on file authorization or a recurring authorization. These links contain the necessary scheme reference data allowing Worldpay to manage the scheme reference on your behalf.
You can choose to override the scheme reference we have stored for you by supplying it in the body of your request. This is particularly useful if you operate a multi-payment service provider strategy (If you wish to manage the scheme reference yourself you do not need to store the next actions links from the first CIT).
Next Steps
Take a recurring authorization
Take a card on file authorization