Last Updated: 23 October 2024 | Change Log

Take repeat payments - A stored credential overview

What is a stored credential?

A stored payment credential is payment instrument information (typically a card number and expiry date). It is saved by you (merchant, payment faciliator, stored digital wallet operator) or Access Worldpay to carry out future payments. This means that your customer does not have to enter card details again when making subsequent purchases which reduces friction in the payment experience.

What is the stored credential mandate?

The growth of digital commerce and the rise in business models suited to that environment has led to an increase in the number of transactions using card details that have been stored.

Furthermore you are increasingly able to submit payments for authorization when the customer is not actively participating. This results in more authorizations which don't have any customer authentication data (for example 3DS and CVC).

The schemes have responded by introducing a series of new indicators and processes.

To ensure compliance with the stored credential mandate you must:

  • Inform customers how their stored payment credentials will be used
  • Obtains explicit permission from your customers to store the payment credentials
  • Notify customers about any changes to terms of use
  • Identify the payment with the appropriate indicators
Note

The stored credentials mandate is currently supported for Visa and Mastercard.

What’s the benefit of stored payment credentials?

The purpose of the stored credential mandate is to provide greater clarity into payments that use stored credentials, resulting in:

  • Higher authorization rates
  • Enhanced customer experience leading to fewer complaints
  • Better assessment of payment risk by issuers resulting in fewer chargebacks

What types of transactions use stored payment credentials?

There are two types of stored payment credential transactions:

Card on file payments:

  • The customer is actively particpating in making a payment at the point of authorization using card details you have previously stored/ intend to store
  • Does not follow a schedule
  • Requires explicit permission from the customer to store the card on their account for use in a “one-click” model
  • Sometimes referred to as Customer Initiated Transactions (CIT)

Recurring payments:

  • A transaction that is triggered by a process when your customer is not actively participating at the point of authorization
  • Can only be performed as a follow up from an original card on file payment when your customer was authenticated and agreed to a standing instruction
  • You must declare the intent for all recurring payments, either: subscription, instalment or unscheduled card on file
  • Sometimes referred to as Merchant Initiated Transaction (MIT)

MIT standing instructions:

intentDescription
subscriptionAn agreement to bill a customer for the ongoing consumption of goods and services at a fixed schedule (no longer than 1 year) and with no specified end date.
instalmentAn agreement to bill a customer on an ongoing basis for a single purchase of goods and service at a fixed schedule and with an agreed end date.
unscheduledAn agreement to bill a customer on an ongoing basis with no fixed schedule, amount or end date. For example, topping up a pay-as-you-go account when an amount threshold is reached.

Other variables

Usage flag:

  • Determines whether the transaction is the first of a new CIT / MIT agreement or a subsequent transaction in an existing CIT/ MIT agreement
  • All subsequent transactions must include a scheme reference

Scheme reference:

  • A unique reference generated by a card scheme that is used to provide traceability to a first transaction. The customer was actively particpating at the point of authorization and authenticated.
  • For Visa we map this to Visa Transaction ID (DE 62.2) and for Mastercard we map to Mastercard Trace ID (DE 48.63).
  • A new scheme reference is generated for every subsequent transaction.
  • We return the most recent scheme reference in the response to a successful CIT / MIT authorization.
Recommendation

We recommend using either the original scheme reference or the most recent.

How to ensure compliance

Our card on file resources flag all payments as CIT.

Our Recurring resources flag all payments as MIT. These resources are using the intent field to specify if the MIT is for subscription, instalment or unscheduled.

We identify a subsequent payment through the presence of the scheme reference. If a scheme reference is not present, we identify it as a first payment.

Using tokens

If you have created a verified token through us, we are managing the scheme reference on your behalf. If you have verified the token with another provider, you must update your Worldpay token with the scheme reference.

Using cards

Once you have completed an account verification, you can store the next actions links for a card on file authorization or a recurring authorization. These links contain the necessary scheme reference data allowing Worldpay to manage the scheme reference on your behalf.

You can choose to override the scheme reference we have stored for you by supplying it in the body of your request. This is particularly useful if you operate a multi-payment service provider strategy (If you wish to manage the scheme reference yourself you do not need to store the next actions links from the first CIT).


Next Steps

Take a recurring authorization
Take a card on file authorization