**Last updated**: 14 November 2025 | [**Change log**](/products/payments/changelog/) # Use a stored card Enterprise SMB (Worldpay eCommerce) Use a previously stored card to send a [`payments`](/products/payments/openapi/) request. This is for Customer Initiated Transactions (CIT) only. Additionally, to collect the CVC value, use the Checkout SDK to create a `cvc session` and maintain a low PCI burden. The request must contain: ```JSON "customerAgreement": { "type": "cardOnFile", // used to indicate the customer has agreed to storing their card (CIT) "storedCardUsage": "subsequent" // subsequent payment } ``` If [PSD2/SCA or other regional mandates apply](/products/3ds-sca-exemptions#when-sca-applies) you should follow the steps for [enabling 3DS](/products/payments/enable-features/3ds-authentication) ## 1. Integration type Use a `Worldpay Token` or `Network Token` and optionally provide the `CVC` in the API or use our PCI-compliant Checkout SDK to create a `cvc session`. br API only ## 2. Basic request Worldpay token Network token Network Token Creation Please note its not yet possible to create a Network Token as part of the Payments API flow. You can create a network token using a separate request to the [ Tokens API](/products/tokens/create-a-network-token). Automatic Cryptogram & Eci Provisioning If the `cryptogram` and `eci` are not provided the Payments API will automatically attempt to provision them. This will only be successful for Network Tokens created via Worldpay. For Network Tokens created via other gateways you must provide these. Checkout SDK Use the previously stored card and also use our Checkout SDK to create a `cvc session` to collect the CVC value. ## 2. Add the SDK & create a CVC session Web SDK Add JavaScript to your checkout Android SDK Set up your Android application iOS SDK Set up your iOS application React Native SDK Set up your React Native application ### Add the cvc session to the payment request This includes the `Worldpay token` href and the `Checkout CVC session` href. View the full API Request schema ## 3. Add additional features In most cases you will need to add some additional features such as 3DS, auto settlement or a risk assessment 3DS Authentication Perform 3DS authentication for liability shift and/or SCA compliance. An issuer based risk assessment with identity check. Enterprise Worldpay eCommerce SCA Exemptions Ask for an SCA Exemption to be applied automatically. Enterprise Risk Assessment We assess the payment for fraud before proceeding with authorization. Enterprise Worldpay eCommerce Auto Settlement Automatically settle a payment following the authorization. Enterprise Worldpay eCommerce Account Funding Transactions (AFT) Transfer funds from a card account to another destination, rather than for the provision of goods or services. Enterprise Financial Service (MCC 6012/6051) For domestic Financial Services providers (MCC 6012) based in the Visa Europe Region, you must supply this additional data. Enterprise Latin America Installments Fulfill a one-time installment charge, to allow the customer's acquirer bank collecting the payments over time. Enterprise Payment Facilitator Facilitate transactions on behalf of your sub-merchants. Enterprise MOTO transactions Take Mail Order/ Telephone Orders on behalf of your customers. Enterprise Worldpay eCommerce Account Updater Automatically update card details to prevent declines due to expired or changed cards. Enterprise Pay via AI Agent (Delegate Token) - Preview OpenAI's instant checkout using Agentic Commerce Protocol (ACP) Enterprise ## 4. Response Features that change the API flow Certain features add additional requests and responses: - [3DS](/products/payments/enable-features/3ds-authentication) - you will receive a `201` - `3dsDeviceDataRequired` as well as the possibility of an issuer challenge - [FraudSight](/products/payments/enable-features/fraud-assessment) - you may receive a `201` - `fraudHighRisk` outcome, stopping the payment - [Auto Settlement](/products/payments/enable-features/auto-settlement) - automatic `202` - `sentForSettlement` following authorization. - If any of the AVS/CVC response riskFactors are marked as `notMatched` the payment will be `sentForCancellation` automatically by default but can be disabled. View the full API Response schema