What are stored credentials?
To make sure merchants use their customers’ details responsibly, Visa and Mastercard have introduced a new framework for the storing of card details and new rules for any associated transactions. This framework identifies stored credentials as Credentials on File (COF) and classifies the transaction that use them as either Consumer Initiated Transactions (CIT) or Merchant Initiated Transactions (MIT).
For backwards compatibility, the Gateway will try to automatically identify if a transaction is a Consumer Initiated Transaction or a Merchant Initiated Transaction from the value provided for the action, type and rtAgreementType fields.
You may also pass the initiator field in the request to force a classification. This can be used if the Gateway is unable to correctly determine the transaction. If, however, the requested classification is incompatible with the provided request fields then the transaction will fail with a responseCode of 66944 (INVALID INITIATOR).
The initiator field will be returned in the response with either the value passed in the request or the automatically identified value.
Credentials on File (CoF)
Credentials on File (CoF) is the process when the Consumer authorises you to store their credentials (including, but not limited to, an account number or payment token) for future transactions. This includes for future Recurring or Instalment payments and Unscheduled ad-hoc payments, where the Consumer does not need to enter their payment credentials again. These transactions must always be identified with the reason for storing or using the stored credentials and who initiated the transaction - Consumer (CIT) or Merchant (MIT).
Consumer Initiated Transactions (CIT)
Consumer Initiated Transactions (CIT) are any transaction where the Consumer is actively participating in the transaction. This can be either through a checkout experience online, via a mail order or telephone order, with or without the use of an existing stored credential.
A Consumer Initiated Transaction is one whose action field is one of PREAUTH, SALE or VERIFY and whose type is one of 1 (ECOM) or 2 (MOTO).
To indicate that the card details are to be stored as, or were stored as, Credentials on File then send the rtAgreementType field as one of the following values:
Merchant Initiated Transactions (MIT)
Merchant Initiated Transactions defined under this category are performed to address pre-agreed standing instructions from the Consumer for the provision of goods or services. The following transaction types are standing instructions transactions:
Industry-Specific Business Practice MIT
Merchant Initiated Transactions defined under this category are performed to fulfil a business practice as a follow-up to an original Consumer-Merchant interaction that could not be completed with one single transaction. Not every industry practice Merchant Initiated Transaction requires a stored credential, for example, if you store card details for a single transaction or a single purchase, it is not considered as a stored credential transaction. The following transaction types are industry specific transactions:
For more information about these type of transactions and how to flag them see section A 17 of the Gateway Integration Guide.