How to store and reuse a customer's payment credentials compliantly for repeat purchases and recurring billing, and which Credential-On-File indicator to include on each transaction.
Contents
The Credential-On-File process is triggered when the cardholder authorizes the merchant to save the cardholder's payment information for one or more subsequent payments.
The information that can be saved as a token by the merchant is the credit card number and the expiration date. Data concerning credit card information must be saved in an environment complying with PCI-DSS standards.
Any transaction made with a token β whether stored at the merchant or in PayFacto's token vault β must include the Credential-On-File indicator.
The different types of Credential-On-File indicators are:
isCredentialOnFile
Used when, after obtaining the cardholder's consent, a transaction for a fixed or variable amount does not occur on a scheduled or regularly occurring transaction date, and is initiated by the merchant or by the cardholder.
isInstallment
Used when, according to a predefined agreement, the cardholder authorizes the merchant to initiate one or more future transactions over a predetermined period for a single purchase of goods or services.
isRecurring
Used when, according to a predefined agreement, the cardholder authorizes the merchant to initiate a series of transactions that are processed at a fixed interval, not exceeding one year between transactions.
isFirst
Interdependent on the isCredentialOnFile, isInstallment, and isRecurring indicators. Must be sent on the first transaction made with a token, including the account verification transaction.
Mutually exclusive options
isCredentialOnFile, isInstallment, and isRecurring are mutually exclusive β submit only one of the three on any given transaction.
For merchants using the automatic account verification service, the PayFacto system will automatically include the isCredentialOnFile and isFirst indicators in the initial account verification sent to the acquirer.
When processing a transaction made with a token β whether stored at the merchant or in PayFacto's token vault β the merchant must include at least one of the indicators in the transaction message via the request parameter TrxOption.
This requirement applies to purchase, pre-authorization, refund, and account verification transactions.
Initial transaction
Include two Credential-On-File indicators in the request parameters β isCredentialOnFile and isFirst:
Subsequent transaction
Include only the isCredentialOnFile indicator: