Storing payment credentials for tokenization
You can use our JavaScript Library to allow returning customers to process payments on your app without the need to re-enter all of their card details. Not only does this lead to faster and easier payments for your customers, your business also benefits from not needing to store sensitive card numbers (this can simplify your PCI accreditation process).
This process is called Tokenization.

But if preferred, tokenization can also be performed on previous Authorisation requests, in which the customer has been charged, providing the requirements specified by the Credentials on File mandate have been met. To do this, you will need the transactionreference of the payment that you would like to repeat, then skip ahead to the Configuration for tokenized payment section of this document, found below.
Prerequisites
- Account Checks are only available for certain acquiring banks. Before you begin, please contact our Support Team and ensure your acquiring bank supports this functionality.
- Account Checks can only be performed for card-based payment methods.

Process overview





Configuration for storing of payment credentials
In order to store the customer’s payment credentials on the Trust Payments system and acquire a reference for use in future purchases, your system can process an Account check using our JavaScript Library.
Configure the JWT
You will need to ensure your JWT payload includes the following fields:
Field specification
Field | Format | Description | |
![]() |
credentialsonfile | Numeric (1) | This must be set to “1”, to indicate the customer agreed for the payment credentials to be stored for future transactions. See below for further information. |
![]() |
requesttypedescriptions | List | This must be set to [“ACCOUNTCHECK”]. |


{"payload":{"accounttypedescription":"ECOM","baseamount":"1050","currencyiso3a":"GBP","sitereference":"test_site12345","credentialsonfile":"1","requesttypedescriptions":["ACCOUNTCHECK"]},"iat":1559033849,"iss":"jwt.user"}
About Credentials on File

The process of storing credentials for future use is known as Credentials on File (CoF).

Identifying transactions as using CoF provides the following advantages:
- Increases the likelihood of transaction authorisation and settlement.
- Greater transparency and improved experience from the customer’s perspective.
- Issuers are less likely to use the absence of a security code as a reason to decline a transaction.
Handling the response
After the request has been processed, you will receive a single response JWT that contains the response to the ACCOUNTCHECK request:
- Ensure that the errorcode value returned is “0”, indicating success. (You must not store credentials if an error has occurred)
- Check the values returned in the securityresponseaddress, securityresponsepostcode and securityresponsesecuritycode fields. Click here for further information on these checks and only proceed if business requirements have been satisfied.
Following successful tokenization, you can store the transactionreference in your records. This will be needed later in order to process a new payment with the stored payment credentials. You can also store the last four digits of the maskedpan and paymenttypedescription for purposes of displaying to returning customers when they are choosing their payment method for their next purchase.
Configuration for tokenized payment
Update your payment form
First, you will need to update your payment form to include the additional field fieldsToSubmit.
fieldsToSubmit requires a list containing the value “securitycode”.

We have provided an example below as a reference:
<html> <head> </head> <body> <div id="st-notification-frame"></div> <form id="st-form" action="https://www.example.com" method="POST"> <div id="st-security-code" class="st-security-code"></div> <button type="submit" id="st-form__submit" class="st-form__submit"> Pay securely </button> </form> <script src=<DOMAIN>/js/v3/st.js></script> <script> (function() { var st = SecureTrading({ jwt: 'INSERT YOUR JWT HERE', fieldsToSubmit: [‘securitycode’] }); st.Components(); })(); </script> </body> </html>
Configure the JWT
You will also need to ensure your JWT payload includes the following fields:
Field specification
Field | Format | Description | |
![]() |
credentialsonfile | Numeric (1) | This must be set to “2”, to indicate the new transaction is using previously-stored credentials. |
![]() |
parenttransactionreference | Alphanumeric & hyphens (25) |
Submit the transaction reference of the previous request from which the card details will be inherited. |
![]() |
requesttypedescriptions | List | This will need to contain at least the following request types: [“THREEDQUERY”,”AUTH”] Click here to learn more. |
{"payload":{"accounttypedescription":"ECOM","baseamount":"1050","currencyiso3a":"GBP","sitereference":"test_site12345","parenttransactionreference":"1-2-345","credentialsonfile":"2","requesttypedescriptions":["THREEDQUERY","AUTH"]},"iat":1559033849,"iss":"jwt.user"}