Credentials on File (Payment Pages)

The process of storing credentials for future use is known as Credentials on File (CoF).
Visa and Mastercard have mandated that you must obtain cardholder consent before storing card details for future use, and that these must be flagged at the time of the first authorisation, by including the credentialsonfile field in your POST to Trust Payments.
You must also flag any subsequent payments that are utilising previously-stored credentials, by including the credentialsonfile field in these requests.
Examples of situations where the CoF mandate applies:
- Processing an account check or authorisation request, where card details are to be re-used later.
- Processing a re-authorisation.
- Processing regular recurring payments.

Requests processed before the cut-off are not affected, but new requests after the cut-off must include the credentialsonfile field.

Benefits
Identifying transactions as using CoF provides the following advantages:
- Increases the likelihood of transaction authorisation and settlement.
- Greater transparency and improved experience from the customer’s perspective.
- Issuers are less likely to use the absence of a security code as a reason to decline a transaction.
Initial payment request including CoF
For customers processing a transaction for the first time on your site, you will need to include credentialsonfile=1 in the POST to Payment Pages, as shown in the following example:

<form method="POST" action="<DOMAIN>/process/payments/choice"> <input type="hidden" name="sitereference" value="test_site12345"> <input type="hidden" name="currencyiso3a" value="USD"> <input type="hidden" name="mainamount" value="100.00"> <input type="hidden" name="version" value="2"> <input type="hidden" name="stprofile" value="default"> <input type="hidden" name="credentialsonfile" value="1"> <input type="submit" value="Pay"> </form>
Replace <DOMAIN> with a supported domain. Click here for a full list.


If you are processing a new payment using previously-stored credentials, you will need to include credentialsonfile=2 in the new request.
Processing Merchant Initiated Transactions
Transactions processed by the merchant are called Merchant Initiated Transactions (MIT).
Visa mandate that you must provide a reason for processing MIT.

