Contents

Credentials on File (Payment Pages)

 

PAYMENT
stored credential is information (including, but not limited to, an account number or payment token) that is stored in order to process future transactions.

The process of storing credentials for future use is known as Credentials on File (CoF).

 

Visa and Mastercard have mandated that you must obtain cardholder consent before storing card details for future use, and that these must be flagged at the time of the first authorisation, by including the credentialsonfile field in your POST to Trust Payments.

You must also flag any subsequent payments that are utilising previously-stored credentials, by including the credentialsonfile field in these requests.

 

Examples of situations where the CoF mandate applies:

 

Calendar
This mandate came into effect on 30th April 2018.

Requests processed before the cut-off are not affected, but new requests after the cut-off must include the credentialsonfile field.

Info
While this is only mandated by Visa and Mastercard, you can still submit these values in all your requests, and we will ignore them for other payment types.

 


 

Benefits

Identifying transactions as using CoF provides the following advantages:

 


 

Initial payment request including CoF

For customers processing a transaction for the first time on your site, you will need to include credentialsonfile=1 in the POST to Payment Pages, as shown in the following example:

Warning
It is imperative that the credentialsonfile field is also included in the string used to generate your request site security hash. Failure to do so will result in the customer being shown an “Invalid details” error message.

 


<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="currencyiso3a" value="USD">
<input type="hidden" name="mainamount" value="100.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="credentialsonfile" value="1">
<input type="submit" value="Pay">
</form>

Replace <DOMAIN> with a supported domain. Click here for a full list.

 

Warning
If an error occurs (errorcode is not “0”), the credential cannot be considered a stored credential, and you must not use these card details in any subsequent payments.
External
Returning customers

 

If you are processing a new payment using previously-stored credentials, you will need to include credentialsonfile=2 in the new request.

 

 


 

Processing Merchant Initiated Transactions

Transactions processed by the merchant are called Merchant Initiated Transactions (MIT).

Visa mandate that you must provide a reason for processing MIT.

 

Warning
This does not apply to Customer Initiated Transactions (CIT).
External
Refer to the following resources to learn more: