Are you aware of how Visa interprets and processes recurring transactions relating to stored credentials?
What are stored credentials anyway? Visa defines them clearly: “A stored credential is information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent, a payment facilitator or a staged digital wallet operator to process future transactions.”
A video-on-demand (VOD) platform can charge a monthly membership and bill an additional fee for a one-time digital download.
Stored credentials are becoming very popular, especially for online merchants that have clients who purchase frequently (think of mega giants like Amazon) and you also may recognize the use of stored credentials in “freemium” online games that have micro billings and small charges. There is a wide range of potential applications for these types of transactions.
A video-on-demand (VOD) platform can charge a monthly membership and bill an additional fee for a one-time digital download. Cam platforms can store the card once, and the member can easily bill their card quickly and on demand for any amount they want (perhaps when their favorite model is online, and they might not have both hands available to punch in a credit card number).
Previously, Visa considered these payments to be no different than any other transaction. They were processed basically the same way and risk-assessed the same way, but it’s clear that these types of recurring transactions are different than a one-time charge. The inherent difference in a stored credential purchase is that there is a linked historical pattern related to them. The card processor can easily see that these transactions have been made and their trends. Every subsequent successful charge (in theory) reduces the risk related to subsequent charges.
According to the Visa guidelines, it is required that merchants appropriately categorize or label these transactions as stored credentials and recurring transactions. Furthermore, there are additional requirements when the card information is stored. Most importantly, merchants are required to overtly inform the cardholder that the card number is being stored for convenience and future transactions. Consent is a requirement, and usually achieved by using a checkbox on the order form that is not pre-filled.
Additionally, merchants must provide disclosure, notification and get consent when the merchant’s terms are updated. It is then required to appropriately label the future transactions with specific codes related to the type of transaction (such as subscription, installment, merchant-initiated transaction or a new purchase initiated by the cardholder). These unique transaction type codes are then provided to the gateway during those subsequent transactions.
In the payment-processing world, a perfect example of stored credentials is the MobiusPay Card Vault. Customers provide their card and billing details a single time and they are stored on our systems. The merchant never has to store these secure and private details. Through our streamlined platform, merchants are then able to process transactions on that card repeatedly without holding the raw billing data.
Stored credentials can be used at the direction of the cardholder or the merchant. Cardholder-initiated transactions (Visa calls these CITs) occur when the customer is activating a charge themselves, directly. This might be as simple as pushing a button. Alternatively, merchant-initiated transactions (an “MIT” in Visa lingo) is done autonomously by the merchant, perhaps as an automated monthly rebill by date, or topping up an account balance with funds or tokens.
These MITs are based on standing instructions by the cardholder (which is why customer consent and notification of changes in merchant terms is so important). Customers place a lot of trust in merchants related to stored credentials, and it’s vitally important to respect the cardholder to ensure that your business and merchant account not only survives but thrives as well.
Visa is intending to accomplish greater visibility of transaction risks, higher authorization approval rates (more sales for merchants), fewer customer complaints and an overall better cardholder experience. While it might be a bit of a hassle to update the required elements to comply with this move, it’s clear that this will benefit merchants in the long term.
We are always helping merchants ensure they are compliant and are taking full advantage of processing features to improve sales, it’s just part of the business consulting that is provided to all our clients. So even if you don’t quite understand or know what to do next, ask your merchant processor to help.
Jonathan Corona has 15 years of experience in the electronic payments industry. As MobiusPay’s EVP, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., E.U. and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.
