opinion

Opportunities for Stored Credit Card Credentials

Opportunities for Stored Credit Card Credentials

Are you aware of how Visa interprets and processes recurring transactions relating to stored credentials?

What are stored credentials anyway? Visa defines them clearly: “A stored credential is information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent, a payment facilitator or a staged digital wallet operator to process future transactions.”

A video-on-demand (VOD) platform can charge a monthly membership and bill an additional fee for a one-time digital download.

Stored credentials are becoming very popular, especially for online merchants that have clients who purchase frequently (think of mega giants like Amazon) and you also may recognize the use of stored credentials in “freemium” online games that have micro billings and small charges. There is a wide range of potential applications for these types of transactions.

A video-on-demand (VOD) platform can charge a monthly membership and bill an additional fee for a one-time digital download. Cam platforms can store the card once, and the member can easily bill their card quickly and on demand for any amount they want (perhaps when their favorite model is online, and they might not have both hands available to punch in a credit card number).

Previously, Visa considered these payments to be no different than any other transaction. They were processed basically the same way and risk-assessed the same way, but it’s clear that these types of recurring transactions are different than a one-time charge. The inherent difference in a stored credential purchase is that there is a linked historical pattern related to them. The card processor can easily see that these transactions have been made and their trends. Every subsequent successful charge (in theory) reduces the risk related to subsequent charges.

According to the Visa guidelines, it is required that merchants appropriately categorize or label these transactions as stored credentials and recurring transactions. Furthermore, there are additional requirements when the card information is stored. Most importantly, merchants are required to overtly inform the cardholder that the card number is being stored for convenience and future transactions. Consent is a requirement, and usually achieved by using a checkbox on the order form that is not pre-filled.

Additionally, merchants must provide disclosure, notification and get consent when the merchant’s terms are updated. It is then required to appropriately label the future transactions with specific codes related to the type of transaction (such as subscription, installment, merchant-initiated transaction or a new purchase initiated by the cardholder). These unique transaction type codes are then provided to the gateway during those subsequent transactions.

In the payment-processing world, a perfect example of stored credentials is the MobiusPay Card Vault. Customers provide their card and billing details a single time and they are stored on our systems. The merchant never has to store these secure and private details. Through our streamlined platform, merchants are then able to process transactions on that card repeatedly without holding the raw billing data.

Stored credentials can be used at the direction of the cardholder or the merchant. Cardholder-initiated transactions (Visa calls these CITs) occur when the customer is activating a charge themselves, directly. This might be as simple as pushing a button. Alternatively, merchant-initiated transactions (an “MIT” in Visa lingo) is done autonomously by the merchant, perhaps as an automated monthly rebill by date, or topping up an account balance with funds or tokens.

These MITs are based on standing instructions by the cardholder (which is why customer consent and notification of changes in merchant terms is so important). Customers place a lot of trust in merchants related to stored credentials, and it’s vitally important to respect the cardholder to ensure that your business and merchant account not only survives but thrives as well.

Visa is intending to accomplish greater visibility of transaction risks, higher authorization approval rates (more sales for merchants), fewer customer complaints and an overall better cardholder experience. While it might be a bit of a hassle to update the required elements to comply with this move, it’s clear that this will benefit merchants in the long term.

We are always helping merchants ensure they are compliant and are taking full advantage of processing features to improve sales, it’s just part of the business consulting that is provided to all our clients. So even if you don’t quite understand or know what to do next, ask your merchant processor to help.

Jonathan Corona has 15 years of experience in the electronic payments industry. As MobiusPay’s EVP, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., E.U. and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
Show More