Are you aware of how VISA interprets and processes recurring transactions relating to stored credentials?
What are stored credentials anyway? VISA defines them clearly: "A stored credential is information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent, a payment facilitator, or a staged digital wallet operator to process future transactions." In the payment processing world, the perfect example of stored credentials is the MobiusPay Card Vault. Customers provide their card and billing details a single time and they are stored on our systems. The merchant never has to store these secure and private details. Through our streamlined platform, merchants are then able to process transactions on that card repeatedly without holding the raw billing data.
Stored credentials are becoming very popular, especially for online merchants that have clients who purchase frequently (think of mega giants like Amazon) and you also may recognize the use of stored credentials in "Freemium" online games that have micro billings and small charges. There is a wide range of potential applications for these types of transactions. A video-on-demand (VOD) platform can charge a monthly membership and bill an additional fee for a one-time digital download.
Previously, VISA considered these payments to be no different than any other transaction. They were processed basically the same way, risk assessed the same way, but it’s clear that these types of recurring transactions are different than a one-time charge. The inherent difference in a stored credential purchase is that there is a linked historical pattern related to them. The card processor can easily see that these transactions have been made and their trends. Every subsequent successful charge (in theory) reduces the risk related to subsequent charges.
To accomplish this change in policy, it is required that merchants appropriately categorize or label these transactions as stored credentials and recurring transactions according to the VISA guidelines. Furthermore, there are additional requirements when the card information is stored. Most importantly, merchants are required to overtly inform the cardholder that the card number is being stored for convenience and future transactions. Consent is requirement, and usually achieved by using a checkbox on the order form that is not pre-filled. Additionally, merchants must provide disclosure, notification, and get consent when the merchant's Terms are updated. It is then required to appropriately label the future transactions with specific codes related to the type of transaction (such as subscription, installment, merchant-initiated transaction, or a new purchase initiated by the cardholder). These unique transaction type codes are then provided to the gateway during those subsequent transactions.
Stored credentials can be used at the direction of the Cardholder or the Merchant. Cardholder-initiated Transactions (VISA calls these CITs) occur when the customer is activating a charge themselves directly. This might be as simple as pushing a button. Alternatively, Merchant-initiated transactions (An "MIT" in VISA lingo) is done autonomously by the merchant, perhaps as an automated monthly rebill by date, or topping up an account balance with funds or tokens. These MITs are based on standing instructions by the cardholder (which is why customer consent and notification of changes in merchant Terms is so important). Customers place a lot of trust in merchants related to stored credentials, and its vitally important to respect the cardholder to ensure that your business and merchant account not only survives but thrives as well.
VISA is intending to accomplish greater visibility of transaction risks, higher authorization approval rates (more sales for merchants), fewer customer complaints, and an overall better cardholder experience. While it might be a bit of a hassle to update the required elements to comply with this move, it’s clear that this will benefit merchants in the long term, as well as immediately out of the gate. We are always helping merchants ensure they are compliant and are taking full advantage of processing features to improve sales, it’s just part of the business consulting that is provided to all MobiusPay clients. So even if you don't quite understand or know what to do next, feel free to contact any of our representatives or email firstname.lastname@example.org.
Return to Blog