Ryft's stored payment methods are aligned with the industry standards terminology of Credentials on File (CoF), which allows merchants to securely store their customers' payment details for future transactions, enhancing the customer experience by enabling quicker checkouts.
A CoF transaction is initiated when a merchant uses previously stored payment credentials to process a payment on behalf of a customer. This is particularly useful for scenarios such as subscription services, recurring billing, or any situation where a customer authorizes a merchant to charge their payment method at a later date.
There are two primary types of CoF transactions:
- Customer-Initiated Transactions (CIT): These occur when a customer is present and authorizes a payment using their stored credentials, such as during a repeat purchase on an e-commerce site.
- Merchant-Initiated Transactions (MIT): These occur when a merchant charges a customer's stored payment method without the customer being present, typically for recurring billing or subscription services.
In a Customer-Initiated Transaction (CIT) scenario, the customer is actively present and provides explicit consent for the payment at the time of purchase. This is the standard model for most transactions, whether the customer enters a new card number or uses a saved one.
A CIT can be classified into two ways when dealing with Card-on-File (CoF) or stored payment details:
- Initial CIT (Card Saving): This is the very first transaction where the customer enters their card details and, crucially, grants the merchant permission to store those details for future use.
- Subsequent CIT (Using a Saved Card): This occurs when the customer returns, is present, and chooses to use their previously saved card to initiate a new transaction.
The merchant's responsibility in all CITs is to ensure the transaction is secure and compliant with all relevant regulations. Merchants must also ensure they have obtained proper consent from customers to store and use their payment information for subsequent transactions.
Merchant-Initiated Transactions (MITs) are charges where the merchant's system initiates the payment using stored credentials without the customer being actively present or providing explicit consent at the time of the transaction. This is often referred to as a "mandate" transaction.
This model is common in:
- Recurring Payments: For services with a fixed schedule (e.g., monthly subscriptions).
- Unscheduled Payments: For charges made on an as-needed basis under specific, pre-agreed conditions (e.g., topping up an account balance).
For an MIT to be compliant, the customer must have previously agreed to allow the merchant to charge their payment method at regular intervals or under specific conditions.
MITs require a higher level of security and compliance than standard transactions, as they involve charging a customer's payment method without their immediate authorisation. Merchants must ensure they:
- Have clear, auditable consent from customers for the terms of the MIT.
- Adhere to all relevant regulations and rules set by card networks and payment processors for proper transaction flagging and management.
The key difference between the two types of CoF transactions lies in how 3D Secure (3DS) authentication is handled:
- CIT: Requires 3DS authentication for each transaction, as the customer is actively involved in the payment process. This typically results in a liability shift, offering the merchant protection against most fraud-related chargebacks.
- MIT: Does not require 3DS authentication for each transaction, as the customer has already provided consent for the merchant to charge their stored payment method for future transactions. Consequently, the merchant usually retains the liability for any fraud-related chargebacks.