What are Credentials on File (CoF)?
Where a merchant wishes or requires to store card details for future use or use stored card details, this must be specified by submitting the credentialsonfile field in your Payment Pages POST, JS Library JWT, or Webservices API request. The process of storing card details (credentials) for future use is known as Credentials on File (COF).
Visa and Mastercard have mandated that you must obtain cardholder consent before storing card details for future use, and requests for authorisation must be flagged to indicate where details are stored and/or where stored details are used, by submitting the credentialsonfile field in your requests.
Card details can be stored for the purpose of allowing returning cardholders to select a stored card and/or for the purpose of processing subsequent recurring payments and/or Merchant Initiated Transactions (MIT).
Storing card details
-
Cardholder agrees to the storage of card details and the merchant submits Payment Pages POST, JS Library JWT or Webservices API request including the credentialsonfile field with the value "1" (storing card details).
In addition to agreeing to store their card details, the cardholder must also explicitly agree for their card details to be used for the purpose of processing subsequent recurring payments and/or Merchant Initiated Transactions (MIT) where required.
-
The cardholder enters their card details into the Payment Pages or JS Library form.
-
Where successfully authorised, the merchant stores the transactionreference value returned in their Payment Pages or JS Library JWT response to use as the parenttransactionreference in subsequent transactions using stored credentials.
Using stored card details
Not supported on Payment Pages.
-
The cardholder selects their stored card details to be used.
-
The merchant submits JS Library JWT, or Webservices API request including the credentialsonfile field with the value "2" (using stored card details).
Technical Resources
- Customer Initiated Transactions (CIT) from stored credentials via JS Library or Webservices API
- Processing Recurring payments
- Processing Merchant Initiated Transactions (MIT)
Examples of using CoF and MIT in requests
Please refer to the table below for valid combinations of the CoF and MIT values to be included when processing transactions:
| Initiator | Use case | CoF value | MIT value |
| Customer | Payment where card details are to be stored for future payments | 1 | Don’t send |
| Customer | Payment using stored card details | 2 | Don’t send |
| Merchant | Previously agreed regular subscription payments using stored card details | 2 | Don’t send |
| Merchant | Re-authorisation due to a previous authorisation expiring, using stored card details | 2 | A |
| Merchant | Unscheduled payment using stored card details | 2 | C |
| Merchant | Delayed charge using stored card details | 2 | D |
| Merchant | Re-submission of a previously declined authorisation, using stored card details | 2 | S |
| Merchant | Payment where the customer is charged for not showing up for a reservation, using stored card details | 2 | X |
