We use cookies to better serve you
I AgreeMore InfoMore Info
1. Update to our Privacy Policy

Hi! We have updated our Privacy Policy to make sure you stay well informed about how we process personal data.

2. Cookie Policy

We place cookies in order to make sure our website works properly and to improve your browsing experience, to offer social media functionalities, to streamline and personalize our marketing content and to show you personalized advertisements (including on third party websites). We sometimes share cookie data with our partners for these purposes. Our cookies remember your settings and the data you fill out on forms on our website and analyze traffic to our website. Our cookies also register how you found us and collect information about your browsing habits. You can read more about our use of cookies and how we share data with our partners, and can change your settings on our Cookie Policy.

Stored-Credentials and how They Affect Your Business

What are stored credentials, what's their link to SCA, and what merchants need to consider

Learn more

Stored Credentials and SCA requirements

A lot of confusion is associated with recent regulations, which all fall under the objective to strengthen SCA (Strong Customer Authentication), and minimize fraud. As card-not-present transactions are consistently growing both online and offline, the need for added security for transactions is on a new rise. According to the European Central Bank, Card Not Present (CNP) fraud was recorded at 1.32 Billion Euros in 2016 and unlike ATM and POS related fraud, it was the only one on the rise compared with the data from the previous year (an increase of 2%). A study from Juniper Research estimates a loss for merchants of $130 between 2018 and 2023 resulting from CNP frauds. Card-not-present frauds give merchants a hard time both because they create an increase in chargebacks, and also because frauds effect shoppers behavior, drawing them away from CNP shopping, and ultimately reducing merchant's potential revenue.

What are Stored-Credentials (Card-on-File)?A stored credential is information such as a payment token or account number, which is stored by a payment provider/facilitator, merchant, or SDWO (Staged Digital Wallet Operators), and is saved for future purchases/payments.

What is not considered a stored credential? 
Stored credentials received by third parties are not considered stored credentials since they are not saved by the merchant. Another exemption for a stored credential is when credentials are stored for the purpose of completing a single transaction/purchase. E.g. when a user provides credentials to cover charges related to multiple payments connected to a single reservation.

Consumer Vs. Merchant Initiated Transactions

There are two categories of transactions relevant to our topic - a Consumer-Initiated Transaction(CIT) and a Merchant Initiated Transaction (MIT). An MIT stems from a CIT and relies on the original authentication of the latter. This also allows the MIT to be excluded from SCA requirements. Both types of transactions need to be addressed by merchants: A CIT occurs when a consumer is actively entering a payment process (transaction).   This can happen when either an in-store or online transaction is taking place. A CIT contains proof that the cardholder was involved in the transaction and that he voluntarily entered his credentials. 
An MIT is a transaction that stems from the original CIT but is conducted without the consumer present and without additional actions performed on his side. This can happen for a variety of transactions, the best examples would be a recurring payment (e.g. subscription) or an account top-up. 

What do you need to do to store credentials? 

In order to be able to store credentials, merchants are required to get a consent from the cardholder. A Consent needs to include the cardholder’s approval for the merchant to store his card’s information (last 4 digits).  Additionally, that consent will need to include complete information about the future use of the credentials and the merchant’s obligations to the user if anything is changed. (for a complete list of requirements please refer to the Visa website). 

When storing customers' card information for use in authorization, charge or credit requests, or when the information is stored for future transactions, the major card brands now require merchants to send the appropriate transaction indicators* (recurring, Merchant Initiated, etc.).

*Please check our documentation for more information.

Benefits of Transactions with Stored Credentials

Transactions identified as those with stored credentials are treated differently through the authorization approval process, resulting in:
• Greater visibility of transaction risk levels for issuers
• Higher transaction approval rates
• Improved customer experience thanks to a seamless, fluid checkout process. 
• Exclusion from SCA requirements (in MIT transactions which were originally authenticated).

The ability to store credentials benefits both merchants and consumers and creates a more fluid and safe marketplace with a reduced fraud risk.
If you are interested to learn more about how to reuse card information make sure to check our documentation.


Your payment stack is scattered


All your payment providers and methods connected and managed by you.


We’re here to help you get bigger with the switch
Read more.
Growing up is painless with
the switch by your side
We’re here to help you get
bigger and better using the switch





You may also be interested in...