locker on the laptop

Credentials on File

Visa and Mastercard Regulation on Stored Credential-on-File in E-Commerce

Stored Credential-on-File (COF) involves storing card data or tokens of a cardholder in e-commerce in order to reuse them for future transactions. This functionality is also known as one-click shopping.

As a result of the increased prevalence of this function in online retailing and for security reasons, in addition to the Visa and Mastercard stipulations, various legislative regulations for customer authentication have also been enacted (e.g. PSD2 guidelines).

What do you need to do as an online merchant?

If you offer your customers COF payments, as of November 2018, as an online merchant you are obliged to seek the approval of the cardholder (new customers) on the following points and to notify them of the following:

  • Confirmation of the stored card number
  • Notification of the purpose of card data use
  • Evidence from the retailer that the cardholder has been notified of all changes (e.g. adjustment of the general terms and conditions of business)

What does this mean for your payment solution?

Your payment service provider is obliged to carry out the adjustments to the payment solutions. All payment service providers have already been informed at an early stage by the acquirers with regard to the requirements of the card organisations.

What does this mean for processing COF payments?

As an acquirer, Worldline will not be permitted to process any transactions that do not meet the requirements outlined above as of November 2018.

If you have any technical queries, please contact your payment service provider.

Should you have any questions, please do not hesitate to contact our support team.