Contents
About COF Mandate
What is Stored Credential On File? (COF)
A stored credential is information (card number) that is stored by a Merchant or its Payment Service Provider to process future purchases for a cardholder.
Future COF transactions do not require the cardholder to be present or enter their payment credential information when they are making a purchase.
Currently the COF framework is applicable for Visa and MasterCard.
What is not Stored Credential On File?
When the transaction relates to the completion or fulfillment of the original order or service extends beyond the authorization validity limit (e.g. Split or delayed shipments), this transaction is not considered as COF.
Benefits of Identifying Transactions as a Stored Credential On File
Identifying stored credential transactions specifically, allows for differentiated treatment through the authorization approval process.
The results are:
• Greater visibility of transaction risk levels for card issuers
• Results in higher authorization approval rates and completed sales
• Fewer customer complaints and improved cardholder experience
In case of non-compliance, merchant's might experience decrease in authorization approval rates.
Stored COF transaction Overview
COF Terminology
Unscheduled Merchant Initiated Credential On File
Definition:
A transaction that:
- Uses a stored credential
- Does not occur on a scheduled or regularly occurring transaction date
- Cardholder has provided consent for the merchant to initiate one or more future transactions
- Transaction is for a fixed or variable amount
- Transaction dates are unknown
Example: Auto top up of digital wallet once balance has dropped under certain limit.
Unscheduled Cardholder Initiated Credential On File
Definition:
A transaction that:
- Uses a stored credential
- Represents a cardholder agreement with the merchant
- Does not occur on a fixed schedule
- Cardhohler is actively participating in the transaction
Example: One-click checkout, where at merchant's site customer logs in with username and password and does not have to re-enter payment credentials to finalize the payment.
Recurring
A transaction in a series of transactions that use a stored credential and that are processed at fixed, regular intervals (not to exceed one year between transactions), representing cardholder agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals.
Consent agreement provisions
Prior to storing credentials for future use, the merchant must establish an agreement with the cardholder, where cardholder approves storing and using customer’s credentials for future purchases by the merchant.
Credentials might be only stored if the initial transaction has been authorized and approved. The initial transaction should always contain the CVV value.
Basic Requirements for data, that must be present in the agreement:
• Truncated version of the stored credentials (i.e., last four digits of PAN)
• How the cardholder will be notified of any changes to the consent agreement
• The expiration date of the consent agreement, if applicable
• How the stored credential will be used
Additional Requirements if the cardholder is providing consent to the Merchant to initiate transactions using stored credentials:
• Cancellation and refund policies
• Location of merchant
• Transaction amount or how it will be calculated
• Convenience fee or surcharge (if permitted and applicable)
• The frequency (recurring) or event (unscheduled) that will prompt the transaction
Acquirer Support
Not all the Acquirers support COF mandate.
For the list of supported acquirers, please contact: helpdesk@computop.com
Technical requirements
In order to flag COF transactions correctly, merchants need to send correct values in Paygate parameters:
- RTF
I = Establishment of Recurring agreement, initial recurring transaction
R = Subsequent recurring transaction
E = Establishment of Credential on File agreement (cardholder agrees that his/her credentials can be stored for future purchases)
C = Unscheduled Cardholder initiated transaction using stored Credential on File
M = Unscheduled Merchant initiated transaction using stored Credential on File
- TransactionID
Value received in response to initial transaction (where RTF=E or I), representing Establishment of Credential on File agreement or Recurring agreement. When received in response to initial storage, this value shall be present in request parameter for all Visa Unscheduled COF, merchant initiated and Recurring subsequent transactions
Description of correct flagging:
Type of transaction | Initial transaction (Storage of COF) | Subsequent transaction | ||
|---|---|---|---|---|
Request | Response | Request | Response | |
Stored Credetial On File; Customer initiated | RTF=E | TransactionID* (optional) | RTF=C | |
Stored Credetial On File; Merchant initiated | RTF=E | TransactionID* (optional) | RTF=M; TransactionID* | TransactionID* |
Recurring payment | RTF=I | TransactionID* (optional) | RTF=R; TransactionID* | TransactionID* |
*TransactionID: Format: AN..56; Please note that for Network Token payments (e.g. Apple Pay, Google Pay) the TransactionID is mandatory for all Visa subsequent transactions. Transactions without this value are likely to be declined by the Issuing bank.
Visualisation of correct flagging
