COF - Introduction
What is credential-on-file?
A credential-on-file (COF) transaction is a card transaction where the cardholder allows the merchant to store the card credentials permanently for future usage.
Such transactions and the storage of the credentials are regulated by the card schemes (e.g. Visa, Mastercard) and have to follow some rules.
The main purpose of these rules is to enable an easy identification of credential's storage and its further use in subsequent transactions. This will ensure more appropriate processing of payment transactions, better authorization approval rates and increase in number of successfully completed commercial orders.
Consent
Prior to storing any payment card related credentials a merchant or its agent, payment facilitator or staged digital wallet operator have to establish a consent with the cardholder.
Flagging of credential-on-file transactions
Each transaction using credential-on-file has to be flagged correctly in the payment transactions sent to the card schemes.
It will be distinguished between cardholder initiated transactions (CIT) and merchant initiated transactions (MIT).
Even if the credentials are stored and don't have be provided again, cardholder initiated transactions will always be triggered by the cardholder, e.g. shopping with a One-Click payment account.
Merchant initiated transactions will always be triggered by the merchant and don't require the cardholder to be available, e.g. subsequent payments in a subscription model.
In addition to the initiator of the transaction it has to be flagged if a payment transaction is the initial one using the credential-on-file or a subsequent one. Subsequent payment transactions have to reference the initial transaction.