Credentials on File

Credentials On File

HostedPCI supports the implementation of Credentials on File to help further secure transactions. This feature allows merchants to reduce the chances of chargebacks and will result in higher acceptance rates of authorized transactions. The Credential on File mandate, also known as MIT Framework, was first introduced by Visa back in 2018 and has since then also been implemented by Mastercard. This mandate further protects your customer from fraudulent transactions by informing the Issuing bank that the transaction is authentic and the customer approves the relation with the Merchant.

HPCI Credentials on FIle Slow

Credential on File works in a two-step process; Customer Initiated Transaction(CIT) and Merchant Initiated Transactions (MIT). The Customer Initiated Transaction is the original transaction where the Issuer ID is generated and stored. The CVV is always required on the first transaction in order to initiate the process. All future transactions processed using the Issuer ID and credit card credentials are referred to as the Merchant Initiated Transaction. The CVV is then no longer required and the Issuer ID will be used to authenticate the credit card. Once the Merchant is provided with the IssuerID, they have the ability to store that along with the credit card credentials to issue recurring transactions.

What is HostedPCI’s role with the Credentials on File feature?

HostedPCI’s integration helps with the safekeeping of the payment data collected. Once the gateway has returned the issuer ID, HostedPCI will store it alongside the credit card number in the merchant’s vault. The merchant then has the option of retrieving this data from their HostedPCI and sending it themselves within the payment request or HostedPCI can grab it from the vault along with the credit card and send it directly to the payment gateway when a transaction is sent.

This feature can be used alongside fraud detection methods such as 3DS 2.0. In Europe, Credentials on File must be implemented with 3D Secure 2.0 authorization as a requirement.

Please fill out the form below

This contact form is deactivated because you refused to accept Google reCaptcha service which is necessary to validate any messages sent by the form.