With UBC’s Digital Payment Program to replace ePayment launched, all ePayment onboarding requests will be redirected to DPP

Learn more

You are here:
Home > Virtual Terminal > Requirements > Visa Stored Credential - New Compliance Mandate effective October 14, 2017

Visa Stored Credential - New Compliance Mandate effective October 14, 2017

Please be advised that this is only applicable to transactions processed from stored credit card information subject to the ePayment Procedures for Collecting, Processing and Disposing Cardholder Data guidelines

Visa Stored Credential Transaction Framework

Visa recently introduced the new Stored Credential Transaction Framework for merchant-initiated transactions and cardholder-initiated transactions. The terms and conditions of your Moneris merchant agreement requires compliance with all Card Brand Rules and Regulations. The Framework forms part of the Visa Rules.

The Framework defines rules and requirements for initial storage and subsequent use of payment credentials. Effective October 2017, Visa requires merchants and their third-party agents, payment facilitators, or stored digital wallet operators that offer cardholders the opportunity to store their credentials on file must:

 Disclose to cardholders how those credentials will be used.
 Obtain cardholders’ consent to store the credentials.
 Notify cardholders when any changes are made to the terms of use.
 Inform the issuer via a transaction that payment credentials are now stored on file.
 Identify transactions with appropriate indicators when using stored credentials.

Visa defines a stored credential as information (including, but not limited to, an account number or payment token) that is stored by a merchant or its agent, a Payment Facilitator or a Staged Digital Wallet Operator to process future purchases for a cardholder (also known as credential-on-file).

Cardholder Consent

The Framework requires that prior to storing credentials for future use, merchants must establish a consent agreement with the cardholder. This agreement must include:
 A Truncated version of the stored credential (last four digits of the card or account number)
 How the cardholder will be notified of any changes to the consent agreement
 The expiration date of the consent agreement (if applicable)
 How the stored credential will be used

The agreement must be retained for the duration of the consent and may be requested by Visa at any time.

Credential-on-File Transaction Types

Stored credential transactions can fall into one of the two following categories.

Merchant-initiated transactions such as:
- Installment Payments: A transaction in a series of transactions that use a stored credential and that represent cardholder agreement for the merchant to initiate one or more future transactions over a period for a single purchase of goods or services
Example: A furniture retailer allows a cardholder to pay for goods purchased in installments over a pre-agreed period of time.
- Recurring Payments: Multiple transactions processed at predetermined intervals not to exceed one year between transactions, representing an agreement between a cardholder and a merchant to purchase goods or services provided over a period of time
Example: A magazine publisher charges cardholder for a monthly subscription.

Cardholder-initiated transactions such as:
- A transaction initiated by a cardholder for a subsequent purchase using a stored credential based on an existing consent agreement
Example: A customer conducts a single online retail purchase transaction using previously stored credit card information.
Merchants will be required to identify the type of transaction (recurring, installment or cardholder-initiated) and whether the transaction was an initial purchase or subsequent purchase.

Potential Merchant Impacts

Some development may be required in order for merchants to fully comply with the Stored Credential Transaction Framework.

Merchants not storing customer payment credentials will not be required to make any technical changes.

For more information on the Stored Credential Transaction Framework, please review information made available by Visa on the subject at: https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-cred....

Do I need to obtain a new consent agreement for existing customers that I already have an agreement with?

No, the new consent requirements are only applicable for new credentials stored from the official implementation date of 14th October 2017. However, you can start doing this right away if you prefer. Existing agreements don’t need to be updated.

More information can be found here: https://epayment.it.ubc.ca/virtual-terminal/requirements/visa-stored-inf...

A place of mind, The University of British Columbia

UBC Information Technology
6356 Agriculture Road
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia