Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


With Payment Service Directive 2 (PSD2) it's required that all credit card payments have to be authenticated by the customer using strong customer authentication (SCA). See 3-D Secure.

Of course, this is only possible if the end customer is also present at the time of payment and can carry out an SCA (like 3-D Secure 1.0 or 3-D Secure 2.x).

This is precisely not the case with subscription models and micropayments (virtual account / billing), since these are carried out in the absence of the customer. For this purpose, the model "cards on file" or "credentials on file" (CoF for short) is offered, with which such payments are specially marked and then excluded from the SCA. Likewise, the first, initial payment must be authenticated using SCA to meet the PSD2 guidelines.

CoF can also be used to speed checkout by first depositing a credit card for a customer and then referencing it for follow-up payments. This function has already been offered for a long time by the pseudo card number of the PAYONE Platform - but now CoF also makes it PSD2-compliant.

With CoF you may re-use a credit card number for recurring transactions where the customer can not proceed the SCA process. To do so the first initial payment process has to be authenticated via SCA and the customer has to be informed that his credit card number will be stored for subsequent payments, the purpose of payment and the amount that is expected.

CoF and PAYONE Platform

The PAYONE Platform already supports parameters for:

These parameters will be used for credit card payments to indicate whether the customer is present and the kind of use case that should be used.

Here an overview of different use cases with credit card payments

Use caseServer-API requestParams to set
Subscription / contract / abo
Initially create accesscreateaccess
  • no params for recurrence/ customer_is_present given

Initially create access - customer is present

  • recurrence=recurring
  • customer_is_present=yes
  • Merchant must inform customer that data will be stored
  • Initial payment will be authenticated via 3-D Secure

Initially create access - customer is not present

  • recurrence=recurring
  • customer_is_present=no
  • If the customer never agreed to a CoF before the payment will be declined
  • If the customer agreed to a CoF before the initial payment will be handled with CoF

Subsequent payments

handled automatically
  • subsequential payment will be handled with CoF
Micropayment / Billing / vauthorization

Get customer agreement for CoF

  • amount=1
  • recurrence=recurring or recurrence=oneclick
  • customer_is_present=yes
  • Merchant must inform customer that data will be stored
  • Customer has to agree to CoF
  • The amount must not be captured

Create Micropayment transactions

  • recurrence=recurring
  • customer_is_present=no

Table of Contents