Introduction

This article provides important information regarding the frameworks introduced by Visa and Mastercard for Merchant-Initiated Transactions (MIT) and Credential-on-File (COF) transactions. It outlines the requirements, key takeaways, and necessary actions for merchants to ensure compliance and benefit from higher authorization rates. The article is intended for merchants integrating with Visa Acceptance Solutions, including Cybersource, and applies to all commerce server integrations such as cartridges, modules, and plugins.

What's the Important News?

Visa introduced a framework for Merchant-Initiated Transactions (MIT) to identify transaction intent and cardholder participation in a transaction. Any transaction initiated by a merchant as a follow-on to an initial Cardholder-Initiated Transaction (CIT) must follow the MIT framework to benefit from higher authorization rates and successful processing of subsequent MITs.

Visa also announced requirements for its Stored Credentials framework to identify the initial storage and subsequent use of payment credentials by merchants. Following the authorization rules defined as part of the framework for all Credential-on-File (COF) transactions is expected to result in higher authorization approval rates.

Compliance with the Stored Credentials framework is also required for merchants to benefit from participation in Real Time Visa Account Updater. Real Time Account Updater enables merchants to receive updated card information as part of the authorization message in real time.

In late 2021, Mastercard revised its MIT framework to include eight use cases, similar to the Visa MIT framework but with some differences. Visa released its MIT framework mandate in 2017. Previously, Mastercard required only the COF indicator to comply with its Stored Credential mandate. In the European Union, the Mastercard Trace ID, also known as the transaction ID, was also required for all subsequent transactions.

Key Takeaway

Both mandates require merchants to upgrade their integrations with Visa Acceptance Solutions, including Cybersource. This requirement also applies to commerce server integrations, such as cartridges, modules, and plugins.

Important

The information provided herein addresses the steps we are taking in response to the relevant mandate. Your organization is independently responsible for its compliance with the mandate and it is incumbent on your organization to review any requirements of the mandate that may apply to it, which may include requirements not addressed by our changes outlined herein.

For details, refer to the files under Attachments (below) containing:

• MC CIT MIT Framework 2023.12 (1).pdf
• Tokenization and RB MIT COF FAQ_v7.pdf
• Online Support Article MIT COF all brands V6.pdf

Potential Client Questions

• What is a Merchant-Initiated Transaction (MIT)?
  • An MIT is any transaction initiated by a merchant as a follow-on to an initial Cardholder-Initiated Transaction (CIT). It must follow the MIT framework to benefit from higher authorization rates and successful processing of subsequent MITs.
• What is the Stored Credentials framework?
  • It is a framework announced by Visa to identify the initial storage and subsequent use of payment credentials by merchants. Compliance with this framework is expected to result in higher authorization approval rates for all Credential-on-File (COF) transactions.
• What is Real Time Visa Account Updater?
  • Real Time Visa Account Updater enables merchants to receive updated card information as part of the authorization message in real time. Compliance with the Stored Credentials framework is required to benefit from this service.
• How does the Mastercard MIT framework differ from Visa's?
  • In late 2021, Mastercard revised its MIT framework to include eight use cases, similar to the Visa MIT framework but with some differences. Visa released its MIT framework mandate in 2017.
• What was previously required for Mastercard's Stored Credential mandate?
  • Previously, Mastercard required only the COF indicator to comply with its Stored Credential mandate. In the European Union, the Mastercard Trace ID (also known as the transaction ID) was also required for all subsequent transactions.
• What action do merchants need to take?
  • Merchants must upgrade their integrations with Visa Acceptance Solutions, including Cybersource. This requirement also applies to commerce server integrations such as cartridges, modules, and plugins.
• Is my organization fully covered by Visa's compliance changes?
  • No. Your organization is independently responsible for its compliance with the mandate and must review any requirements of the mandate that may apply to it, which may include requirements not addressed by Visa's changes.