Seamless shopping experiences are made possible by card on file payments. This technology lies at the heart of most new business models – from subscriptions to retail to mobility. Card on file payments have become quite popular today, driven by consumer demands for speed, security, and flexibility. Card on file helps in faster, easier payments across multiple channels, leading to a richer shopping experience and more secure payments.
So, what is card on file?
In simple words, card-on-file is when a business stores a user’s card data with their consent. These saved details can then be reused for future payments, leading to faster checkouts. This ensures the consumer has a seamless and smooth checkout, with minimal clicks and stops. Card on file payments have become especially favoured in the faster checkouts offered by many digital businesses.
Card on file payments can be two types:
- Customer-initiated – when a customer selects the previously stored card data to pay for their purchase, without having to enter their card details again. This is commonly used in one-click payments. However, customer-initiated card on file payments must be authenticated using 3D Secure or CVV/CVC codes.
- Merchant-initiated – when a merchant pulls money from a customer/ cardholder’s account, with their prior consent. These include subscription fees, account top-ups, or installments. For merchant-initiated card on file payments, there is no need to verify the cardholder’s identity every time a payment is collected.
One thing to note here – storing customer payment data requires a merchant to be PCI DSS compliant. Hence, if you want to use card on file payments you have to keep this in mind. Else, working with a PCI DSS compliant third-party payments partner is the next best option.
Card on file uses tokenization to encrypt and store customer card data and sensitive payment info. Tokenization is the process of creating unique digital tokens for each card number. These tokens are a set of randomly generated numbers that can be used in place of the actual card details. This ensures payment data is safe from hackers.
Where can you use card on file payments?
Card on file payments are popular across several business models, from subscriptions to mobility. Some common use cases are in:
- Subscriptions – card on file can be used to pay for subscriptions. A cardholder provides their prior consent to a business to periodically bill their card for a subscription service. Card on file can also be used to pay for additional services on top of the usual subscription.
- Ride Hailing / Food delivery – When a customer hails a ride or orders food online, the business can use the card data that is stored on file to initiate the transaction. Thus, customers don’t have to keep re-entering their card details every time they book a service.
- E-commerce & Retail – card on file allows e-commerce and retail businesses to offer a more unified, cross-channel shopping experiences to shoppers. Merchants can collect card details in one channel and use them in another channel and design faster, more seamless checkouts. For example, when a customer makes payment in-store, their card data is stored on file and can be used later for online purchases.
- BNPL – Card on file can be used for BNPL payments where the BNPL provider stores the customer’s card data on file and uses it to initiate transactions periodically, in agreed installments.
How to set up card on file payments?
There are a few steps involved in setting up card on file:
- Storing the card on file
- Making a customer-initiated card on file payment or a merchant-initiated card on file payment
- Updating (or removing) the card on file
To store a card-on-file, a merchant requires the cardholder’s consent. This can be done by:
- Customer makes a purchase and agrees to store the card-on-file for future transactions.
- Customer verifies their account by making a zero-amount transaction.
- Customer completes an in-person payment at a physical store.
Two things to note here:
- A business must be PCI DSS compliant or work with a PCI DSS complaint payments partner (like Novalnet) in order to store customers’ card data on file.
- CVV/ CVC codes cannot be stored on file by the business, as per PCI DSS norms.
When taking the cardholder’s consent, the agreement needs to cover the following:
- Details about the transaction, including a description of the goods/ services and the total billing amount.
- Details about the business, including its location and contact details.
- A shortened version of the stored credential (for example, the last four digits of a credit/ debit card).
- Details on how the stored credential will be used and the expiry date of the agreement.
- Details on how the cardholder can cancel the agreement.
Updating a card-on-file
Card-on-file data needs to be updated as cards expire or account details might change. This is necessary to avoid payments being declined. Also, any change to the card on file agreement (for example, when a cardholder/ customer upgrades to a premium plan from a basic subscription plan) requires the business to verify the cardholder’s identity again.
Removing a card-on-file
When storing card on file, a business needs to establish the terms of agreement. Including cancellation and refunds. When the time period mentioned in the agreement expires or if a cardholder wishes to cancel the agreement, the card on file cannot be used to process any transactions and must be removed.
How Can Novalnet Help?
Card on file can be great for business, but you must understand the nuances behind it before using it for your business. Your payment service provider can guide you in this process.
We can help you set up your card on file payments easily and offer you the best advice based on your business needs.
Novalnet is a global PSP, trusted by Europe’s leading brands to handle their payments. Our state-of-the-art technologies and methods help you accept payments globally. From our instant payment plug-ins to our AI-based risk management tools, we have the resources to get your payments up and running in no time, and with zero hassle.
Reach out to us today to know more.
Jose Augustine is the Chief Business Development Officer at Novalnet with extensive experience in European payment industry and a knowledge powerhouse.